From ba89c3d274c5821597365ea6078af4faacb866e9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 21 Jul 2023 01:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/32xxx/CVE-2023-32624.json | 58 ++++++++++++++++++-- 2023/32xxx/CVE-2023-32625.json | 58 ++++++++++++++++++-- 2023/37xxx/CVE-2023-37289.json | 2 +- 2023/37xxx/CVE-2023-37290.json | 8 +-- 2023/3xxx/CVE-2023-3803.json | 96 ++++++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3804.json | 96 ++++++++++++++++++++++++++++++++-- 6 files changed, 297 insertions(+), 21 deletions(-) diff --git a/2023/32xxx/CVE-2023-32624.json b/2023/32xxx/CVE-2023-32624.json index 686027f3a65..876ff97fe12 100644 --- a/2023/32xxx/CVE-2023-32624.json +++ b/2023/32xxx/CVE-2023-32624.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAKURA internet Inc.", + "product": { + "product_data": [ + { + "product_name": "TS Webfonts for SAKURA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers", + "refsource": "MISC", + "name": "https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers" + }, + { + "url": "https://jvn.jp/en/jp/JVN90560760/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN90560760/" } ] } diff --git a/2023/32xxx/CVE-2023-32625.json b/2023/32xxx/CVE-2023-32625.json index ebf23438b84..d327746f651 100644 --- a/2023/32xxx/CVE-2023-32625.json +++ b/2023/32xxx/CVE-2023-32625.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAKURA internet Inc.", + "product": { + "product_data": [ + { + "product_name": "TS Webfonts for SAKURA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers", + "refsource": "MISC", + "name": "https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers" + }, + { + "url": "https://jvn.jp/en/jp/JVN90560760/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN90560760/" } ] } diff --git a/2023/37xxx/CVE-2023-37289.json b/2023/37xxx/CVE-2023-37289.json index 3eac035acf0..f9fc95538d4 100644 --- a/2023/37xxx/CVE-2023-37289.json +++ b/2023/37xxx/CVE-2023-37289.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker to exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.\u00a0This issue affects Document On-line Submission and Approval System: 22547, 22567." + "value": "It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.\u00a0This issue affects Document On-line Submission and Approval System: 22547, 22567." } ] }, diff --git a/2023/37xxx/CVE-2023-37290.json b/2023/37xxx/CVE-2023-37290.json index 810773602bf..78164617adc 100644 --- a/2023/37xxx/CVE-2023-37290.json +++ b/2023/37xxx/CVE-2023-37290.json @@ -91,14 +91,14 @@ "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ] diff --git a/2023/3xxx/CVE-2023-3803.json b/2023/3xxx/CVE-2023-3803.json index d582829722a..bf396736852 100644 --- a/2023/3xxx/CVE-2023-3803.json +++ b/2023/3xxx/CVE-2023-3803.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235071. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /Service/ImageStationDataService.asmx der Komponente File Name Handler. Dank Manipulation mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330 Insufficiently Random Values", + "cweId": "CWE-330" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Chengdu", + "product": { + "product_data": [ + { + "product_name": "Flash Flood Disaster Monitoring and Warning System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.235071", + "refsource": "MISC", + "name": "https://vuldb.com/?id.235071" + }, + { + "url": "https://vuldb.com/?ctiid.235071", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.235071" + }, + { + "url": "https://github.com/GUIqizsq/cve/blob/main/upload_2.md", + "refsource": "MISC", + "name": "https://github.com/GUIqizsq/cve/blob/main/upload_2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "GUIqizsq (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.4, + "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" } ] } diff --git a/2023/3xxx/CVE-2023-3804.json b/2023/3xxx/CVE-2023-3804.json index f1d0cec46ad..1119c649d70 100644 --- a/2023/3xxx/CVE-2023-3804.json +++ b/2023/3xxx/CVE-2023-3804.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /Service/FileHandler.ashx. Mit der Manipulation des Arguments userFile mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Chengdu", + "product": { + "product_data": [ + { + "product_name": "Flash Flood Disaster Monitoring and Warning System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.235072", + "refsource": "MISC", + "name": "https://vuldb.com/?id.235072" + }, + { + "url": "https://vuldb.com/?ctiid.235072", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.235072" + }, + { + "url": "https://github.com/yueying638/cve/blob/main/upload.md", + "refsource": "MISC", + "name": "https://github.com/yueying638/cve/blob/main/upload.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yueying (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] }