diff --git a/2020/18xxx/CVE-2020-18280.json b/2020/18xxx/CVE-2020-18280.json
index 0ff3e443125..457e54dfba4 100644
--- a/2020/18xxx/CVE-2020-18280.json
+++ b/2020/18xxx/CVE-2020-18280.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2020-18280",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2020-18280",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/phodal/md/issues/20",
+ "refsource": "MISC",
+ "name": "https://github.com/phodal/md/issues/20"
}
]
}
diff --git a/2020/23xxx/CVE-2020-23362.json b/2020/23xxx/CVE-2020-23362.json
index 4b446c3ccfd..0b0d1f330de 100644
--- a/2020/23xxx/CVE-2020-23362.json
+++ b/2020/23xxx/CVE-2020-23362.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2020-23362",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2020-23362",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/huyiwill/shopcms_lang/issues/1",
+ "refsource": "MISC",
+ "name": "https://github.com/huyiwill/shopcms_lang/issues/1"
}
]
}
diff --git a/2020/23xxx/CVE-2020-23363.json b/2020/23xxx/CVE-2020-23363.json
index 73e5c7b0a83..a8298a2e511 100644
--- a/2020/23xxx/CVE-2020-23363.json
+++ b/2020/23xxx/CVE-2020-23363.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2020-23363",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2020-23363",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/Verytops/verydows/issues/17",
+ "refsource": "MISC",
+ "name": "https://github.com/Verytops/verydows/issues/17"
}
]
}
diff --git a/2021/31xxx/CVE-2021-31240.json b/2021/31xxx/CVE-2021-31240.json
index ce40c7f4a3b..4569fb37746 100644
--- a/2021/31xxx/CVE-2021-31240.json
+++ b/2021/31xxx/CVE-2021-31240.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2021-31240",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2021-31240",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/libming/libming/issues/218",
+ "refsource": "MISC",
+ "name": "https://github.com/libming/libming/issues/218"
}
]
}
diff --git a/2021/31xxx/CVE-2021-31711.json b/2021/31xxx/CVE-2021-31711.json
index 8207f3c82b3..752af564e84 100644
--- a/2021/31xxx/CVE-2021-31711.json
+++ b/2021/31xxx/CVE-2021-31711.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2021-31711",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2021-31711",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/trippo/ResponsiveFilemanager/issues/661",
+ "refsource": "MISC",
+ "name": "https://github.com/trippo/ResponsiveFilemanager/issues/661"
}
]
}
diff --git a/2023/25xxx/CVE-2023-25834.json b/2023/25xxx/CVE-2023-25834.json
index 03005cc7bb8..0d0e7bfaf3a 100644
--- a/2023/25xxx/CVE-2023-25834.json
+++ b/2023/25xxx/CVE-2023-25834.json
@@ -1,17 +1,110 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25834",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@esri.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-269 Improper Privilege Management",
+ "cweId": "CWE-269"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Esri",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Portal for ArcGIS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "10.9.1",
+ "version_value": "<="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/",
+ "refsource": "MISC",
+ "name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/"
+ },
+ {
+ "url": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095",
+ "refsource": "MISC",
+ "name": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administr",
+ "defect": [
+ "CVE-2023-25834"
+ ],
+ "discovery": "INTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Install Portal for ArcGIS Security 2023 Update 1
"
+ }
+ ],
+ "value": "Install P ortal for ArcGIS Security 2023 Update 1 https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/ \n"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/2xxx/CVE-2023-2601.json b/2023/2xxx/CVE-2023-2601.json
new file mode 100644
index 00000000000..ce267a9edb3
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2601.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2601",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/2xxx/CVE-2023-2602.json b/2023/2xxx/CVE-2023-2602.json
new file mode 100644
index 00000000000..291eaf01f38
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2602.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2602",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/2xxx/CVE-2023-2603.json b/2023/2xxx/CVE-2023-2603.json
new file mode 100644
index 00000000000..3b65151eaec
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2603.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2603",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/2xxx/CVE-2023-2604.json b/2023/2xxx/CVE-2023-2604.json
new file mode 100644
index 00000000000..f4bd01d62ae
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2604.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2604",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/2xxx/CVE-2023-2605.json b/2023/2xxx/CVE-2023-2605.json
new file mode 100644
index 00000000000..d8f832a63b3
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2605.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2605",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/2xxx/CVE-2023-2606.json b/2023/2xxx/CVE-2023-2606.json
new file mode 100644
index 00000000000..0f0f425ad6e
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2606.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2606",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/30xxx/CVE-2023-30083.json b/2023/30xxx/CVE-2023-30083.json
index c865a437963..da2db560bf1 100644
--- a/2023/30xxx/CVE-2023-30083.json
+++ b/2023/30xxx/CVE-2023-30083.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-30083",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-30083",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/libming/libming/issues/266",
+ "refsource": "MISC",
+ "name": "https://github.com/libming/libming/issues/266"
}
]
}
diff --git a/2023/30xxx/CVE-2023-30084.json b/2023/30xxx/CVE-2023-30084.json
index 286af9b9d02..6939a35cc97 100644
--- a/2023/30xxx/CVE-2023-30084.json
+++ b/2023/30xxx/CVE-2023-30084.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-30084",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-30084",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/libming/libming/issues/268",
+ "refsource": "MISC",
+ "name": "https://github.com/libming/libming/issues/268"
}
]
}
diff --git a/2023/30xxx/CVE-2023-30085.json b/2023/30xxx/CVE-2023-30085.json
index e653f2a192b..f45ef027741 100644
--- a/2023/30xxx/CVE-2023-30085.json
+++ b/2023/30xxx/CVE-2023-30085.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-30085",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-30085",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/libming/libming/issues/267",
+ "refsource": "MISC",
+ "name": "https://github.com/libming/libming/issues/267"
}
]
}
diff --git a/2023/30xxx/CVE-2023-30086.json b/2023/30xxx/CVE-2023-30086.json
index 9dd2e4a6fba..3c58d842fcc 100644
--- a/2023/30xxx/CVE-2023-30086.json
+++ b/2023/30xxx/CVE-2023-30086.json
@@ -1,17 +1,71 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-30086",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-30086",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://libtiff-release-v4-0-7.com",
+ "refsource": "MISC",
+ "name": "http://libtiff-release-v4-0-7.com"
+ },
+ {
+ "url": "http://tiffcp.com",
+ "refsource": "MISC",
+ "name": "http://tiffcp.com"
+ },
+ {
+ "url": "https://gitlab.com/libtiff/libtiff/-/issues/538",
+ "refsource": "MISC",
+ "name": "https://gitlab.com/libtiff/libtiff/-/issues/538"
}
]
}
diff --git a/2023/30xxx/CVE-2023-30087.json b/2023/30xxx/CVE-2023-30087.json
index d93c2e34608..bcb1248c663 100644
--- a/2023/30xxx/CVE-2023-30087.json
+++ b/2023/30xxx/CVE-2023-30087.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-30087",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-30087",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/cesanta/mjs/issues/244",
+ "refsource": "MISC",
+ "name": "https://github.com/cesanta/mjs/issues/244"
}
]
}
diff --git a/2023/30xxx/CVE-2023-30088.json b/2023/30xxx/CVE-2023-30088.json
index c4424a8e2f0..67d301fecc4 100644
--- a/2023/30xxx/CVE-2023-30088.json
+++ b/2023/30xxx/CVE-2023-30088.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-30088",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-30088",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/cesanta/mjs/issues/243",
+ "refsource": "MISC",
+ "name": "https://github.com/cesanta/mjs/issues/243"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31144.json b/2023/31xxx/CVE-2023-31144.json
index 0b51d0fa59c..d64b774b29a 100644
--- a/2023/31xxx/CVE-2023-31144.json
+++ b/2023/31xxx/CVE-2023-31144.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31144",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "craftcms",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "cms",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": ">= 3.0.0, < 3.8.4"
+ },
+ {
+ "version_affected": "=",
+ "version_value": ">= 4.0.0, < 4.4.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6",
+ "refsource": "MISC",
+ "name": "https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6"
+ },
+ {
+ "url": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442",
+ "refsource": "MISC",
+ "name": "https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-j4mx-98hw-6rv6",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31476.json b/2023/31xxx/CVE-2023-31476.json
index c1922f361f4..8dc81d7f426 100644
--- a/2023/31xxx/CVE-2023-31476.json
+++ b/2023/31xxx/CVE-2023-31476.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31476",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31476",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gl-inet.com",
+ "refsource": "MISC",
+ "name": "https://www.gl-inet.com"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md",
+ "url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31489.json b/2023/31xxx/CVE-2023-31489.json
index 559913f4765..b7031a55627 100644
--- a/2023/31xxx/CVE-2023-31489.json
+++ b/2023/31xxx/CVE-2023-31489.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31489",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31489",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/FRRouting/frr/issues/13098",
+ "refsource": "MISC",
+ "name": "https://github.com/FRRouting/frr/issues/13098"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31490.json b/2023/31xxx/CVE-2023-31490.json
index 57603a46c37..b60e123dd1b 100644
--- a/2023/31xxx/CVE-2023-31490.json
+++ b/2023/31xxx/CVE-2023-31490.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31490",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31490",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/FRRouting/frr/issues/13099",
+ "refsource": "MISC",
+ "name": "https://github.com/FRRouting/frr/issues/13099"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31799.json b/2023/31xxx/CVE-2023-31799.json
index 7f68844b07c..ad2339230d1 100644
--- a/2023/31xxx/CVE-2023-31799.json
+++ b/2023/31xxx/CVE-2023-31799.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31799",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31799",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-99-2023-04-11-Low-impact-Low-risk-XSS-in-system-announcements",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-99-2023-04-11-Low-impact-Low-risk-XSS-in-system-announcements"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31800.json b/2023/31xxx/CVE-2023-31800.json
index 101940bbda4..9c67b4a02a5 100644
--- a/2023/31xxx/CVE-2023-31800.json
+++ b/2023/31xxx/CVE-2023-31800.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31800",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31800",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-102-2023-04-11-Low-impact-Moderate-risk-XSS-in-forum-titles",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-102-2023-04-11-Low-impact-Moderate-risk-XSS-in-forum-titles"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31801.json b/2023/31xxx/CVE-2023-31801.json
index ea4e3eb2650..35bbb56fc50 100644
--- a/2023/31xxx/CVE-2023-31801.json
+++ b/2023/31xxx/CVE-2023-31801.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31801",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31801",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-97-2023-04-11-Low-impact-High-risk-XSS-in-skills-wheel",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-97-2023-04-11-Low-impact-High-risk-XSS-in-skills-wheel"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31802.json b/2023/31xxx/CVE-2023-31802.json
index 1b57a5749a0..435d45f58c2 100644
--- a/2023/31xxx/CVE-2023-31802.json
+++ b/2023/31xxx/CVE-2023-31802.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31802",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31802",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-104-2023-04-11-Moderate-impact-High-risk-XSS-in-personal-profile",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-104-2023-04-11-Moderate-impact-High-risk-XSS-in-personal-profile"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31803.json b/2023/31xxx/CVE-2023-31803.json
index 34c0f08337e..4cee7f90e05 100644
--- a/2023/31xxx/CVE-2023-31803.json
+++ b/2023/31xxx/CVE-2023-31803.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31803",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31803",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-100-2023-04-11-Low-impact-Low-risk-XSS-in-resources-sequencing",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-100-2023-04-11-Low-impact-Low-risk-XSS-in-resources-sequencing"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31804.json b/2023/31xxx/CVE-2023-31804.json
index de266059ab6..2300a5d71f2 100644
--- a/2023/31xxx/CVE-2023-31804.json
+++ b/2023/31xxx/CVE-2023-31804.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31804",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31804",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-96-2023-04-06-Low-impact-Moderate-risk-XSS-in-course-categories",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-96-2023-04-06-Low-impact-Moderate-risk-XSS-in-course-categories"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31805.json b/2023/31xxx/CVE-2023-31805.json
index 41d763add6a..5dbb42782b9 100644
--- a/2023/31xxx/CVE-2023-31805.json
+++ b/2023/31xxx/CVE-2023-31805.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31805",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31805",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-98-2023-04-11-Low-impact-Low-risk-XSS-in-homepage-edition",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-98-2023-04-11-Low-impact-Low-risk-XSS-in-homepage-edition"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31806.json b/2023/31xxx/CVE-2023-31806.json
index cb32e59c6ad..8d43297b6b5 100644
--- a/2023/31xxx/CVE-2023-31806.json
+++ b/2023/31xxx/CVE-2023-31806.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31806",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31806",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-103-2023-04-11-Low-impact-Moderate-risk-XSS-in-My-progress-tab",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-103-2023-04-11-Low-impact-Moderate-risk-XSS-in-My-progress-tab"
}
]
}
diff --git a/2023/31xxx/CVE-2023-31807.json b/2023/31xxx/CVE-2023-31807.json
index 4b4d491e92f..c3ef620b3cc 100644
--- a/2023/31xxx/CVE-2023-31807.json
+++ b/2023/31xxx/CVE-2023-31807.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31807",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31807",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://chamilo.com",
+ "refsource": "MISC",
+ "name": "http://chamilo.com"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-101-2023-04-11-Low-impact-Low-risk-XSS-in-personal-notes-and-teacher-notes",
+ "refsource": "MISC",
+ "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-101-2023-04-11-Low-impact-Low-risk-XSS-in-personal-notes-and-teacher-notes"
}
]
}
diff --git a/2023/32xxx/CVE-2023-32066.json b/2023/32xxx/CVE-2023-32066.json
index 05f70a92982..be116127d00 100644
--- a/2023/32xxx/CVE-2023-32066.json
+++ b/2023/32xxx/CVE-2023-32066.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32066",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "anuko",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "timetracker",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 1.22.12.5783"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/anuko/timetracker/security/advisories/GHSA-jw2g-8wvp-9frw",
+ "refsource": "MISC",
+ "name": "https://github.com/anuko/timetracker/security/advisories/GHSA-jw2g-8wvp-9frw"
+ },
+ {
+ "url": "https://github.com/anuko/timetracker/commit/093cfe158099704ffd4a1624be217f9935e914eb",
+ "refsource": "MISC",
+ "name": "https://github.com/anuko/timetracker/commit/093cfe158099704ffd4a1624be217f9935e914eb"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-jw2g-8wvp-9frw",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/32xxx/CVE-2023-32069.json b/2023/32xxx/CVE-2023-32069.json
index e9e1ca9103a..8f5aa78d81d 100644
--- a/2023/32xxx/CVE-2023-32069.json
+++ b/2023/32xxx/CVE-2023-32069.json
@@ -1,17 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32069",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-863: Incorrect Authorization",
+ "cweId": "CWE-863"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "xwiki",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "xwiki-platform",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": ">= 3.3-milestone-3, < 14.10.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f",
+ "refsource": "MISC",
+ "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4",
+ "refsource": "MISC",
+ "name": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20566",
+ "refsource": "MISC",
+ "name": "https://jira.xwiki.org/browse/XWIKI-20566"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-36fm-j33w-c25f",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 10,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/32xxx/CVE-2023-32071.json b/2023/32xxx/CVE-2023-32071.json
index 4190a22789c..ef7483aa9fb 100644
--- a/2023/32xxx/CVE-2023-32071.json
+++ b/2023/32xxx/CVE-2023-32071.json
@@ -1,17 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32071",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-116: Improper Encoding or Escaping of Output",
+ "cweId": "CWE-116"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "xwiki",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "xwiki-platform",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": ">= 2.2-milestone-1, < 14.4.8"
+ },
+ {
+ "version_affected": "=",
+ "version_value": ">= 14.5, < 14.10.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm",
+ "refsource": "MISC",
+ "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01",
+ "refsource": "MISC",
+ "name": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01"
+ },
+ {
+ "url": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK",
+ "refsource": "MISC",
+ "name": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20340",
+ "refsource": "MISC",
+ "name": "https://jira.xwiki.org/browse/XWIKI-20340"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-j9h5-vcgv-2jfm",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}