diff --git a/2014/125xxx/CVE-2014-125104.json b/2014/125xxx/CVE-2014-125104.json index 9bb00098599..28933275415 100644 --- a/2014/125xxx/CVE-2014-125104.json +++ b/2014/125xxx/CVE-2014-125104.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2014-125104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263." + }, + { + "lang": "deu", + "value": "In VaultPress Plugin bis 1.6.0 f\u00fcr WordPress wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion protect_aioseo_ajax der Datei class.vaultpress-hotfixes.php der Komponente MailPoet Plugin. Dank der Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.6.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e3b92b14edca6291c5f998d54c90cbe98a1fb0e3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VaultPress Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + }, + { + "version_affected": "=", + "version_value": "1.1" + }, + { + "version_affected": "=", + "version_value": "1.2" + }, + { + "version_affected": "=", + "version_value": "1.3" + }, + { + "version_affected": "=", + "version_value": "1.4" + }, + { + "version_affected": "=", + "version_value": "1.5" + }, + { + "version_affected": "=", + "version_value": "1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.230263", + "refsource": "MISC", + "name": "https://vuldb.com/?id.230263" + }, + { + "url": "https://vuldb.com/?ctiid.230263", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.230263" + }, + { + "url": "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3" + }, + { + "url": "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2015/10xxx/CVE-2015-10109.json b/2015/10xxx/CVE-2015-10109.json index 4d0ed1fe0d7..577bb1b5567 100644 --- a/2015/10xxx/CVE-2015-10109.json +++ b/2015/10xxx/CVE-2015-10109.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-10109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Video Playlist and Gallery Plugin bis 1.136 f\u00fcr WordPress ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei wp-media-cincopa.php. Dank Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.137 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ee28e91f4d5404905204c43b7b84a8ffecad932e bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Video Playlist and Gallery Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.136" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.230264", + "refsource": "MISC", + "name": "https://vuldb.com/?id.230264" + }, + { + "url": "https://vuldb.com/?ctiid.230264", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.230264" + }, + { + "url": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e" + }, + { + "url": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/43xxx/CVE-2022-43760.json b/2022/43xxx/CVE-2022-43760.json index 57dd5510551..68905c6e871 100644 --- a/2022/43xxx/CVE-2022-43760.json +++ b/2022/43xxx/CVE-2022-43760.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is \nexecuted within another user's browser, allowing the attacker to steal \nsensitive information, manipulate web content, or perform other \nmalicious activities on behalf of the victims. This could result in a \nuser with write access to the affected areas being able to act on behalf\n of an administrator, once an administrator opens the affected web page.\n\n\nThis issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SUSE", + "product": { + "product_data": [ + { + "product_name": "Rancher", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": ">= 2.6.0", + "version_value": "< 2.6.13" + }, + { + "version_affected": "<", + "version_name": ">= 2.7.0", + "version_value": "< 2.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rancher/rancher/security/advisories/GHSA-46v3-ggjg-qq3x", + "refsource": "MISC", + "name": "https://github.com/rancher/rancher/security/advisories/GHSA-46v3-ggjg-qq3x" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "https://github.com/bybit-sec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/22xxx/CVE-2023-22647.json b/2023/22xxx/CVE-2023-22647.json index b56937c84f9..6a38529e3e4 100644 --- a/2023/22xxx/CVE-2023-22647.json +++ b/2023/22xxx/CVE-2023-22647.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local\n cluster, resulting in the secret being deleted, but their read-level \npermissions to the secret being preserved. When this operation was \nfollowed-up by other specially crafted commands, it could result in the \nuser gaining access to tokens belonging to service accounts in the local cluster.\n\n\nThis issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SUSE", + "product": { + "product_data": [ + { + "product_name": "Rancher", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": ">= 2.6.0", + "version_value": "< 2.6.13" + }, + { + "version_affected": "<", + "version_name": ">= 2.7.0", + "version_value": "< 2.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6", + "refsource": "MISC", + "name": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/22xxx/CVE-2023-22648.json b/2023/22xxx/CVE-2023-22648.json index 6aafd6878a6..3ce2e47beb3 100644 --- a/2023/22xxx/CVE-2023-22648.json +++ b/2023/22xxx/CVE-2023-22648.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users \nwhile they are logged in the Rancher UI. This would cause the users to \nretain their previous permissions in Rancher, even if they change groups\n on Azure AD, for example, to a lower privileged group, or are removed \nfrom a group, thus retaining their access to Rancher instead of losing \nit.\nThis issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SUSE", + "product": { + "product_data": [ + { + "product_name": "Rancher", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": ">= 2.6.7", + "version_value": "< 2.6.13" + }, + { + "version_affected": "<", + "version_name": ">= 2.7.0", + "version_value": "< 2.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8", + "refsource": "MISC", + "name": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "https://github.com/yvespp" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33544.json b/2023/33xxx/CVE-2023-33544.json index f0eae9f96f2..28b5713d25b 100644 --- a/2023/33xxx/CVE-2023-33544.json +++ b/2023/33xxx/CVE-2023-33544.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33544", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33544", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hawtio/hawtio/issues/2832", + "refsource": "MISC", + "name": "https://github.com/hawtio/hawtio/issues/2832" } ] } diff --git a/2023/33xxx/CVE-2023-33546.json b/2023/33xxx/CVE-2023-33546.json index ab771a0958e..108a8f0658b 100644 --- a/2023/33xxx/CVE-2023-33546.json +++ b/2023/33xxx/CVE-2023-33546.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33546", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33546", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/janino-compiler/janino/issues/201", + "refsource": "MISC", + "name": "https://github.com/janino-compiler/janino/issues/201" } ] }