From dffcc88c0cbe03b10ba9680eb5da95971537df09 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 29 Dec 2023 13:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/50xxx/CVE-2023-50761.json | 5 ++ 2023/50xxx/CVE-2023-50762.json | 5 ++ 2023/50xxx/CVE-2023-50878.json | 113 +++++++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50902.json | 113 +++++++++++++++++++++++++++-- 2023/51xxx/CVE-2023-51354.json | 113 +++++++++++++++++++++++++++-- 2023/51xxx/CVE-2023-51358.json | 113 +++++++++++++++++++++++++++-- 2023/51xxx/CVE-2023-51378.json | 113 +++++++++++++++++++++++++++-- 2023/51xxx/CVE-2023-51402.json | 113 +++++++++++++++++++++++++++-- 2023/51xxx/CVE-2023-51422.json | 85 ++++++++++++++++++++-- 2023/51xxx/CVE-2023-51470.json | 85 ++++++++++++++++++++-- 2023/51xxx/CVE-2023-51505.json | 113 +++++++++++++++++++++++++++-- 2023/51xxx/CVE-2023-51545.json | 122 ++++++++++++++++++++++++++++++-- 2023/51xxx/CVE-2023-51676.json | 113 +++++++++++++++++++++++++++-- 2023/52xxx/CVE-2023-52205.json | 18 +++++ 2023/52xxx/CVE-2023-52206.json | 18 +++++ 2023/52xxx/CVE-2023-52207.json | 18 +++++ 2023/52xxx/CVE-2023-52208.json | 18 +++++ 2023/52xxx/CVE-2023-52209.json | 18 +++++ 2023/52xxx/CVE-2023-52210.json | 18 +++++ 2023/52xxx/CVE-2023-52211.json | 18 +++++ 2023/52xxx/CVE-2023-52212.json | 18 +++++ 2023/52xxx/CVE-2023-52213.json | 18 +++++ 2023/52xxx/CVE-2023-52214.json | 18 +++++ 2023/52xxx/CVE-2023-52215.json | 18 +++++ 2023/52xxx/CVE-2023-52216.json | 18 +++++ 2023/52xxx/CVE-2023-52217.json | 18 +++++ 2023/52xxx/CVE-2023-52218.json | 18 +++++ 2023/52xxx/CVE-2023-52219.json | 18 +++++ 2023/6xxx/CVE-2023-6856.json | 10 +++ 2023/6xxx/CVE-2023-6857.json | 10 +++ 2023/6xxx/CVE-2023-6858.json | 10 +++ 2023/6xxx/CVE-2023-6859.json | 10 +++ 2023/6xxx/CVE-2023-6860.json | 10 +++ 2023/6xxx/CVE-2023-6861.json | 10 +++ 2023/6xxx/CVE-2023-6862.json | 10 +++ 2023/6xxx/CVE-2023-6863.json | 5 ++ 2023/6xxx/CVE-2023-6864.json | 10 +++ 2023/6xxx/CVE-2023-6865.json | 5 ++ 2023/6xxx/CVE-2023-6867.json | 5 ++ 2023/6xxx/CVE-2023-6873.json | 5 ++ 2023/7xxx/CVE-2023-7078.json | 10 +-- 2023/7xxx/CVE-2023-7079.json | 4 +- 2023/7xxx/CVE-2023-7080.json | 2 +- 2023/7xxx/CVE-2023-7113.json | 125 +++++++++++++++++++++++++++++++-- 2023/7xxx/CVE-2023-7114.json | 117 ++++++++++++++++++++++++++++-- 2023/7xxx/CVE-2023-7171.json | 18 +++++ 46 files changed, 1792 insertions(+), 60 deletions(-) create mode 100644 2023/52xxx/CVE-2023-52205.json create mode 100644 2023/52xxx/CVE-2023-52206.json create mode 100644 2023/52xxx/CVE-2023-52207.json create mode 100644 2023/52xxx/CVE-2023-52208.json create mode 100644 2023/52xxx/CVE-2023-52209.json create mode 100644 2023/52xxx/CVE-2023-52210.json create mode 100644 2023/52xxx/CVE-2023-52211.json create mode 100644 2023/52xxx/CVE-2023-52212.json create mode 100644 2023/52xxx/CVE-2023-52213.json create mode 100644 2023/52xxx/CVE-2023-52214.json create mode 100644 2023/52xxx/CVE-2023-52215.json create mode 100644 2023/52xxx/CVE-2023-52216.json create mode 100644 2023/52xxx/CVE-2023-52217.json create mode 100644 2023/52xxx/CVE-2023-52218.json create mode 100644 2023/52xxx/CVE-2023-52219.json create mode 100644 2023/7xxx/CVE-2023-7171.json diff --git a/2023/50xxx/CVE-2023-50761.json b/2023/50xxx/CVE-2023-50761.json index 27f654d9fcb..c3fc5b26780 100644 --- a/2023/50xxx/CVE-2023-50761.json +++ b/2023/50xxx/CVE-2023-50761.json @@ -68,6 +68,11 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/50xxx/CVE-2023-50762.json b/2023/50xxx/CVE-2023-50762.json index 236ae5b624c..f2a7674bff8 100644 --- a/2023/50xxx/CVE-2023-50762.json +++ b/2023/50xxx/CVE-2023-50762.json @@ -68,6 +68,11 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/50xxx/CVE-2023-50878.json b/2023/50xxx/CVE-2023-50878.json index be421fd1b5b..7ed6142dc80 100644 --- a/2023/50xxx/CVE-2023-50878.json +++ b/2023/50xxx/CVE-2023-50878.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50878", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "InspireUI", + "product": { + "product_data": [ + { + "product_name": "MStore API", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.10.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.10.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mstore-api/wordpress-mstore-api-plugin-4-10-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mstore-api/wordpress-mstore-api-plugin-4-10-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.10.2 or a higher version." + } + ], + "value": "Update to\u00a04.10.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50902.json b/2023/50xxx/CVE-2023-50902.json index 46fc3d0dc24..b98748ef560 100644 --- a/2023/50xxx/CVE-2023-50902.json +++ b/2023/50xxx/CVE-2023-50902.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPExpertsio", + "product": { + "product_data": [ + { + "product_name": "New User Approve", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.5.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.5.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/new-user-approve/wordpress-new-user-approve-plugin-2-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/new-user-approve/wordpress-new-user-approve-plugin-2-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.5.2 or a higher version." + } + ], + "value": "Update to\u00a02.5.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "FearZzZz (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51354.json b/2023/51xxx/CVE-2023-51354.json index b4a01b4c5b2..c9ae70e9db7 100644 --- a/2023/51xxx/CVE-2023-51354.json +++ b/2023/51xxx/CVE-2023-51354.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin \u2013 Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin \u2013 Webba Booking: from n/a through 4.5.33.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WebbaPlugins", + "product": { + "product_data": [ + { + "product_name": "Appointment & Event Booking Calendar Plugin \u2013 Webba Booking", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.5.33", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/webba-booking-lite/wordpress-webba-booking-plugin-4-5-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/webba-booking-lite/wordpress-webba-booking-plugin-4-5-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 5.0 or a higher version." + } + ], + "value": "Update to\u00a05.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Skalucy (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51358.json b/2023/51xxx/CVE-2023-51358.json index 3b4de7438f9..05615f03d19 100644 --- a/2023/51xxx/CVE-2023-51358.json +++ b/2023/51xxx/CVE-2023-51358.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bright Plugins", + "product": { + "product_data": [ + { + "product_name": "Block IPs for Gravity Forms", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/gf-block-ips/wordpress-block-ips-for-gravity-forms-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/gf-block-ips/wordpress-block-ips-for-gravity-forms-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.2 or a higher version." + } + ], + "value": "Update to\u00a01.0.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Nguyen Xuan Chien (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51378.json b/2023/51xxx/CVE-2023-51378.json index 4d6b973bed1..ba386643f60 100644 --- a/2023/51xxx/CVE-2023-51378.json +++ b/2023/51xxx/CVE-2023-51378.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks \u2013 A Complete Gutenberg Page Builder.This issue affects Rise Blocks \u2013 A Complete Gutenberg Page Builder: from n/a through 3.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rise Themes", + "product": { + "product_data": [ + { + "product_name": "Rise Blocks \u2013 A Complete Gutenberg Page Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/rise-blocks/wordpress-rise-blocks-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/rise-blocks/wordpress-rise-blocks-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.2 or a higher version." + } + ], + "value": "Update to\u00a03.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "emad (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51402.json b/2023/51xxx/CVE-2023-51402.json index 3fb5f54558c..5b4feacbead 100644 --- a/2023/51xxx/CVE-2023-51402.json +++ b/2023/51xxx/CVE-2023-51402.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brain Storm Force", + "product": { + "product_data": [ + { + "product_name": "Ultimate Addons for WPBakery Page Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.19.18", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.19.17", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.19.18 or a higher version." + } + ], + "value": "Update to\u00a03.19.18 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51422.json b/2023/51xxx/CVE-2023-51422.json index 8691e796e5a..abf6a57cfcb 100644 --- a/2023/51xxx/CVE-2023-51422.json +++ b/2023/51xxx/CVE-2023-51422.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Saleswonder Team", + "product": { + "product_data": [ + { + "product_name": "Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.05.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51470.json b/2023/51xxx/CVE-2023-51470.json index a067b2da634..7405c34e4d1 100644 --- a/2023/51xxx/CVE-2023-51470.json +++ b/2023/51xxx/CVE-2023-51470.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre \u2013 Dating Site.This issue affects Rencontre \u2013 Dating Site: from n/a through 3.11.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jacques Malgrange", + "product": { + "product_data": [ + { + "product_name": "Rencontre \u2013 Dating Site", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51505.json b/2023/51xxx/CVE-2023-51505.json index 3e7b88208d1..eef04c00eda 100644 --- a/2023/51xxx/CVE-2023-51505.json +++ b/2023/51xxx/CVE-2023-51505.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "realmag777", + "product": { + "product_data": [ + { + "product_name": "Active Products Tables for WooCommerce. Professional products tables for WooCommerce store ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.6.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.6.1 or a higher version." + } + ], + "value": "Update to\u00a01.0.6.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51545.json b/2023/51xxx/CVE-2023-51545.json index 089d11e7846..13b94a7198f 100644 --- a/2023/51xxx/CVE-2023-51545.json +++ b/2023/51xxx/CVE-2023-51545.json @@ -1,17 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career \u2013 Manage job board listings, and recruitments.This issue affects Job Manager & Career \u2013 Manage job board listings, and recruitments: from n/a through 1.4.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThemeHigh", + "product": { + "product_data": [ + { + "product_name": "Job Manager & Career \u2013 Manage job board listings, and recruitments", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.4.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.4.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.4.5 or a higher version." + } + ], + "value": "Update to\u00a01.4.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51676.json b/2023/51xxx/CVE-2023-51676.json index 9530994b0ad..b44af621d88 100644 --- a/2023/51xxx/CVE-2023-51676.json +++ b/2023/51xxx/CVE-2023-51676.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Leevio", + "product": { + "product_data": [ + { + "product_name": "Happy Addons for Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.10.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.9.1.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-9-1-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-9-1-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.10.0 or a higher version." + } + ], + "value": "Update to\u00a03.10.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Yuchen Ji (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/52xxx/CVE-2023-52205.json b/2023/52xxx/CVE-2023-52205.json new file mode 100644 index 00000000000..b803d1b8111 --- /dev/null +++ b/2023/52xxx/CVE-2023-52205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52206.json b/2023/52xxx/CVE-2023-52206.json new file mode 100644 index 00000000000..05566b64b54 --- /dev/null +++ b/2023/52xxx/CVE-2023-52206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52207.json b/2023/52xxx/CVE-2023-52207.json new file mode 100644 index 00000000000..e29c67ce535 --- /dev/null +++ b/2023/52xxx/CVE-2023-52207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52208.json b/2023/52xxx/CVE-2023-52208.json new file mode 100644 index 00000000000..f5ca5da9234 --- /dev/null +++ b/2023/52xxx/CVE-2023-52208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52209.json b/2023/52xxx/CVE-2023-52209.json new file mode 100644 index 00000000000..a06b0f7528e --- /dev/null +++ b/2023/52xxx/CVE-2023-52209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52210.json b/2023/52xxx/CVE-2023-52210.json new file mode 100644 index 00000000000..f8310eea331 --- /dev/null +++ b/2023/52xxx/CVE-2023-52210.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52210", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52211.json b/2023/52xxx/CVE-2023-52211.json new file mode 100644 index 00000000000..4a616830ad1 --- /dev/null +++ b/2023/52xxx/CVE-2023-52211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52212.json b/2023/52xxx/CVE-2023-52212.json new file mode 100644 index 00000000000..c3590dda64b --- /dev/null +++ b/2023/52xxx/CVE-2023-52212.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52212", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52213.json b/2023/52xxx/CVE-2023-52213.json new file mode 100644 index 00000000000..fdd790d9c49 --- /dev/null +++ b/2023/52xxx/CVE-2023-52213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52214.json b/2023/52xxx/CVE-2023-52214.json new file mode 100644 index 00000000000..e1b8df150e0 --- /dev/null +++ b/2023/52xxx/CVE-2023-52214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52215.json b/2023/52xxx/CVE-2023-52215.json new file mode 100644 index 00000000000..3329678b07e --- /dev/null +++ b/2023/52xxx/CVE-2023-52215.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52215", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52216.json b/2023/52xxx/CVE-2023-52216.json new file mode 100644 index 00000000000..37bde2e8b6b --- /dev/null +++ b/2023/52xxx/CVE-2023-52216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52217.json b/2023/52xxx/CVE-2023-52217.json new file mode 100644 index 00000000000..eb0f23a334f --- /dev/null +++ b/2023/52xxx/CVE-2023-52217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52218.json b/2023/52xxx/CVE-2023-52218.json new file mode 100644 index 00000000000..7bdadea3e23 --- /dev/null +++ b/2023/52xxx/CVE-2023-52218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52219.json b/2023/52xxx/CVE-2023-52219.json new file mode 100644 index 00000000000..61765c73c59 --- /dev/null +++ b/2023/52xxx/CVE-2023-52219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6856.json b/2023/6xxx/CVE-2023-6856.json index 07a94058d1c..5a10b0316fc 100644 --- a/2023/6xxx/CVE-2023-6856.json +++ b/2023/6xxx/CVE-2023-6856.json @@ -107,6 +107,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6857.json b/2023/6xxx/CVE-2023-6857.json index 36e9dbdbee3..d1afd697d79 100644 --- a/2023/6xxx/CVE-2023-6857.json +++ b/2023/6xxx/CVE-2023-6857.json @@ -107,6 +107,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6858.json b/2023/6xxx/CVE-2023-6858.json index c088b684d78..24a9b5a3a92 100644 --- a/2023/6xxx/CVE-2023-6858.json +++ b/2023/6xxx/CVE-2023-6858.json @@ -107,6 +107,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6859.json b/2023/6xxx/CVE-2023-6859.json index 06e4470c645..1db2985bc57 100644 --- a/2023/6xxx/CVE-2023-6859.json +++ b/2023/6xxx/CVE-2023-6859.json @@ -107,6 +107,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6860.json b/2023/6xxx/CVE-2023-6860.json index 3c22ac5da5a..7f1909a03a1 100644 --- a/2023/6xxx/CVE-2023-6860.json +++ b/2023/6xxx/CVE-2023-6860.json @@ -107,6 +107,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6861.json b/2023/6xxx/CVE-2023-6861.json index 5998f62f4dc..5f200443583 100644 --- a/2023/6xxx/CVE-2023-6861.json +++ b/2023/6xxx/CVE-2023-6861.json @@ -107,6 +107,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6862.json b/2023/6xxx/CVE-2023-6862.json index 9cb6a776ec8..2f26b346cc5 100644 --- a/2023/6xxx/CVE-2023-6862.json +++ b/2023/6xxx/CVE-2023-6862.json @@ -90,6 +90,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6863.json b/2023/6xxx/CVE-2023-6863.json index 157412f5767..ce8de21796e 100644 --- a/2023/6xxx/CVE-2023-6863.json +++ b/2023/6xxx/CVE-2023-6863.json @@ -102,6 +102,11 @@ "url": "https://www.debian.org/security/2023/dsa-5581", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5581" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6864.json b/2023/6xxx/CVE-2023-6864.json index 9e570a271d9..7181a1dbe1a 100644 --- a/2023/6xxx/CVE-2023-6864.json +++ b/2023/6xxx/CVE-2023-6864.json @@ -107,6 +107,16 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6865.json b/2023/6xxx/CVE-2023-6865.json index 3a3ba0ce3d1..51caafbb73c 100644 --- a/2023/6xxx/CVE-2023-6865.json +++ b/2023/6xxx/CVE-2023-6865.json @@ -85,6 +85,11 @@ "url": "https://www.debian.org/security/2023/dsa-5581", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5581" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6867.json b/2023/6xxx/CVE-2023-6867.json index f42ef9570a1..c302fca4a8c 100644 --- a/2023/6xxx/CVE-2023-6867.json +++ b/2023/6xxx/CVE-2023-6867.json @@ -85,6 +85,11 @@ "url": "https://www.debian.org/security/2023/dsa-5581", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5581" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6873.json b/2023/6xxx/CVE-2023-6873.json index e6defba479b..0070ccb3278 100644 --- a/2023/6xxx/CVE-2023-6873.json +++ b/2023/6xxx/CVE-2023-6873.json @@ -68,6 +68,11 @@ "url": "https://www.debian.org/security/2023/dsa-5582", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5582" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] }, diff --git a/2023/7xxx/CVE-2023-7078.json b/2023/7xxx/CVE-2023-7078.json index ab88b48d35d..6447b05fe38 100644 --- a/2023/7xxx/CVE-2023-7078.json +++ b/2023/7xxx/CVE-2023-7078.json @@ -98,7 +98,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "discovery": "UNKNOWN" + "discovery": "INTERNAL" }, "work_around": [ { @@ -116,7 +116,7 @@ "credits": [ { "lang": "en", - "value": "Lekensteyn" + "value": " Peter Wu (Lekensteyn)" } ], "impact": { @@ -125,14 +125,14 @@ "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", - "baseScore": 8, + "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" } ] diff --git a/2023/7xxx/CVE-2023-7079.json b/2023/7xxx/CVE-2023-7079.json index f6d5a9022c5..09a94024ad3 100644 --- a/2023/7xxx/CVE-2023-7079.json +++ b/2023/7xxx/CVE-2023-7079.json @@ -103,7 +103,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "discovery": "UNKNOWN" + "discovery": "INTERNAL" }, "work_around": [ { @@ -121,7 +121,7 @@ "credits": [ { "lang": "en", - "value": " Lekensteyn" + "value": " Peter Wu (Lekensteyn)" } ], "impact": { diff --git a/2023/7xxx/CVE-2023-7080.json b/2023/7xxx/CVE-2023-7080.json index 710182f48cc..5e060d3e907 100644 --- a/2023/7xxx/CVE-2023-7080.json +++ b/2023/7xxx/CVE-2023-7080.json @@ -155,7 +155,7 @@ "credits": [ { "lang": "en", - "value": "Lekensteyn" + "value": " Peter Wu (Lekensteyn)" } ], "impact": { diff --git a/2023/7xxx/CVE-2023-7113.json b/2023/7xxx/CVE-2023-7113.json index 5384a24132b..4886c4280a2 100644 --- a/2023/7xxx/CVE-2023-7113.json +++ b/2023/7xxx/CVE-2023-7113.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "8.1.6", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.2.0", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "8.1.7" + }, + { + "status": "unaffected", + "version": "9.2.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "MMSA-2023-00266", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-53187" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update Mattermost Server to versions 8.1.7, 9.2.0 or higher.

" + } + ], + "value": "Update Mattermost Server to versions 8.1.7, 9.2.0 or higher.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Juho Nurminen" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/7xxx/CVE-2023-7114.json b/2023/7xxx/CVE-2023-7114.json index 89da0f0a561..886616e2528 100644 --- a/2023/7xxx/CVE-2023-7114.json +++ b/2023/7xxx/CVE-2023-7114.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.10.0", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "2.10.0", + "status": "unaffected", + "version": "2.10.1 ", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "MMSA-2023-00253", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-53901" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update Mattermost Mobile Apps to version 2.10.1 or higher.

" + } + ], + "value": "Update Mattermost Mobile Apps to version 2.10.1 or higher.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "DoyenSec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/7xxx/CVE-2023-7171.json b/2023/7xxx/CVE-2023-7171.json new file mode 100644 index 00000000000..4f361f4f3fd --- /dev/null +++ b/2023/7xxx/CVE-2023-7171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-7171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file