admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-12 14:00:34 +00:00
parent 5e0f93db54
commit f16dad1c90
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 312 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/26xxx/CVE-2022-26582.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root."
"value": "PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability."
}
]
},

85
2023/1xxx/CVE-2023-1874.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "peterschulznl",
"product": {
"product_data": [
{
"product_name": "WP Data Access",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.3.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f562e33-2aef-46f0-8a65-691155ede9e7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f562e33-2aef-46f0-8a65-691155ede9e7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.7/WPDataRoles/WPDA_Roles.php#L50",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.7/WPDataRoles/WPDA_Roles.php#L50"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles/WPDA_Roles.php#L50",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles/WPDA_Roles.php#L50"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles/WPDA_Roles.php#L23",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles/WPDA_Roles.php#L23"
}
]
},
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

61
2023/23xxx/CVE-2023-23591.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-23591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.terminalfour.com/articles/release-notes-highlights/",
"refsource": "MISC",
"name": "https://docs.terminalfour.com/articles/release-notes-highlights/"
},
{
"refsource": "MISC",
"name": "https://docs.terminalfour.com/release-notes/83/15.html",
"url": "https://docs.terminalfour.com/release-notes/83/15.html"
}
]
}

61
2023/27xxx/CVE-2023-27032.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html"
},
{
"refsource": "MISC",
"name": "https://friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.html",
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.html"
}
]
}

66
2023/27xxx/CVE-2023-27704.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing"
},
{
"url": "https://www.voidtools.com/en-us/downloads/",
"refsource": "MISC",
"name": "https://www.voidtools.com/en-us/downloads/"
},
{
"refsource": "MISC",
"name": "https://github.com/happy0717/CVE-2023-27704",
"url": "https://github.com/happy0717/CVE-2023-27704"
}
]
}

66
2023/27xxx/CVE-2023-27775.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://liveaction.com",
"refsource": "MISC",
"name": "http://liveaction.com"
},
{
"url": "http://livesp.com",
"refsource": "MISC",
"name": "http://livesp.com"
},
{
"refsource": "MISC",
"name": "https://github.com/marcovntr/CVE/blob/main/2023/CVE-2023-27775/CVE-2023-27775.md",
"url": "https://github.com/marcovntr/CVE/blob/main/2023/CVE-2023-27775/CVE-2023-27775.md"
}
]
}