admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-10 08:00:33 +00:00
parent 61af448110
commit b55fb2f1b9
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
37 changed files with 1526 additions and 856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/46xxx/CVE-2022-46663.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-71442d7613",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LR7AUWB34JD4PCW3HHASBEDGGHFWPAQP/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-11",
"url": "https://security.gentoo.org/glsa/202310-11"
}
]
}

178
2023/0xxx/CVE-2023-0028.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0028",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in linagora/twake"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "linagora/twake",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2023.Q1.1200+"
}
]
}
}
]
},
"vendor_name": "linagora"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0028",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bfd935f4-2d1d-4d3f-8b59-522abe7dd065",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bfd935f4-2d1d-4d3f-8b59-522abe7dd065"
},
{
"name": "https://github.com/linagora/twake/commit/61f4c0caf4ce61c839fb304a707972974daacae9",
"refsource": "MISC",
"url": "https://github.com/linagora/twake/commit/61f4c0caf4ce61c839fb304a707972974daacae9"
}
]
},
"source": {
"advisory": "bfd935f4-2d1d-4d3f-8b59-522abe7dd065",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "linagora",
"product": {
"product_data": [
{
"product_name": "linagora/twake",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2023.Q1.1200+"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/bfd935f4-2d1d-4d3f-8b59-522abe7dd065",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/bfd935f4-2d1d-4d3f-8b59-522abe7dd065"
},
{
"url": "https://github.com/linagora/Twake/pull/2678/commits/c0708c397e199c68cea0db9f59d29d7dbdcdde7b",
"refsource": "MISC",
"name": "https://github.com/linagora/Twake/pull/2678/commits/c0708c397e199c68cea0db9f59d29d7dbdcdde7b"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "bfd935f4-2d1d-4d3f-8b59-522abe7dd065",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}
}

108
2023/0xxx/CVE-2023-0493.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0493",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-76 Improper Neutralization of Equivalent Special Elements",
"cweId": "CWE-76"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "btcpayserver",
"product": {
"product_data": [
{
@ -17,78 +41,60 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.7.5"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-76 Improper Neutralization of Equivalent Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f"
"url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f"
},
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a",
"url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a"
"name": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a"
},
{
"url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html",
"url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html"
"name": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "3a73b45c-6f3e-4536-a327-cdfdbc59896f",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}
}

178
2023/0xxx/CVE-2023-0747.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0747",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.7.6"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0747",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff"
},
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/d4e464ad4ef0cbbf61751e70f77865de325dd6cf",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/d4e464ad4ef0cbbf61751e70f77865de325dd6cf"
}
]
},
"source": {
"advisory": "7830b9b4-af2e-44ef-8b00-ee2491d4e7ff",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "btcpayserver",
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.7.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4567/commits/d4e464ad4ef0cbbf61751e70f77865de325dd6cf",
"refsource": "MISC",
"name": "https://github.com/btcpayserver/btcpayserver/pull/4567/commits/d4e464ad4ef0cbbf61751e70f77865de325dd6cf"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "7830b9b4-af2e-44ef-8b00-ee2491d4e7ff",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
}

178
2023/0xxx/CVE-2023-0748.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0748",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in btcpayserver/btcpayserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.7.6"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0748",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86"
},
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/c2cfa17e9619046b43987627b8429541d2834109",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/c2cfa17e9619046b43987627b8429541d2834109"
}
]
},
"source": {
"advisory": "1a0403b6-9ec9-4587-b559-b1afba798c86",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "btcpayserver",
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.7.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109",
"refsource": "MISC",
"name": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "1a0403b6-9ec9-4587-b559-b1afba798c86",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

178
2023/0xxx/CVE-2023-0879.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0879",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.7.12"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0879",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"
},
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/f2f3b245c4d8980d8e54e4708c796df82332c3d7",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/f2f3b245c4d8980d8e54e4708c796df82332c3d7"
}
]
},
"source": {
"advisory": "9464e3c6-961d-4e23-8b3d-07cbb31de541",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "btcpayserver",
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.7.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7",
"refsource": "MISC",
"name": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "9464e3c6-961d-4e23-8b3d-07cbb31de541",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
}

178
2023/0xxx/CVE-2023-0919.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0919",
"STATE": "PUBLIC",
"TITLE": "Missing Authentication for Critical Function in kareadita/kavita"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kareadita/kavita",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.7.0"
}
]
}
}
]
},
"vendor_name": "kareadita"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0919",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f"
},
{
"name": "https://github.com/kareadita/kavita/commit/6648b79e1b2f92449d5816d0722b7a3d72f259d5",
"refsource": "MISC",
"url": "https://github.com/kareadita/kavita/commit/6648b79e1b2f92449d5816d0722b7a3d72f259d5"
}
]
},
"source": {
"advisory": "3c514923-473f-4c50-ae0d-d002a41fe70f",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kareadita",
"product": {
"product_data": [
{
"product_name": "kareadita/kavita",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.7.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f"
},
{
"url": "https://github.com/Kareadita/Kavita/pull/1748/commits/6648b79e1b2f92449d5816d0722b7a3d72f259d5",
"refsource": "MISC",
"name": "https://github.com/Kareadita/Kavita/pull/1748/commits/6648b79e1b2f92449d5816d0722b7a3d72f259d5"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "3c514923-473f-4c50-ae0d-d002a41fe70f",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}
}

178
2023/1xxx/CVE-2023-1177.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1177",
"STATE": "PUBLIC",
"TITLE": "Path Traversal: '\\..\\filename' in mlflow/mlflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mlflow/mlflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "mlflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-29 Path Traversal: '\\..\\filename'"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-1177",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28"
},
{
"name": "https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e",
"refsource": "MISC",
"url": "https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e"
}
]
},
"source": {
"advisory": "1fe8f21a-c438-4cba-9add-e8a5dab94e28",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-29 Path Traversal: '\\..\\filename'",
"cweId": "CWE-29"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mlflow",
"product": {
"product_data": [
{
"product_name": "mlflow/mlflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28"
},
{
"url": "https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e",
"refsource": "MISC",
"name": "https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "1fe8f21a-c438-4cba-9add-e8a5dab94e28",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
]
}
}

104
2023/1xxx/CVE-2023-1283.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1283",
"STATE": "PUBLIC",
"TITLE": " Code Injection in builderio/qwik"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in GitHub repository builderio/qwik prior to 0.21.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "builderio",
"product": {
"product_data": [
{
@ -17,73 +41,55 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.21.0"
}
]
}
}
]
},
"vendor_name": "builderio"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in GitHub repository builderio/qwik prior to 0.21.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8"
"url": "https://huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8"
},
{
"name": "https://github.com/builderio/qwik/commit/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66",
"url": "https://github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66",
"refsource": "MISC",
"url": "https://github.com/builderio/qwik/commit/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66"
"name": "https://github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "63f1ff91-48f3-4886-a179-103f1ddd8ff8",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

178
2023/1xxx/CVE-2023-1647.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1647",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in calcom/cal.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "calcom/cal.com",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.7"
}
]
}
}
]
},
"vendor_name": "calcom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository calcom/cal.com prior to 2.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-1647",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6"
},
{
"name": "https://github.com/calcom/cal.com/commit/c76e5f46101a826b2de39123c22f50c840dddba0",
"refsource": "MISC",
"url": "https://github.com/calcom/cal.com/commit/c76e5f46101a826b2de39123c22f50c840dddba0"
}
]
},
"source": {
"advisory": "d6de3d6e-9551-47d1-b28c-7e965c1b82b6",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "calcom",
"product": {
"product_data": [
{
"product_name": "calcom/cal.com",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6"
},
{
"url": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1",
"refsource": "MISC",
"name": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "d6de3d6e-9551-47d1-b28c-7e965c1b82b6",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

104
2023/2xxx/CVE-2023-2307.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-2307",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in builderio/qwik"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "builderio",
"product": {
"product_data": [
{
@ -17,73 +41,55 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.104.0"
}
]
}
}
]
},
"vendor_name": "builderio"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917"
"url": "https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917"
},
{
"name": "https://github.com/builderio/qwik/commit/09190b70027354baf7ad3d208df9c05a87f75f57",
"url": "https://github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57",
"refsource": "MISC",
"url": "https://github.com/builderio/qwik/commit/09190b70027354baf7ad3d208df9c05a87f75f57"
"name": "https://github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "204ea12e-9e5c-4166-bf0e-fd49c8836917",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
]
}
}

178
2023/2xxx/CVE-2023-2564.json
View File

@ -1,89 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-2564",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in sbs20/scanservjs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sbs20/scanservjs",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v2.27.0"
}
]
}
}
]
},
"vendor_name": "sbs20"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-2564",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.\n\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461"
},
{
"name": "https://github.com/sbs20/scanservjs/commit/d51fd52c1569813990b8f74e64ae6979c665dca1",
"refsource": "MISC",
"url": "https://github.com/sbs20/scanservjs/commit/d51fd52c1569813990b8f74e64ae6979c665dca1"
}
]
},
"source": {
"advisory": "d13113ad-a107-416b-acc1-01e4c16ec461",
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sbs20",
"product": {
"product_data": [
{
"product_name": "sbs20/scanservjs",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "v2.27.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461"
},
{
"url": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1",
"refsource": "MISC",
"name": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "d13113ad-a107-416b-acc1-01e4c16ec461",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

85
2023/41xxx/CVE-2023-41694.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41694",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <=\u00a01.0.3 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Realbig Team",
"product": {
"product_data": [
{
"product_name": "Realbig For WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/realbig-media/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/realbig-media/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

85
2023/41xxx/CVE-2023-41697.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41697",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <=\u00a01.9 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nikunj Soni",
"product": {
"product_data": [
{
"product_name": "Easy WP Cleaner",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/easy-wp-cleaner/wordpress-easy-wp-cleaner-plugin-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/easy-wp-cleaner/wordpress-easy-wp-cleaner-plugin-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

85
2023/41xxx/CVE-2023-41730.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41730",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <=\u00a01.22.3.31 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SendPress",
"product": {
"product_data": [
{
"product_name": "SendPress Newsletters",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.22.3.31"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-cross-site-request-forgery-csrf?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-cross-site-request-forgery-csrf?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "yuyudhn (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

5
2023/43xxx/CVE-2023-43641.json
View File

@ -58,6 +58,11 @@
"url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/",
"refsource": "MISC",
"name": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/"
},
{
"url": "https://security.gentoo.org/glsa/202310-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202310-10"
}
]
},

18
2023/45xxx/CVE-2023-45628.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45629.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45630.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45631.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45632.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45633.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45634.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45634",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45635.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45636.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45637.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

17
2023/5xxx/CVE-2023-5084.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8."
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.\n\n"
}
]
},
@ -61,12 +61,15 @@
"name": "https://huntr.dev/bounties/f3340570-6e59-4c72-a7d1-d4b829b4fb45"
},
{
"url": "https://github.com/hestiacp/hestiacp/commit/5131f5a966759df77477fdf7f29daa2bda93b1ff",
"url": "https://github.com/hestiacp/hestiacp/pull/4013/commits/5131f5a966759df77477fdf7f29daa2bda93b1ff",
"refsource": "MISC",
"name": "https://github.com/hestiacp/hestiacp/commit/5131f5a966759df77477fdf7f29daa2bda93b1ff"
"name": "https://github.com/hestiacp/hestiacp/pull/4013/commits/5131f5a966759df77477fdf7f29daa2bda93b1ff"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "f3340570-6e59-4c72-a7d1-d4b829b4fb45",
"discovery": "EXTERNAL"
@ -74,18 +77,18 @@
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 3.9,
"baseSeverity": "LOW"
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

18
2023/5xxx/CVE-2023-5488.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5489.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5490.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5490",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5491.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5492.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5493.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5494.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5495.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5496.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5497.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}