From c836837072d5318f14766f86cadaeada0407124a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 28 Jul 2023 05:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0958.json | 349 ++++++++++++++++++++++++++++++++- 2023/28xxx/CVE-2023-28203.json | 54 ++++- 2023/32xxx/CVE-2023-32427.json | 54 ++++- 2023/32xxx/CVE-2023-32444.json | 64 +++++- 2023/32xxx/CVE-2023-32445.json | 127 +++++++++++- 2023/32xxx/CVE-2023-32654.json | 54 ++++- 2023/34xxx/CVE-2023-34425.json | 103 +++++++++- 2023/36xxx/CVE-2023-36495.json | 115 ++++++++++- 2023/37xxx/CVE-2023-37285.json | 81 +++++++- 2023/38xxx/CVE-2023-38571.json | 64 +++++- 2023/38xxx/CVE-2023-38590.json | 120 +++++++++++- 2023/38xxx/CVE-2023-38592.json | 105 +++++++++- 2023/38xxx/CVE-2023-38598.json | 120 +++++++++++- 2023/38xxx/CVE-2023-38599.json | 127 +++++++++++- 2023/38xxx/CVE-2023-38601.json | 64 +++++- 2023/38xxx/CVE-2023-38604.json | 120 +++++++++++- 2023/38xxx/CVE-2023-38609.json | 54 ++++- 2023/3xxx/CVE-2023-3977.json | 349 ++++++++++++++++++++++++++++++++- 2023/3xxx/CVE-2023-3985.json | 96 ++++++++- 2023/3xxx/CVE-2023-3986.json | 96 ++++++++- 20 files changed, 2236 insertions(+), 80 deletions(-) diff --git a/2023/0xxx/CVE-2023-0958.json b/2023/0xxx/CVE-2023-0958.json index abeb87657f0..7baa4c5b908 100644 --- a/2023/0xxx/CVE-2023-0958.json +++ b/2023/0xxx/CVE-2023-0958.json @@ -1,17 +1,358 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "steve85b", + "product": { + "product_data": [ + { + "product_name": "SSL Mixed Content Fix", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.3" + } + ] + } + } + ] + } + }, + { + "vendor_name": "copydeleteposts", + "product": { + "product_data": [ + { + "product_name": "Duplicate Post", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.9" + } + ] + } + } + ] + } + }, + { + "vendor_name": "socialsharepro", + "product": { + "product_data": [ + { + "product_name": "Social Share Icons & Social Share Buttons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.5.7" + } + ] + } + } + ] + } + }, + { + "vendor_name": "cl272", + "product": { + "product_data": [ + { + "product_name": "Ultimate Posts Widget", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.2.4" + } + ] + } + }, + { + "product_name": "Enhanced Text Widget", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.5.7" + } + ] + } + } + ] + } + }, + { + "vendor_name": "migrate", + "product": { + "product_data": [ + { + "product_name": "Backup Migration", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.2.7" + } + ] + } + }, + { + "product_name": "Clone", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.3.7" + } + ] + } + } + ] + } + }, + { + "vendor_name": "popups", + "product": { + "product_data": [ + { + "product_name": "Pop-up", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.9" + } + ] + } + } + ] + } + }, + { + "vendor_name": "socialdude", + "product": { + "product_data": [ + { + "product_name": "Redirection", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.3" + } + ] + } + }, + { + "product_name": "Social Media Share Buttons & Social Sharing Icons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.8.1" + } + ] + } + } + ] + } + }, + { + "vendor_name": "s-feeds", + "product": { + "product_data": [ + { + "product_name": "RSS Redirect & Feedburner Alternative", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Chloe Chamberland" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/28xxx/CVE-2023-28203.json b/2023/28xxx/CVE-2023-28203.json index 57ec1389681..2abbd6f1f43 100644 --- a/2023/28xxx/CVE-2023-28203.json +++ b/2023/28xxx/CVE-2023-28203.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access contacts" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Apple Music for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213833", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213833" } ] } diff --git a/2023/32xxx/CVE-2023-32427.json b/2023/32xxx/CVE-2023-32427.json index 3c5cd772f49..c67d1f292bc 100644 --- a/2023/32xxx/CVE-2023-32427.json +++ b/2023/32xxx/CVE-2023-32427.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker in a privileged network position may be able to intercept network traffic" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Apple Music for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213833", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213833" } ] } diff --git a/2023/32xxx/CVE-2023-32444.json b/2023/32xxx/CVE-2023-32444.json index 97805a908db..eecc0c14490 100644 --- a/2023/32xxx/CVE-2023-32444.json +++ b/2023/32xxx/CVE-2023-32444.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A sandboxed process may be able to circumvent sandbox restrictions" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" } ] } diff --git a/2023/32xxx/CVE-2023-32445.json b/2023/32xxx/CVE-2023-32445.json index adfe8cff0d7..0375d4d4417 100644 --- a/2023/32xxx/CVE-2023-32445.json +++ b/2023/32xxx/CVE-2023-32445.json @@ -1,17 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a document may lead to a cross site scripting attack" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213847", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213847" + }, + { + "url": "https://support.apple.com/en-us/HT213846", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213846" + }, + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/32xxx/CVE-2023-32654.json b/2023/32xxx/CVE-2023-32654.json index 97e29adeff9..2b2a8749a9d 100644 --- a/2023/32xxx/CVE-2023-32654.json +++ b/2023/32xxx/CVE-2023-32654.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user may be able to read information belonging to another user" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" } ] } diff --git a/2023/34xxx/CVE-2023-34425.json b/2023/34xxx/CVE-2023-34425.json index d6e9049d880..c79084fe688 100644 --- a/2023/34xxx/CVE-2023-34425.json +++ b/2023/34xxx/CVE-2023-34425.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34425", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/36xxx/CVE-2023-36495.json b/2023/36xxx/CVE-2023-36495.json index 0af6eeca8de..1ab6b6f5600 100644 --- a/2023/36xxx/CVE-2023-36495.json +++ b/2023/36xxx/CVE-2023-36495.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213846", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213846" + }, + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/37xxx/CVE-2023-37285.json b/2023/37xxx/CVE-2023-37285.json index 4a0a3c8c2ca..9629b9a8b78 100644 --- a/2023/37xxx/CVE-2023-37285.json +++ b/2023/37xxx/CVE-2023-37285.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37285", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" } ] } diff --git a/2023/38xxx/CVE-2023-38571.json b/2023/38xxx/CVE-2023-38571.json index 7149f69a51d..bd331ce381b 100644 --- a/2023/38xxx/CVE-2023-38571.json +++ b/2023/38xxx/CVE-2023-38571.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" } ] } diff --git a/2023/38xxx/CVE-2023-38590.json b/2023/38xxx/CVE-2023-38590.json index c28ccb12ae9..72e0352797b 100644 --- a/2023/38xxx/CVE-2023-38590.json +++ b/2023/38xxx/CVE-2023-38590.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote user may be able to cause unexpected system termination or corrupt kernel memory" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213846", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213846" + }, + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/38xxx/CVE-2023-38592.json b/2023/38xxx/CVE-2023-38592.json index 377ab2044b6..7984bf1a90e 100644 --- a/2023/38xxx/CVE-2023-38592.json +++ b/2023/38xxx/CVE-2023-38592.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213846", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213846" + }, + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/38xxx/CVE-2023-38598.json b/2023/38xxx/CVE-2023-38598.json index 5ac733ee22e..51d3f6f745a 100644 --- a/2023/38xxx/CVE-2023-38598.json +++ b/2023/38xxx/CVE-2023-38598.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213846", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213846" + }, + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/38xxx/CVE-2023-38599.json b/2023/38xxx/CVE-2023-38599.json index af795974ca8..049e5d005e5 100644 --- a/2023/38xxx/CVE-2023-38599.json +++ b/2023/38xxx/CVE-2023-38599.json @@ -1,17 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A website may be able to track sensitive user information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213847", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213847" + }, + { + "url": "https://support.apple.com/en-us/HT213846", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213846" + }, + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/38xxx/CVE-2023-38601.json b/2023/38xxx/CVE-2023-38601.json index a3138038355..db4c567a65d 100644 --- a/2023/38xxx/CVE-2023-38601.json +++ b/2023/38xxx/CVE-2023-38601.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" } ] } diff --git a/2023/38xxx/CVE-2023-38604.json b/2023/38xxx/CVE-2023-38604.json index 7baab0ac4e7..77b5092c719 100644 --- a/2023/38xxx/CVE-2023-38604.json +++ b/2023/38xxx/CVE-2023-38604.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "16.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213846", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213846" + }, + { + "url": "https://support.apple.com/en-us/HT213841", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213841" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" + }, + { + "url": "https://support.apple.com/en-us/HT213842", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213842" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213845" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213844" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213848" } ] } diff --git a/2023/38xxx/CVE-2023-38609.json b/2023/38xxx/CVE-2023-38609.json index 7322b95b6b9..f7ec4acb6af 100644 --- a/2023/38xxx/CVE-2023-38609.json +++ b/2023/38xxx/CVE-2023-38609.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass certain Privacy preferences" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "13.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT213843" } ] } diff --git a/2023/3xxx/CVE-2023-3977.json b/2023/3xxx/CVE-2023-3977.json index b045ec3f988..2a32cc98f29 100644 --- a/2023/3xxx/CVE-2023-3977.json +++ b/2023/3xxx/CVE-2023-3977.json @@ -1,17 +1,358 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "steve85b", + "product": { + "product_data": [ + { + "product_name": "SSL Mixed Content Fix", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.3" + } + ] + } + } + ] + } + }, + { + "vendor_name": "copydeleteposts", + "product": { + "product_data": [ + { + "product_name": "Duplicate Post", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.9" + } + ] + } + } + ] + } + }, + { + "vendor_name": "socialsharepro", + "product": { + "product_data": [ + { + "product_name": "Social Share Icons & Social Share Buttons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.5.7" + } + ] + } + } + ] + } + }, + { + "vendor_name": "cl272", + "product": { + "product_data": [ + { + "product_name": "Ultimate Posts Widget", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.2.4" + } + ] + } + }, + { + "product_name": "Enhanced Text Widget", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.5.7" + } + ] + } + } + ] + } + }, + { + "vendor_name": "migrate", + "product": { + "product_data": [ + { + "product_name": "Backup Migration", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.2.7" + } + ] + } + }, + { + "product_name": "Clone", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.3.7" + } + ] + } + } + ] + } + }, + { + "vendor_name": "popups", + "product": { + "product_data": [ + { + "product_name": "Pop-up", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.9" + } + ] + } + } + ] + } + }, + { + "vendor_name": "socialdude", + "product": { + "product_data": [ + { + "product_name": "Redirection", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.3" + } + ] + } + }, + { + "product_name": "Social Media Share Buttons & Social Sharing Icons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.8.1" + } + ] + } + } + ] + } + }, + { + "vendor_name": "s-feeds", + "product": { + "product_data": [ + { + "product_name": "RSS Redirect & Feedburner Alternative", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Chloe Chamberland" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3985.json b/2023/3xxx/CVE-2023-3985.json index 4b79509190f..93ec6edd10b 100644 --- a/2023/3xxx/CVE-2023-3985.json +++ b/2023/3xxx/CVE-2023-3985.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Online Jewelry Store 1.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei login.php. Durch Manipulieren des Arguments username/password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Jewelry Store", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.235606", + "refsource": "MISC", + "name": "https://vuldb.com/?id.235606" + }, + { + "url": "https://vuldb.com/?ctiid.235606", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.235606" + }, + { + "url": "https://github.com/MaxLiu98/Jewelry-Store-System/blob/main/Jewelry%20Store%20System%20login.php%20has%20Sqlinjection.pdf", + "refsource": "MISC", + "name": "https://github.com/MaxLiu98/Jewelry-Store-System/blob/main/Jewelry%20Store%20System%20login.php%20has%20Sqlinjection.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Pak43 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "HIGH" } ] } diff --git a/2023/3xxx/CVE-2023-3986.json b/2023/3xxx/CVE-2023-3986.json index 9e3294d8ea7..ff070345482 100644 --- a/2023/3xxx/CVE-2023-3986.json +++ b/2023/3xxx/CVE-2023-3986.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in SourceCodester Simple Online Mens Salon Management System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei /admin/?page=user/list. Durch das Beeinflussen des Arguments First Name/Last Name/Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Online Mens Salon Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.235607", + "refsource": "MISC", + "name": "https://vuldb.com/?id.235607" + }, + { + "url": "https://vuldb.com/?ctiid.235607", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.235607" + }, + { + "url": "https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/Stored%20XSS", + "refsource": "MISC", + "name": "https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/Stored%20XSS" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "draco (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseSeverity": "LOW" } ] }