diff --git a/2022/40xxx/CVE-2022-40201.json b/2022/40xxx/CVE-2022-40201.json index facd5ac1dbb..b16374405d7 100644 --- a/2022/40xxx/CVE-2022-40201.json +++ b/2022/40xxx/CVE-2022-40201.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code." + "value": "\nBentley Systems MicroStation Connect\u00a0versions \n\n10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a\u00a0malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code." } ] }, @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<=", + "version_name": "0", + "version_value": "10.17.0.209" } ] } @@ -58,6 +59,11 @@ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01", "refsource": "MISC", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01" + }, + { + "url": "https://www.bentley.com/advisories/be-2023-0003/", + "refsource": "MISC", + "name": "https://www.bentley.com/advisories/be-2023-0003/" } ] }, diff --git a/2022/41xxx/CVE-2022-41613.json b/2022/41xxx/CVE-2022-41613.json index 2e577eeb995..0b2b80c1b29 100644 --- a/2022/41xxx/CVE-2022-41613.json +++ b/2022/41xxx/CVE-2022-41613.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code." + "value": "\nBentley Systems MicroStation Connect\u00a0versions \n\n10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when\u00a0when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.\n\n" } ] }, @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<=", + "version_name": "0", + "version_value": "10.17.0.209" } ] } @@ -58,6 +59,11 @@ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01", "refsource": "MISC", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01" + }, + { + "url": "https://www.bentley.com/advisories/be-2023-0003/", + "refsource": "MISC", + "name": "https://www.bentley.com/advisories/be-2023-0003/" } ] }, diff --git a/2023/41xxx/CVE-2023-41032.json b/2023/41xxx/CVE-2023-41032.json index feab7a6ab92..aa2c0e87808 100644 --- a/2023/41xxx/CVE-2023-41032.json +++ b/2023/41xxx/CVE-2023-41032.json @@ -118,6 +118,11 @@ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf" + }, + { + "url": "https://www.bentley.com/advisories/be-2023-0004/", + "refsource": "MISC", + "name": "https://www.bentley.com/advisories/be-2023-0004/" } ] }, diff --git a/2023/44xxx/CVE-2023-44764.json b/2023/44xxx/CVE-2023-44764.json index fce7043648f..fb3e4ee1c57 100644 --- a/2023/44xxx/CVE-2023-44764.json +++ b/2023/44xxx/CVE-2023-44764.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings." + "value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings)." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation", "refsource": "MISC", "name": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes", + "url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes" } ] } diff --git a/2023/46xxx/CVE-2023-46045.json b/2023/46xxx/CVE-2023-46045.json index f92991a918c..48566fa7b9c 100644 --- a/2023/46xxx/CVE-2023-46045.json +++ b/2023/46xxx/CVE-2023-46045.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46045", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/graphviz/graphviz/-/issues/2441", + "refsource": "MISC", + "name": "https://gitlab.com/graphviz/graphviz/-/issues/2441" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2024/Jan/73", + "url": "https://seclists.org/fulldisclosure/2024/Jan/73" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2024/02/01/2", + "url": "https://www.openwall.com/lists/oss-security/2024/02/01/2" } ] } diff --git a/2024/1xxx/CVE-2024-1047.json b/2024/1xxx/CVE-2024-1047.json index 731a41eef6b..433d614ce24 100644 --- a/2024/1xxx/CVE-2024-1047.json +++ b/2024/1xxx/CVE-2024-1047.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "themeisle", + "product": { + "product_data": [ + { + "product_name": "Orbit Fox by ThemeIsle", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.10.28" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1162.json b/2024/1xxx/CVE-2024-1162.json index cb462c97233..c3169663844 100644 --- a/2024/1xxx/CVE-2024-1162.json +++ b/2024/1xxx/CVE-2024-1162.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "themeisle", + "product": { + "product_data": [ + { + "product_name": "Orbit Fox by ThemeIsle", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.10.29" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] }