diff --git a/2014/125xxx/CVE-2014-125036.json b/2014/125xxx/CVE-2014-125036.json
index 991d59c4453..e29cb26ead4 100644
--- a/2014/125xxx/CVE-2014-125036.json
+++ b/2014/125xxx/CVE-2014-125036.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The name of the patch is ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
- "value": "Eine problematische Schwachstelle wurde in drybjed ansible-ntp entdeckt. Davon betroffen ist unbekannter Code der Datei meta/main.yml. Mittels Manipulieren mit unbekannten Daten kann eine insufficient control of network message volume-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Patch wird als ed4ca2cf012677973c220cdba36b5c60bfa0260b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+ "value": "Eine problematische Schwachstelle wurde in drybjed ansible-ntp entdeckt. Davon betroffen ist unbekannter Code der Datei meta/main.yml. Mittels Manipulieren mit unbekannten Daten kann eine insufficient control of network message volume-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als ed4ca2cf012677973c220cdba36b5c60bfa0260b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 1.4,
- "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:P",
- "baseSeverity": "LOW"
+ "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125037.json b/2014/125xxx/CVE-2014-125037.json
index a0de451e214..520ccf55f50 100644
--- a/2014/125xxx/CVE-2014-125037.json
+++ b/2014/125xxx/CVE-2014-125037.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The name of the patch is cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191."
+ "value": "A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The patch is named cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125038.json b/2014/125xxx/CVE-2014-125038.json
index 879264c58a1..21901cc2cde 100644
--- a/2014/125xxx/CVE-2014-125038.json
+++ b/2014/125xxx/CVE-2014-125038.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125039.json b/2014/125xxx/CVE-2014-125039.json
index da43b96831a..4cc3469257b 100644
--- a/2014/125xxx/CVE-2014-125039.json
+++ b/2014/125xxx/CVE-2014-125039.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
- "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125040.json b/2014/125xxx/CVE-2014-125040.json
index c1c9ea370d7..fc706f94a34 100644
--- a/2014/125xxx/CVE-2014-125040.json
+++ b/2014/125xxx/CVE-2014-125040.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125041.json b/2014/125xxx/CVE-2014-125041.json
index 89bab19f19e..14fc95a100e 100644
--- a/2014/125xxx/CVE-2014-125041.json
+++ b/2014/125xxx/CVE-2014-125041.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125044.json b/2014/125xxx/CVE-2014-125044.json
index f64ac460910..52a58dbb60e 100644
--- a/2014/125xxx/CVE-2014-125044.json
+++ b/2014/125xxx/CVE-2014-125044.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515."
+ "value": "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is named 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 6.5,
- "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125045.json b/2014/125xxx/CVE-2014-125045.json
index 8a4c84248ee..070d8132315 100644
--- a/2014/125xxx/CVE-2014-125045.json
+++ b/2014/125xxx/CVE-2014-125045.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The name of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The identifier of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125046.json b/2014/125xxx/CVE-2014-125046.json
index 262f9b0edc3..27b26cedf44 100644
--- a/2014/125xxx/CVE-2014-125046.json
+++ b/2014/125xxx/CVE-2014-125046.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551."
+ "value": "A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125047.json b/2014/125xxx/CVE-2014-125047.json
index f61066796da..d85a754c191 100644
--- a/2014/125xxx/CVE-2014-125047.json
+++ b/2014/125xxx/CVE-2014-125047.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125048.json b/2014/125xxx/CVE-2014-125048.json
index c5e6eb99bfb..5fbf1b64ed5 100644
--- a/2014/125xxx/CVE-2014-125048.json
+++ b/2014/125xxx/CVE-2014-125048.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559."
+ "value": "A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.8,
- "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125049.json b/2014/125xxx/CVE-2014-125049.json
index 5cacfaaa4cb..3b2248ddb57 100644
--- a/2014/125xxx/CVE-2014-125049.json
+++ b/2014/125xxx/CVE-2014-125049.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **Es wurde eine Schwachstelle in typcn Blogile gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion getNav der Datei server.js. Mit der Manipulation des Arguments query mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine Schwachstelle in typcn Blogile gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion getNav der Datei server.js. Mit der Manipulation des Arguments query mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125050.json b/2014/125xxx/CVE-2014-125050.json
index 1e1e1e551fa..c4efdd319c7 100644
--- a/2014/125xxx/CVE-2014-125050.json
+++ b/2014/125xxx/CVE-2014-125050.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125051.json b/2014/125xxx/CVE-2014-125051.json
index efe4a84866e..ea300a45596 100644
--- a/2014/125xxx/CVE-2014-125051.json
+++ b/2014/125xxx/CVE-2014-125051.json
@@ -44,36 +44,36 @@
"version": {
"version_data": [
{
- "version_value": "1.0.0",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.0"
},
{
- "version_value": "1.0.1",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.1"
},
{
- "version_value": "1.0.2",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.2"
},
{
- "version_value": "1.0.3",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.3"
},
{
- "version_value": "1.0.4",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.4"
},
{
- "version_value": "1.0.5",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.5"
},
{
- "version_value": "1.0.6",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.6"
},
{
- "version_value": "1.0.7",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0.7"
}
]
}
@@ -131,8 +131,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125052.json b/2014/125xxx/CVE-2014-125052.json
index 633ad801351..6cbe873dd3d 100644
--- a/2014/125xxx/CVE-2014-125052.json
+++ b/2014/125xxx/CVE-2014-125052.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571."
+ "value": "A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The patch is named 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125053.json b/2014/125xxx/CVE-2014-125053.json
index 9571700b9d9..e1ee7abcd57 100644
--- a/2014/125xxx/CVE-2014-125053.json
+++ b/2014/125xxx/CVE-2014-125053.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The patch is identified as 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,20 +44,20 @@
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.0"
},
{
- "version_value": "1.1",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.1"
},
{
- "version_value": "1.2",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.2"
},
{
- "version_value": "1.3",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.3"
}
]
}
@@ -115,8 +115,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125054.json b/2014/125xxx/CVE-2014-125054.json
index 70159420c80..317db1f7432 100644
--- a/2014/125xxx/CVE-2014-125054.json
+++ b/2014/125xxx/CVE-2014-125054.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The name of the patch is 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
- "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125055.json b/2014/125xxx/CVE-2014-125055.json
index a4d3936b656..ed9d27e4da5 100644
--- a/2014/125xxx/CVE-2014-125055.json
+++ b/2014/125xxx/CVE-2014-125055.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596."
+ "value": "A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596."
},
{
"lang": "deu",
- "value": "Es wurde eine Schwachstelle in agnivade easy-scrypt gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion VerifyPassphrase der Datei scrypt.go. Mittels dem Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 477c10cf3b144ddf96526aa09f5fdea613f21812 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
+ "value": "Es wurde eine Schwachstelle in agnivade easy-scrypt gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion VerifyPassphrase der Datei scrypt.go. Mittels dem Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 477c10cf3b144ddf96526aa09f5fdea613f21812 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 1.4,
- "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N",
- "baseSeverity": "LOW"
+ "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125056.json b/2014/125xxx/CVE-2014-125056.json
index fc0e915d0ba..100cd4e20d1 100644
--- a/2014/125xxx/CVE-2014-125056.json
+++ b/2014/125xxx/CVE-2014-125056.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
- "value": "Eine Schwachstelle wurde in Pylons horus gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei horus/flows/local/services.py. Durch das Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Patch wird als fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+ "value": "Eine Schwachstelle wurde in Pylons horus gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei horus/flows/local/services.py. Durch das Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 1.4,
- "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N",
- "baseSeverity": "LOW"
+ "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125057.json b/2014/125xxx/CVE-2014-125057.json
index 97cbece5f0f..376fd33357e 100644
--- a/2014/125xxx/CVE-2014-125057.json
+++ b/2014/125xxx/CVE-2014-125057.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599."
+ "value": "A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599."
},
{
"lang": "deu",
- "value": "Es wurde eine Schwachstelle in mrobit robitailletheknot ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei app/filters.php der Komponente CSRF Token Handler. Durch Manipulieren des Arguments _token mit unbekannten Daten kann eine incorrect comparison-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 6b2813696ccb88d0576dfb305122ee880eb36197 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+ "value": "Es wurde eine Schwachstelle in mrobit robitailletheknot ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei app/filters.php der Komponente CSRF Token Handler. Durch Manipulieren des Arguments _token mit unbekannten Daten kann eine incorrect comparison-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Patch wird als 6b2813696ccb88d0576dfb305122ee880eb36197 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 2.1,
- "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
- "baseSeverity": "LOW"
+ "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125058.json b/2014/125xxx/CVE-2014-125058.json
index d4b63982549..6918155a382 100644
--- a/2014/125xxx/CVE-2014-125058.json
+++ b/2014/125xxx/CVE-2014-125058.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The name of the patch is d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code."
+ "value": "A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The patch is named d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125059.json b/2014/125xxx/CVE-2014-125059.json
index f13b377a6ee..e1566f0785d 100644
--- a/2014/125xxx/CVE-2014-125059.json
+++ b/2014/125xxx/CVE-2014-125059.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers."
+ "value": "A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 0.1.0 is able to address this issue. The identifier of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers."
},
{
"lang": "deu",
- "value": "Eine Schwachstelle wurde in sternenseemann sternenblog entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion blog_index der Datei main.c. Dank der Manipulation des Arguments post_path mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cf715d911d8ce17969a7926dea651e930c27e71a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
+ "value": "Eine Schwachstelle wurde in sternenseemann sternenblog entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion blog_index der Datei main.c. Dank der Manipulation des Arguments post_path mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Ein Aktualisieren auf die Version 0.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cf715d911d8ce17969a7926dea651e930c27e71a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4.6,
- "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125060.json b/2014/125xxx/CVE-2014-125060.json
index 528edd521bb..81ad9662d5f 100644
--- a/2014/125xxx/CVE-2014-125060.json
+++ b/2014/125xxx/CVE-2014-125060.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 7.5,
- "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
- "baseSeverity": "HIGH"
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125061.json b/2014/125xxx/CVE-2014-125061.json
index 864efba26da..0e121d9caa0 100644
--- a/2014/125xxx/CVE-2014-125061.json
+++ b/2014/125xxx/CVE-2014-125061.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in peel filebroker gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion select_transfer_status_desc der Datei lib/common.rb. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 91097e26a6c84d3208a351afaa52e0f62e5853ef bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine Schwachstelle wurde in peel filebroker gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion select_transfer_status_desc der Datei lib/common.rb. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 91097e26a6c84d3208a351afaa52e0f62e5853ef bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125062.json b/2014/125xxx/CVE-2014-125062.json
index 7face147d05..121b417228f 100644
--- a/2014/125xxx/CVE-2014-125062.json
+++ b/2014/125xxx/CVE-2014-125062.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The name of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125063.json b/2014/125xxx/CVE-2014-125063.json
index fa8363f2bc0..a7fb3e8b6f6 100644
--- a/2014/125xxx/CVE-2014-125063.json
+++ b/2014/125xxx/CVE-2014-125063.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability."
+ "value": "A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125065.json b/2014/125xxx/CVE-2014-125065.json
index d36f15761c9..5304ec36f2a 100644
--- a/2014/125xxx/CVE-2014-125065.json
+++ b/2014/125xxx/CVE-2014-125065.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125066.json b/2014/125xxx/CVE-2014-125066.json
index 6632ae00a0b..cdf33eaa17d 100644
--- a/2014/125xxx/CVE-2014-125066.json
+++ b/2014/125xxx/CVE-2014-125066.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
- "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125067.json b/2014/125xxx/CVE-2014-125067.json
index 73e33e86a7e..9929ffc5fbc 100644
--- a/2014/125xxx/CVE-2014-125067.json
+++ b/2014/125xxx/CVE-2014-125067.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639."
+ "value": "A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The patch is named d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125068.json b/2014/125xxx/CVE-2014-125068.json
index a9418dcc082..1c5820634a5 100644
--- a/2014/125xxx/CVE-2014-125068.json
+++ b/2014/125xxx/CVE-2014-125068.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643."
+ "value": "A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125069.json b/2014/125xxx/CVE-2014-125069.json
index c5a754367ba..5a605202509 100644
--- a/2014/125xxx/CVE-2014-125069.json
+++ b/2014/125xxx/CVE-2014-125069.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -58,11 +58,6 @@
},
"references": {
"reference_data": [
- {
- "url": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a",
- "refsource": "MISC",
- "name": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a"
- },
{
"url": "https://vuldb.com/?id.217644",
"refsource": "MISC",
@@ -72,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.217644",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217644"
+ },
+ {
+ "url": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a",
+ "refsource": "MISC",
+ "name": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a"
}
]
},
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
- "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125070.json b/2014/125xxx/CVE-2014-125070.json
index 473fddb27a0..a29231948bc 100644
--- a/2014/125xxx/CVE-2014-125070.json
+++ b/2014/125xxx/CVE-2014-125070.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651."
+ "value": "A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The patch is named ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
- "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125071.json b/2014/125xxx/CVE-2014-125071.json
index fb3b3e450fd..93f67de2a42 100644
--- a/2014/125xxx/CVE-2014-125071.json
+++ b/2014/125xxx/CVE-2014-125071.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125072.json b/2014/125xxx/CVE-2014-125072.json
index 4865af6eca4..4ac7163d2c3 100644
--- a/2014/125xxx/CVE-2014-125072.json
+++ b/2014/125xxx/CVE-2014-125072.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719."
+ "value": "A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The patch is named f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125073.json b/2014/125xxx/CVE-2014-125073.json
index 072c8489025..4dca4e172ab 100644
--- a/2014/125xxx/CVE-2014-125073.json
+++ b/2014/125xxx/CVE-2014-125073.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125074.json b/2014/125xxx/CVE-2014-125074.json
index 5432af3370d..60128dcdeb2 100644
--- a/2014/125xxx/CVE-2014-125074.json
+++ b/2014/125xxx/CVE-2014-125074.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The identifier of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125075.json b/2014/125xxx/CVE-2014-125075.json
index b06e9392252..5984831a551 100644
--- a/2014/125xxx/CVE-2014-125075.json
+++ b/2014/125xxx/CVE-2014-125075.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability."
+ "value": "A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125076.json b/2014/125xxx/CVE-2014-125076.json
index cbdb9ed7103..95d6955e369 100644
--- a/2014/125xxx/CVE-2014-125076.json
+++ b/2014/125xxx/CVE-2014-125076.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The patch is identified as 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125077.json b/2014/125xxx/CVE-2014-125077.json
index 348b03661ff..79d704701db 100644
--- a/2014/125xxx/CVE-2014-125077.json
+++ b/2014/125xxx/CVE-2014-125077.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The name of the patch is 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218351."
+ "value": "A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218351."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125078.json b/2014/125xxx/CVE-2014-125078.json
index 3fd2a9f3b9f..1f90f992ae8 100644
--- a/2014/125xxx/CVE-2014-125078.json
+++ b/2014/125xxx/CVE-2014-125078.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
- "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125079.json b/2014/125xxx/CVE-2014-125079.json
index 832995cee88..6213819d3df 100644
--- a/2014/125xxx/CVE-2014-125079.json
+++ b/2014/125xxx/CVE-2014-125079.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125080.json b/2014/125xxx/CVE-2014-125080.json
index 85af951be55..cfac4917821 100644
--- a/2014/125xxx/CVE-2014-125080.json
+++ b/2014/125xxx/CVE-2014-125080.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The name of the patch is a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125081.json b/2014/125xxx/CVE-2014-125081.json
index f20a2d98602..d7af5b69eb9 100644
--- a/2014/125xxx/CVE-2014-125081.json
+++ b/2014/125xxx/CVE-2014-125081.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459."
+ "value": "A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459."
},
{
"lang": "deu",
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125082.json b/2014/125xxx/CVE-2014-125082.json
index 99d2953f395..88d80606914 100644
--- a/2014/125xxx/CVE-2014-125082.json
+++ b/2014/125xxx/CVE-2014-125082.json
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "n/a",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125083.json b/2014/125xxx/CVE-2014-125083.json
index 2eecb20942b..23e37b63861 100644
--- a/2014/125xxx/CVE-2014-125083.json
+++ b/2014/125xxx/CVE-2014-125083.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911."
+ "value": "A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911."
},
{
"lang": "deu",
@@ -44,20 +44,20 @@
"version": {
"version_data": [
{
- "version_value": "3.2.0",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "3.2.0"
},
{
- "version_value": "3.2.1",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "3.2.1"
},
{
- "version_value": "3.2.2",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "3.2.2"
},
{
- "version_value": "3.2.3",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "3.2.3"
}
]
}
@@ -110,8 +110,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125084.json b/2014/125xxx/CVE-2014-125084.json
index 32784c2ab54..b3ac2a23aae 100644
--- a/2014/125xxx/CVE-2014-125084.json
+++ b/2014/125xxx/CVE-2014-125084.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The identifier of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability."
},
{
"lang": "deu",
- "value": "Eine Schwachstelle wurde in Gimmie Plugin 1.2.2 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei trigger_referral.php. Durch das Manipulieren des Arguments referrername mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7194a09353dd24a274678383a4418f2fd3fce6f7 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
+ "value": "Eine Schwachstelle wurde in Gimmie Plugin 1.2.2 f\u00fcr vBulletin entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei trigger_referral.php. Durch das Manipulieren des Arguments referrername mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7194a09353dd24a274678383a4418f2fd3fce6f7 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "1.2.2",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.2.2"
}
]
}
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125085.json b/2014/125xxx/CVE-2014-125085.json
index 418b0ebfb3b..0dbf757700b 100644
--- a/2014/125xxx/CVE-2014-125085.json
+++ b/2014/125xxx/CVE-2014-125085.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is identified as f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
- "value": "Es wurde eine Schwachstelle in Gimmie Plugin 1.2.2 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei trigger_ratethread.php. Durch Manipulieren des Arguments t/postusername mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f11a136e9cbd24997354965178728dc22a2aa2ed bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
+ "value": "Es wurde eine Schwachstelle in Gimmie Plugin 1.2.2 f\u00fcr vBulletin gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei trigger_ratethread.php. Durch Manipulieren des Arguments t/postusername mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f11a136e9cbd24997354965178728dc22a2aa2ed bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "1.2.2",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.2.2"
}
]
}
@@ -58,11 +58,6 @@
},
"references": {
"reference_data": [
- {
- "url": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0",
- "refsource": "MISC",
- "name": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0"
- },
{
"url": "https://vuldb.com/?id.220206",
"refsource": "MISC",
@@ -77,6 +72,11 @@
"url": "https://github.com/gimmie/vbulletin-v4/commit/f11a136e9cbd24997354965178728dc22a2aa2ed",
"refsource": "MISC",
"name": "https://github.com/gimmie/vbulletin-v4/commit/f11a136e9cbd24997354965178728dc22a2aa2ed"
+ },
+ {
+ "url": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0",
+ "refsource": "MISC",
+ "name": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0"
}
]
},
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125086.json b/2014/125xxx/CVE-2014-125086.json
index c5a90fb4733..833b47f8bb3 100644
--- a/2014/125xxx/CVE-2014-125086.json
+++ b/2014/125xxx/CVE-2014-125086.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207."
+ "value": "A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is named fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207."
},
{
"lang": "deu",
- "value": "In Gimmie Plugin 1.2.2 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei trigger_login.php. Durch das Beeinflussen des Arguments userid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fe851002d20a8d6196a5abb68bafec4102964d5b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
+ "value": "In Gimmie Plugin 1.2.2 f\u00fcr vBulletin wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei trigger_login.php. Durch das Beeinflussen des Arguments userid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fe851002d20a8d6196a5abb68bafec4102964d5b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@@ -44,8 +44,8 @@
"version": {
"version_data": [
{
- "version_value": "1.2.2",
- "version_affected": "="
+ "version_affected": "=",
+ "version_value": "1.2.2"
}
]
}
@@ -58,11 +58,6 @@
},
"references": {
"reference_data": [
- {
- "url": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0",
- "refsource": "MISC",
- "name": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0"
- },
{
"url": "https://vuldb.com/?id.220207",
"refsource": "MISC",
@@ -77,6 +72,11 @@
"url": "https://github.com/gimmie/vbulletin-v4/commit/fe851002d20a8d6196a5abb68bafec4102964d5b",
"refsource": "MISC",
"name": "https://github.com/gimmie/vbulletin-v4/commit/fe851002d20a8d6196a5abb68bafec4102964d5b"
+ },
+ {
+ "url": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0",
+ "refsource": "MISC",
+ "name": "https://github.com/gimmie/vbulletin-v4/tree/v1.3.0"
}
]
},
@@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2014/125xxx/CVE-2014-125087.json b/2014/125xxx/CVE-2014-125087.json
index 686848900e2..35d1fe8ac2c 100644
--- a/2014/125xxx/CVE-2014-125087.json
+++ b/2014/125xxx/CVE-2014-125087.json
@@ -112,8 +112,7 @@
{
"version": "2.0",
"baseScore": 5.2,
- "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
- "baseSeverity": "MEDIUM"
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2020/36xxx/CVE-2020-36698.json b/2020/36xxx/CVE-2020-36698.json
index 35db4049bd9..ec0df76fc41 100644
--- a/2020/36xxx/CVE-2020-36698.json
+++ b/2020/36xxx/CVE-2020-36698.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36698",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-862 Missing Authorization"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "cleantalk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Security & Malware scan by CleanTalk",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "2.50"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve"
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin/",
+ "refsource": "MISC",
+ "name": "https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin/"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01",
+ "refsource": "MISC",
+ "name": "https://wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jerome Bruandet"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2020/36xxx/CVE-2020-36706.json b/2020/36xxx/CVE-2020-36706.json
index ea7865f6d54..9972f30675f 100644
--- a/2020/36xxx/CVE-2020-36706.json
+++ b/2020/36xxx/CVE-2020-36706.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36706",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Simple:Press \u2013 WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "simplepress",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Simple:Press Forum",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "*",
+ "version_value": "6.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve"
+ },
+ {
+ "url": "https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/",
+ "refsource": "MISC",
+ "name": "https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/",
+ "refsource": "MISC",
+ "name": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843",
+ "refsource": "MISC",
+ "name": "https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jerome Bruandet"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
}
]
}
diff --git a/2021/4xxx/CVE-2021-4335.json b/2021/4xxx/CVE-2021-4335.json
index 3718cbf97da..bcdc2c4dc78 100644
--- a/2021/4xxx/CVE-2021-4335.json
+++ b/2021/4xxx/CVE-2021-4335.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4335",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-285 Improper Authorization"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Unknown",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Fancy Product Designer",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "4.6.9"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=cve"
+ },
+ {
+ "url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981",
+ "refsource": "MISC",
+ "name": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Ramuel Gall"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2021/4xxx/CVE-2021-4353.json b/2021/4xxx/CVE-2021-4353.json
index 92523e0950f..0a9fbb59e2c 100644
--- a/2021/4xxx/CVE-2021-4353.json
+++ b/2021/4xxx/CVE-2021-4353.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4353",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "RightPress",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WooCommerce Dynamic Pricing and Discounts",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "*",
+ "version_value": "2.4.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve"
+ },
+ {
+ "url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/",
+ "refsource": "MISC",
+ "name": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jerome Bruandet"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2022/4xxx/CVE-2022-4712.json b/2022/4xxx/CVE-2022-4712.json
index fce919dbb51..1e817c6ef7c 100644
--- a/2022/4xxx/CVE-2022-4712.json
+++ b/2022/4xxx/CVE-2022-4712.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4712",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "gioni",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WP Cerber Security, Anti-spam & Malware Scan",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "9.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wp-cerber/trunk/admin/cerber-dashboard.php?rev=2721561#L1338",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/wp-cerber/trunk/admin/cerber-dashboard.php?rev=2721561#L1338"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Ramuel Gall"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2022/4xxx/CVE-2022-4954.json b/2022/4xxx/CVE-2022-4954.json
index 8ac352b0696..7353e1b3cb9 100644
--- a/2022/4xxx/CVE-2022-4954.json
+++ b/2022/4xxx/CVE-2022-4954.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4954",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "pluginbuilders",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Waiting: One-click countdowns",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "0.6.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/waiting/trunk/waiting.php?rev=2826039",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/waiting/trunk/waiting.php?rev=2826039"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/2xxx/CVE-2023-2325.json b/2023/2xxx/CVE-2023-2325.json
index 16e98437e75..5b6b873ec4b 100644
--- a/2023/2xxx/CVE-2023-2325.json
+++ b/2023/2xxx/CVE-2023-2325.json
@@ -1,17 +1,144 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2325",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@m-files.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Stored XSS Vulnerability in M-Files Classic Web versions before 23.10\u00a0and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "M-Files",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M-Files Web",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "23.10",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "status": "unaffected",
+ "version": "23.2 LTS SR4"
+ },
+ {
+ "status": "unaffected",
+ "version": "23.8 LTS SR1"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/",
+ "refsource": "MISC",
+ "name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "defect": [
+ "167253"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "None"
+ }
+ ],
+ "value": "None"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to fixed version"
+ }
+ ],
+ "value": "Update to fixed version"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Thomas Riedmaier / Siemens Energy"
+ },
+ {
+ "lang": "en",
+ "value": "Abian Blome / Siemens Energy"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/33xxx/CVE-2023-33238.json b/2023/33xxx/CVE-2023-33238.json
index a2fc0661dd7..b7628e4fb40 100644
--- a/2023/33xxx/CVE-2023-33238.json
+++ b/2023/33xxx/CVE-2023-33238.json
@@ -58,6 +58,66 @@
}
]
}
+ },
+ {
+ "product_name": "EDR-810 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "5.12.27"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "EDR-G902 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "5.7.17"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "EDR-G903 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "5.7.15"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "EDR-G9010 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "2.1"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "NAT-102 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "1.0.3"
+ }
+ ]
+ }
}
]
}
@@ -87,10 +147,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:
- TN-4900 Series: Please contact Moxa Technical Support for a security patch.
- TN-5900 Series: Please upgrade to firmware v3.4 or higher.
"
+ "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:
"
}
],
- "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please contact Moxa Technical Support for a security patch.\n\n\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher.\n\n\n"
+ "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series:\u00a0Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series:\u00a0Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series:\u00a0Please upgrade to firmware\u00a0 v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n"
}
],
"impact": {
diff --git a/2023/33xxx/CVE-2023-33239.json b/2023/33xxx/CVE-2023-33239.json
index 457f5419cef..e92489bb88c 100644
--- a/2023/33xxx/CVE-2023-33239.json
+++ b/2023/33xxx/CVE-2023-33239.json
@@ -58,6 +58,66 @@
}
]
}
+ },
+ {
+ "product_name": "EDR-810 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "5.12.27"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "EDR-G902 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "5.7.17"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "EDR-G903 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "5.7.15"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "EDR-G9010 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "2.1"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "NAT-102 Series",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.0",
+ "version_value": "1.0.3"
+ }
+ ]
+ }
}
]
}
@@ -87,10 +147,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:
- TN-4900 Series: Please contact Moxa Technical Support for a security patch.
- TN-5900 Series: Please upgrade to firmware v3.4 or higher.
"
+ "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:"
}
],
- "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please contact Moxa Technical Support for a security patch.\n\n\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher.\n\n\n"
+ "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n"
}
],
"impact": {
diff --git a/2023/39xxx/CVE-2023-39680.json b/2023/39xxx/CVE-2023-39680.json
index 8a3149ae988..74c4c8ab4b1 100644
--- a/2023/39xxx/CVE-2023-39680.json
+++ b/2023/39xxx/CVE-2023-39680.json
@@ -1,18 +1,76 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-39680",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-39680",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/apple502j/4ab77291c98e45f4a5bf780c8eda8afa",
+ "url": "https://gist.github.com/apple502j/4ab77291c98e45f4a5bf780c8eda8afa"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R",
+ "version": "3.1"
+ }
}
}
\ No newline at end of file
diff --git a/2023/46xxx/CVE-2023-46279.json b/2023/46xxx/CVE-2023-46279.json
new file mode 100644
index 00000000000..206555090b9
--- /dev/null
+++ b/2023/46xxx/CVE-2023-46279.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-46279",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4271.json b/2023/4xxx/CVE-2023-4271.json
index 6399dce61da..8f392673409 100644
--- a/2023/4xxx/CVE-2023-4271.json
+++ b/2023/4xxx/CVE-2023-4271.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4271",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018psres_button_size\u2019 parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "deanoakley",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Photospace Responsive Gallery",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "2.1.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2831424/photospace-responsive/trunk/includes/class-photospace-responsive-gallery.php?contextall=1&old=2544748&old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2831424/photospace-responsive/trunk/includes/class-photospace-responsive-gallery.php?contextall=1&old=2544748&old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail=",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail="
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4274.json b/2023/4xxx/CVE-2023-4274.json
index 552e2f0e415..15530b6cd54 100644
--- a/2023/4xxx/CVE-2023-4274.json
+++ b/2023/4xxx/CVE-2023-4274.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4274",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "wpvividplugins",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Migration, Backup, Staging \u2013 WPvivid",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "0.9.89"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail="
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Ivan Kuzymchak"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
+ "baseScore": 8.7,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4402.json b/2023/4xxx/CVE-2023-4402.json
index 6c03523b79b..a910c921eb3 100644
--- a/2023/4xxx/CVE-2023-4402.json
+++ b/2023/4xxx/CVE-2023-4402.json
@@ -1,17 +1,96 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4402",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-502 Deserialization of Untrusted Data"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "wpdevteam",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Essential Blocks Pro",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.1.0"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "4.2.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4482.json b/2023/4xxx/CVE-2023-4482.json
index 0a031f5b1b3..13cbd7e153b 100644
--- a/2023/4xxx/CVE-2023-4482.json
+++ b/2023/4xxx/CVE-2023-4482.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4482",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "miunosoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "5.3.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2961861%40amazon-auto-links%2Ftrunk&old=2896127%40amazon-auto-links%2Ftrunk&sfp_email=&sfph_mail=",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2961861%40amazon-auto-links%2Ftrunk&old=2896127%40amazon-auto-links%2Ftrunk&sfp_email=&sfph_mail="
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4488.json b/2023/4xxx/CVE-2023-4488.json
index 4ead877504a..9059eaa1667 100644
--- a/2023/4xxx/CVE-2023-4488.json
+++ b/2023/4xxx/CVE-2023-4488.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4488",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "hyno",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Dropbox Folder Share",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.9.7"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/647a2f27-092a-4db1-932d-87ae8c2efcca?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/647a2f27-092a-4db1-932d-87ae8c2efcca?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/UsosGenerales/js/editor-view.php?rev=2904670",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/UsosGenerales/js/editor-view.php?rev=2904670"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4598.json b/2023/4xxx/CVE-2023-4598.json
index 81572cc3080..f9b846eeb00 100644
--- a/2023/4xxx/CVE-2023-4598.json
+++ b/2023/4xxx/CVE-2023-4598.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4598",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "mostafas1990",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Slimstat Analytics",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "5.0.9"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07c0f5a5-3455-4f06-b481-f4d678309c50?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07c0f5a5-3455-4f06-b481-f4d678309c50?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.8/admin/view/wp-slimstat-db.php#L970",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.8/admin/view/wp-slimstat-db.php#L970"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail="
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Chloe Chamberland"
+ },
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4919.json b/2023/4xxx/CVE-2023-4919.json
index fbab600a560..110d6a6d513 100644
--- a/2023/4xxx/CVE-2023-4919.json
+++ b/2023/4xxx/CVE-2023-4919.json
@@ -1,17 +1,98 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4919",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "webvitaly",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "iframe",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "4.6"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L28",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L28"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L40",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L40"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970787/iframe#file4",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970787/iframe#file4"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ },
+ {
+ "lang": "en",
+ "value": "Alex Thomas"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4920.json b/2023/4xxx/CVE-2023-4920.json
index da6b13ee8a7..c5c2df62699 100644
--- a/2023/4xxx/CVE-2023-4920.json
+++ b/2023/4xxx/CVE-2023-4920.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4920",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "realmag777",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.1.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/index.php#L805",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/index.php#L805"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/index.php?contextall=1&old=2968292&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Findex.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/index.php?contextall=1&old=2968292&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Findex.php"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4935.json b/2023/4xxx/CVE-2023-4935.json
index 8c36ff9c652..f4051b78c8d 100644
--- a/2023/4xxx/CVE-2023-4935.json
+++ b/2023/4xxx/CVE-2023-4935.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4935",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "realmag777",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.1.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/639f3941-7783-4500-aca4-5e8155db6460?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/639f3941-7783-4500-aca4-5e8155db6460?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/classes/models/profiles.php#L191",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/classes/models/profiles.php#L191"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/classes/models/profiles.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fclasses%2Fmodels%2Fprofiles.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/classes/models/profiles.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fclasses%2Fmodels%2Fprofiles.php"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4937.json b/2023/4xxx/CVE-2023-4937.json
index 4fe5845108f..81be8694e8b 100644
--- a/2023/4xxx/CVE-2023-4937.json
+++ b/2023/4xxx/CVE-2023-4937.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4937",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "realmag777",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.1.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4940.json b/2023/4xxx/CVE-2023-4940.json
index b19872aa65b..ccdf9fdddf3 100644
--- a/2023/4xxx/CVE-2023-4940.json
+++ b/2023/4xxx/CVE-2023-4940.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4940",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "realmag777",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.1.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31c5e524-ef4d-48c7-baa0-595f8060a167?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31c5e524-ef4d-48c7-baa0-595f8060a167?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4942.json b/2023/4xxx/CVE-2023-4942.json
index 074a945857f..7b7d25dbfe3 100644
--- a/2023/4xxx/CVE-2023-4942.json
+++ b/2023/4xxx/CVE-2023-4942.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4942",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "realmag777",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.1.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26d8b75b-befa-4c6a-b072-0da44e437174?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26d8b75b-befa-4c6a-b072-0da44e437174?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4943.json b/2023/4xxx/CVE-2023-4943.json
index c8ae2ff45f3..3bd38a6022a 100644
--- a/2023/4xxx/CVE-2023-4943.json
+++ b/2023/4xxx/CVE-2023-4943.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4943",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-862 Missing Authorization"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "realmag777",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.1.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4947.json b/2023/4xxx/CVE-2023-4947.json
index ab21395e43c..a97c61dda16 100644
--- a/2023/4xxx/CVE-2023-4947.json
+++ b/2023/4xxx/CVE-2023-4947.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4947",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-862 Missing Authorization"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Yan&Co",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WooCommerce EAN Payment Gateway",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "*",
+ "version_value": "6.1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=cve"
+ },
+ {
+ "url": "https://plugins.yanco.dk/product/woocommerce-ean-payment-gateway/",
+ "refsource": "MISC",
+ "name": "https://plugins.yanco.dk/product/woocommerce-ean-payment-gateway/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ },
+ {
+ "lang": "en",
+ "value": "Yan&Co ApS"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4968.json b/2023/4xxx/CVE-2023-4968.json
index 583e48354a9..39c380a3596 100644
--- a/2023/4xxx/CVE-2023-4968.json
+++ b/2023/4xxx/CVE-2023-4968.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4968",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "wpeka-club",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "2.9.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wplegalpages/tags/2.9.2/public/class-wp-legal-pages-public.php#L150",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/wplegalpages/tags/2.9.2/public/class-wp-legal-pages-public.php#L150"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2976774/wplegalpages/trunk/public/class-wp-legal-pages-public.php#file0",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2976774/wplegalpages/trunk/public/class-wp-legal-pages-public.php#file0"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4975.json b/2023/4xxx/CVE-2023-4975.json
index 936dd036fb4..a0092a2c1cf 100644
--- a/2023/4xxx/CVE-2023-4975.json
+++ b/2023/4xxx/CVE-2023-4975.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4975",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "seedprod",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "6.15.13.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/coming-soon/trunk/resources/views/builder.php#L164",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/coming-soon/trunk/resources/views/builder.php#L164"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2968455/coming-soon/trunk/resources/views/builder.php",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2968455/coming-soon/trunk/resources/views/builder.php"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5050.json b/2023/5xxx/CVE-2023-5050.json
index c10f7f93055..08b1494122d 100644
--- a/2023/5xxx/CVE-2023-5050.json
+++ b/2023/5xxx/CVE-2023-5050.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5050",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "bozdoz",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Leaflet Map",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "3.3.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3084c9ab-00aa-4b8e-aa46-bd70b335ec77?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3084c9ab-00aa-4b8e-aa46-bd70b335ec77?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/leaflet-map/tags/3.3.0/shortcodes/class.geojson-shortcode.php#L124",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/leaflet-map/tags/3.3.0/shortcodes/class.geojson-shortcode.php#L124"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2968965/leaflet-map#file12",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2968965/leaflet-map#file12"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5071.json b/2023/5xxx/CVE-2023-5071.json
index b2c9581a9c4..69415a3588f 100644
--- a/2023/5xxx/CVE-2023-5071.json
+++ b/2023/5xxx/CVE-2023-5071.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5071",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "webvitaly",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Sitekit",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/011c8a06-298e-4a53-9ef8-552585426d79?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/011c8a06-298e-4a53-9ef8-552585426d79?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/sitekit/trunk/inc/sitekit-shortcode-iframe.php#L3",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/sitekit/trunk/inc/sitekit-shortcode-iframe.php#L3"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2970788/sitekit",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2970788/sitekit"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ },
+ {
+ "lang": "en",
+ "value": "Alex Thomas"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5120.json b/2023/5xxx/CVE-2023-5120.json
index aebd2cfca5f..72a84136d55 100644
--- a/2023/5xxx/CVE-2023-5120.json
+++ b/2023/5xxx/CVE-2023-5120.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5120",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "wpvividplugins",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Migration, Backup, Staging \u2013 WPvivid",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "0.9.89"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/320f4260-20c2-4f27-91ba-d2488b417f62?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/320f4260-20c2-4f27-91ba-d2488b417f62?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/upload-cleaner/class-wpvivid-uploads-cleaner.php#L161",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/upload-cleaner/class-wpvivid-uploads-cleaner.php#L161"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Ivan Kuzymchak"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5200.json b/2023/5xxx/CVE-2023-5200.json
index 33282a79510..3a109f820c4 100644
--- a/2023/5xxx/CVE-2023-5200.json
+++ b/2023/5xxx/CVE-2023-5200.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5200",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "getflowpaper",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "flowpaper",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "2.0.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/flowpaper-lite-pdf-flipbook/trunk/flowpaper.php?rev=2959754#L395",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/flowpaper-lite-pdf-flipbook/trunk/flowpaper.php?rev=2959754#L395"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2966821/flowpaper-lite-pdf-flipbook",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2966821/flowpaper-lite-pdf-flipbook"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5308.json b/2023/5xxx/CVE-2023-5308.json
index f02227c0ca7..a525d49ea0c 100644
--- a/2023/5xxx/CVE-2023-5308.json
+++ b/2023/5xxx/CVE-2023-5308.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5308",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "secondlinethemes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Podcast Subscribe Buttons",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.4.8"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/podcast-subscribe-buttons/tags/1.4.8/template-parts/inline-button.php#L30",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/podcast-subscribe-buttons/tags/1.4.8/template-parts/inline-button.php#L30"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2973904/podcast-subscribe-buttons#file529",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2973904/podcast-subscribe-buttons#file529"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lana Codes"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5414.json b/2023/5xxx/CVE-2023-5414.json
index 62c4d95b458..8b197466c4b 100644
--- a/2023/5xxx/CVE-2023-5414.json
+++ b/2023/5xxx/CVE-2023-5414.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5414",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "icegram",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress & WooCommerce",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "5.6.23"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/classes/class-email-subscribers-logs.php?rev=2919465#L28",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/classes/class-email-subscribers-logs.php?rev=2919465#L28"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Marco Wotschka"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5523.json b/2023/5xxx/CVE-2023-5523.json
index 4ee643986ac..73242caf690 100644
--- a/2023/5xxx/CVE-2023-5523.json
+++ b/2023/5xxx/CVE-2023-5523.json
@@ -1,17 +1,136 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5523",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@m-files.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution\u00a0\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
+ "cweId": "CWE-829"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "M-Files",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Web Companion",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "23.10",
+ "status": "affected",
+ "version": "23.3",
+ "versionType": "custom"
+ },
+ {
+ "status": "unaffected",
+ "version": "23.8 LTS SR1"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/",
+ "refsource": "MISC",
+ "name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "defect": [
+ "168401"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "exploit": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "None publicly available"
+ }
+ ],
+ "value": "None publicly available"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to fixed version"
+ }
+ ],
+ "value": "Update to fixed version"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Anton Keskisaari / Second Nature Security"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.6,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5524.json b/2023/5xxx/CVE-2023-5524.json
index d0f35cb7439..ffbc62b9750 100644
--- a/2023/5xxx/CVE-2023-5524.json
+++ b/2023/5xxx/CVE-2023-5524.json
@@ -1,17 +1,136 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5524",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@m-files.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution\n\n via specific file types\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
+ "cweId": "CWE-434"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "M-Files",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Web Companion",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "23.10",
+ "status": "affected",
+ "version": "23.3",
+ "versionType": "custom"
+ },
+ {
+ "status": "unaffected",
+ "version": "23.8 LTS SR1"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/",
+ "refsource": "MISC",
+ "name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "defect": [
+ "168541"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "exploit": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "None publicly available"
+ }
+ ],
+ "value": "None publicly available"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to fixed version"
+ }
+ ],
+ "value": "Update to fixed version"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Anton Keskisaari / Second Nature Security"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5576.json b/2023/5xxx/CVE-2023-5576.json
index 52eb9c29479..5ae5b3feecd 100644
--- a/2023/5xxx/CVE-2023-5576.json
+++ b/2023/5xxx/CVE-2023-5576.json
@@ -1,17 +1,83 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5576",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-200 Information Exposure"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "wpvividplugins",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Migration, Backup, Staging \u2013 WPvivid",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "0.9.91"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.91/includes/customclass/client_secrets.json",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.91/includes/customclass/client_secrets.json"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2977863/",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/2977863/"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
+ "baseScore": 8,
+ "baseSeverity": "HIGH"
}
]
}