From de80ccd526af3f8ae5ef04a86ee219860c3fb554 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 3 Nov 2023 13:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/45xxx/CVE-2022-45805.json | 97 +++++++++++++- 2022/46xxx/CVE-2022-46808.json | 97 +++++++++++++- 2022/46xxx/CVE-2022-46859.json | 97 +++++++++++++- 2022/47xxx/CVE-2022-47426.json | 69 +++++++++- 2022/47xxx/CVE-2022-47445.json | 69 +++++++++- 2023/25xxx/CVE-2023-25960.json | 113 +++++++++++++++- 2023/26xxx/CVE-2023-26015.json | 97 +++++++++++++- 2023/3xxx/CVE-2023-3961.json | 232 ++++++++++++++++++++++++++++++++- 2023/46xxx/CVE-2023-46947.json | 56 +++++++- 2023/47xxx/CVE-2023-47223.json | 18 +++ 2023/47xxx/CVE-2023-47224.json | 18 +++ 2023/47xxx/CVE-2023-47225.json | 18 +++ 2023/47xxx/CVE-2023-47226.json | 18 +++ 2023/47xxx/CVE-2023-47227.json | 18 +++ 2023/47xxx/CVE-2023-47228.json | 18 +++ 2023/47xxx/CVE-2023-47229.json | 18 +++ 2023/47xxx/CVE-2023-47230.json | 18 +++ 2023/47xxx/CVE-2023-47231.json | 18 +++ 2023/47xxx/CVE-2023-47232.json | 18 +++ 2023/5xxx/CVE-2023-5707.json | 85 +++++++++++- 2023/5xxx/CVE-2023-5945.json | 79 ++++++++++- 2023/5xxx/CVE-2023-5951.json | 18 +++ 2023/5xxx/CVE-2023-5952.json | 18 +++ 23 files changed, 1255 insertions(+), 52 deletions(-) create mode 100644 2023/47xxx/CVE-2023-47223.json create mode 100644 2023/47xxx/CVE-2023-47224.json create mode 100644 2023/47xxx/CVE-2023-47225.json create mode 100644 2023/47xxx/CVE-2023-47226.json create mode 100644 2023/47xxx/CVE-2023-47227.json create mode 100644 2023/47xxx/CVE-2023-47228.json create mode 100644 2023/47xxx/CVE-2023-47229.json create mode 100644 2023/47xxx/CVE-2023-47230.json create mode 100644 2023/47xxx/CVE-2023-47231.json create mode 100644 2023/47xxx/CVE-2023-47232.json create mode 100644 2023/5xxx/CVE-2023-5951.json create mode 100644 2023/5xxx/CVE-2023-5952.json diff --git a/2022/45xxx/CVE-2022-45805.json b/2022/45xxx/CVE-2022-45805.json index f5fb76b9f3e..322cf6bf303 100644 --- a/2022/45xxx/CVE-2022-45805.json +++ b/2022/45xxx/CVE-2022-45805.json @@ -1,18 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Paytm", + "product": { + "product_data": [ + { + "product_name": "Paytm Payment Gateway", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.7.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.7.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-3-auth-sql-injection-sqli-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-3-auth-sql-injection-sqli-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.7.7 or a higher version." + } + ], + "value": "Update to\u00a02.7.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Aman Rawat (Patchstack Alliance)" + } + ] } \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46808.json b/2022/46xxx/CVE-2022-46808.json index 6e1e788f16a..c314ffafd4c 100644 --- a/2022/46xxx/CVE-2022-46808.json +++ b/2022/46xxx/CVE-2022-46808.json @@ -1,18 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Repute Infosystems", + "product": { + "product_data": [ + { + "product_name": "ARMember", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.4.11", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-3-4-11-sql-injection?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-3-4-11-sql-injection?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.0 or a higher version." + } + ], + "value": "Update to\u00a04.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ] } \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46859.json b/2022/46xxx/CVE-2022-46859.json index 6f15397cec4..61f9a93032d 100644 --- a/2022/46xxx/CVE-2022-46859.json +++ b/2022/46xxx/CVE-2022-46859.json @@ -1,18 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spiffy Plugins", + "product": { + "product_data": [ + { + "product_name": "Spiffy Calendar", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.9.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.9.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-1-auth-sql-injection-sqli-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-1-auth-sql-injection-sqli-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.9.2 or a higher version." + } + ], + "value": "Update to\u00a04.9.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Justiice (Patchstack Alliance)" + } + ] } \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47426.json b/2022/47xxx/CVE-2022-47426.json index c297463f7ab..04750592ec7 100644 --- a/2022/47xxx/CVE-2022-47426.json +++ b/2022/47xxx/CVE-2022-47426.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Neshan Maps Platform", + "product": { + "product_data": [ + { + "product_name": "Neshan Maps", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/neshan-maps/wordpress-neshan-maps-plugin-1-1-4-sql-injection?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/neshan-maps/wordpress-neshan-maps-plugin-1-1-4-sql-injection?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "minhtuanact (Patchstack Alliance)" + } + ] } \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47445.json b/2022/47xxx/CVE-2022-47445.json index edb2d23231f..6f3f2fc170a 100644 --- a/2022/47xxx/CVE-2022-47445.json +++ b/2022/47xxx/CVE-2022-47445.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Web-X", + "product": { + "product_data": [ + { + "product_name": "Be POPIA Compliant", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/be-popia-compliant/wordpress-be-popia-compliant-plugin-1-2-0-sql-injection?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/be-popia-compliant/wordpress-be-popia-compliant-plugin-1-2-0-sql-injection?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "TEAM WEBoB of BoB 11th (Patchstack Alliance)" + } + ] } \ No newline at end of file diff --git a/2023/25xxx/CVE-2023-25960.json b/2023/25xxx/CVE-2023-25960.json index 739e1481585..13e340071af 100644 --- a/2023/25xxx/CVE-2023-25960.json +++ b/2023/25xxx/CVE-2023-25960.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop \u2013 Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop \u2013 Global Dropshipping: from n/a through 1.0.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zendrop", + "product": { + "product_data": [ + { + "product_name": "Zendrop \u2013 Global Dropshipping", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/zendrop-dropshipping-and-fulfillment/wordpress-zendrop-global-dropshipping-plugin-1-0-0-arbitrary-code-execution?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/zendrop-dropshipping-and-fulfillment/wordpress-zendrop-global-dropshipping-plugin-1-0-0-arbitrary-code-execution?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.1 or a higher version." + } + ], + "value": "Update to\u00a01.0.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/26xxx/CVE-2023-26015.json b/2023/26xxx/CVE-2023-26015.json index 6bd9d861339..8bcf3b0e473 100644 --- a/2023/26xxx/CVE-2023-26015.json +++ b/2023/26xxx/CVE-2023-26015.json @@ -1,18 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Chris Richardson", + "product": { + "product_data": [ + { + "product_name": "MapPress Maps for WordPress", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.85.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.85.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mappress-google-maps-for-wordpress/wordpress-mappress-maps-for-wordpress-plugin-2-85-4-authenticated-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mappress-google-maps-for-wordpress/wordpress-mappress-maps-for-wordpress-plugin-2-85-4-authenticated-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.85.5 or a higher version." + } + ], + "value": "Update to\u00a02.85.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ] } \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3961.json b/2023/3xxx/CVE-2023-3961.json index 32a2c385760..87705d044d6 100644 --- a/2023/3xxx/CVE-2023-3961.json +++ b/2023/3xxx/CVE-2023-3961.json @@ -1,17 +1,241 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.1", + "status": "unaffected" + }, + { + "version": "4.18.8", + "status": "unaffected" + }, + { + "version": "4.17.12", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.15.5-111.el9_0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Storage 3", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:6209", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:6209" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3961", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-3961" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241881", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2241881" + }, + { + "url": "https://bugzilla.samba.org/show_bug.cgi?id=15422", + "refsource": "MISC", + "name": "https://bugzilla.samba.org/show_bug.cgi?id=15422" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2023-3961.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2023-3961.html" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46947.json b/2023/46xxx/CVE-2023-46947.json index 90613020e40..0cfdd5e3729 100644 --- a/2023/46xxx/CVE-2023-46947.json +++ b/2023/46xxx/CVE-2023-46947.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46947", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46947", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Subrion 4.2.1 has a remote command execution vulnerability in the backend." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/intelliants/subrion/issues/909", + "refsource": "MISC", + "name": "https://github.com/intelliants/subrion/issues/909" } ] } diff --git a/2023/47xxx/CVE-2023-47223.json b/2023/47xxx/CVE-2023-47223.json new file mode 100644 index 00000000000..66562dbaf7d --- /dev/null +++ b/2023/47xxx/CVE-2023-47223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47224.json b/2023/47xxx/CVE-2023-47224.json new file mode 100644 index 00000000000..66aad6b207b --- /dev/null +++ b/2023/47xxx/CVE-2023-47224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47225.json b/2023/47xxx/CVE-2023-47225.json new file mode 100644 index 00000000000..ba71183c763 --- /dev/null +++ b/2023/47xxx/CVE-2023-47225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47226.json b/2023/47xxx/CVE-2023-47226.json new file mode 100644 index 00000000000..500b9f2eb2d --- /dev/null +++ b/2023/47xxx/CVE-2023-47226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47227.json b/2023/47xxx/CVE-2023-47227.json new file mode 100644 index 00000000000..2fa367dc6ce --- /dev/null +++ b/2023/47xxx/CVE-2023-47227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47228.json b/2023/47xxx/CVE-2023-47228.json new file mode 100644 index 00000000000..75d95838759 --- /dev/null +++ b/2023/47xxx/CVE-2023-47228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47229.json b/2023/47xxx/CVE-2023-47229.json new file mode 100644 index 00000000000..21bcaa27a6f --- /dev/null +++ b/2023/47xxx/CVE-2023-47229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47230.json b/2023/47xxx/CVE-2023-47230.json new file mode 100644 index 00000000000..750b9fa01f0 --- /dev/null +++ b/2023/47xxx/CVE-2023-47230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47231.json b/2023/47xxx/CVE-2023-47231.json new file mode 100644 index 00000000000..e436522e72f --- /dev/null +++ b/2023/47xxx/CVE-2023-47231.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47231", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47232.json b/2023/47xxx/CVE-2023-47232.json new file mode 100644 index 00000000000..9b3c79fe974 --- /dev/null +++ b/2023/47xxx/CVE-2023-47232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5707.json b/2023/5xxx/CVE-2023-5707.json index d8a35145ef5..80ba20dbb1e 100644 --- a/2023/5xxx/CVE-2023-5707.json +++ b/2023/5xxx/CVE-2023-5707.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "seothemes", + "product": { + "product_data": [ + { + "product_name": "SEO Slider", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/32bc88a7-93ed-4d67-9383-b6d935a0df4d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/32bc88a7-93ed-4d67-9383-b6d935a0df4d?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/seo-slider/trunk/includes/shortcode.php?rev=2367856#L68", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/seo-slider/trunk/includes/shortcode.php?rev=2367856#L68" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/seo-slider/trunk/includes/shortcode.php?rev=2367856#L71", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/seo-slider/trunk/includes/shortcode.php?rev=2367856#L71" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2987802/seo-slider#file3", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2987802/seo-slider#file3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/5xxx/CVE-2023-5945.json b/2023/5xxx/CVE-2023-5945.json index 1ffef91e9b8..c1b05601f0f 100644 --- a/2023/5xxx/CVE-2023-5945.json +++ b/2023/5xxx/CVE-2023-5945.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nik00726", + "product": { + "product_data": [ + { + "product_name": "video carousel slider with lightbox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc052b00-65a7-4668-8bdd-b06d69d12a4a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc052b00-65a7-4668-8bdd-b06d69d12a4a?source=cve" + }, + { + "url": "https://github.com/wp-plugins/wp-responsive-video-gallery-with-lightbox/blob/master/wp-responsive-video-gallery-with-lightbox.php", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/wp-responsive-video-gallery-with-lightbox/blob/master/wp-responsive-video-gallery-with-lightbox.php" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-video-gallery-with-lightbox/tags/1.0.1/wp-responsive-video-gallery-with-lightbox.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-responsive-video-gallery-with-lightbox/tags/1.0.1/wp-responsive-video-gallery-with-lightbox.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ala Arfaoui" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/5xxx/CVE-2023-5951.json b/2023/5xxx/CVE-2023-5951.json new file mode 100644 index 00000000000..4775e2c03ad --- /dev/null +++ b/2023/5xxx/CVE-2023-5951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5952.json b/2023/5xxx/CVE-2023-5952.json new file mode 100644 index 00000000000..a53cbf3ba37 --- /dev/null +++ b/2023/5xxx/CVE-2023-5952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file