diff --git a/2022/41xxx/CVE-2022-41976.json b/2022/41xxx/CVE-2022-41976.json index 08f84ac9fde..a357276af13 100644 --- a/2022/41xxx/CVE-2022-41976.json +++ b/2022/41xxx/CVE-2022-41976.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41976", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41976", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://scada-lts.org/", + "refsource": "MISC", + "name": "http://scada-lts.org/" + }, + { + "url": "https://github.com/SCADA-LTS/Scada-LTS/releases", + "refsource": "MISC", + "name": "https://github.com/SCADA-LTS/Scada-LTS/releases" + }, + { + "refsource": "MISC", + "name": "https://m3n0sd0n4ld.blogspot.com/2022/11/scada-lts-privilege-escalation-cve-2022.html", + "url": "https://m3n0sd0n4ld.blogspot.com/2022/11/scada-lts-privilege-escalation-cve-2022.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1381.json b/2023/1xxx/CVE-2023-1381.json index 117df23a3be..a6103cb3e1e 100644 --- a/2023/1xxx/CVE-2023-1381.json +++ b/2023/1xxx/CVE-2023-1381.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1381", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Meta SEO", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/f140a928-d297-4bd1-8552-bfebcedba536", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/f140a928-d297-4bd1-8552-bfebcedba536" + }, + { + "url": "https://blog.wpscan.com/uncovering-a-phar-deserialization-vulnerability-in-wp-meta-seo-and-escalating-to-rce/", + "refsource": "MISC", + "name": "https://blog.wpscan.com/uncovering-a-phar-deserialization-vulnerability-in-wp-meta-seo-and-escalating-to-rce/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Alex Sanford" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1966.json b/2023/1xxx/CVE-2023-1966.json new file mode 100644 index 00000000000..f789e0c2ac4 --- /dev/null +++ b/2023/1xxx/CVE-2023-1966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1967.json b/2023/1xxx/CVE-2023-1967.json new file mode 100644 index 00000000000..9ebaedeb22e --- /dev/null +++ b/2023/1xxx/CVE-2023-1967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1968.json b/2023/1xxx/CVE-2023-1968.json new file mode 100644 index 00000000000..1bd6ac44acb --- /dev/null +++ b/2023/1xxx/CVE-2023-1968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29375.json b/2023/29xxx/CVE-2023-29375.json index 3fb11ca3569..95d7bb22624 100644 --- a/2023/29xxx/CVE-2023-29375.json +++ b/2023/29xxx/CVE-2023-29375.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.progress.com/sitefinity-cms", + "refsource": "MISC", + "name": "https://www.progress.com/sitefinity-cms" + }, + { + "refsource": "MISC", + "name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023", + "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023" } ] } diff --git a/2023/29xxx/CVE-2023-29376.json b/2023/29xxx/CVE-2023-29376.json index a6df7390dec..df6827d574e 100644 --- a/2023/29xxx/CVE-2023-29376.json +++ b/2023/29xxx/CVE-2023-29376.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29376", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29376", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.progress.com/sitefinity-cms", + "refsource": "MISC", + "name": "https://www.progress.com/sitefinity-cms" + }, + { + "refsource": "MISC", + "name": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023", + "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023" } ] }