diff --git a/2023/27xxx/CVE-2023-27471.json b/2023/27xxx/CVE-2023-27471.json index 58e5824a3ed..4aadcbababe 100644 --- a/2023/27xxx/CVE-2023-27471.json +++ b/2023/27xxx/CVE-2023-27471.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27471", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27471", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.insyde.com/security-pledge/SA-2023036", + "url": "https://www.insyde.com/security-pledge/SA-2023036" } ] } diff --git a/2023/38xxx/CVE-2023-38890.json b/2023/38xxx/CVE-2023-38890.json index 48f32182d0d..e318916153d 100644 --- a/2023/38xxx/CVE-2023-38890.json +++ b/2023/38xxx/CVE-2023-38890.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38890", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38890", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/akshadjoshi/CVE-2023-38890", + "url": "https://github.com/akshadjoshi/CVE-2023-38890" } ] } diff --git a/2023/38xxx/CVE-2023-38902.json b/2023/38xxx/CVE-2023-38902.json index 291d932efad..912f5c28e92 100644 --- a/2023/38xxx/CVE-2023-38902.json +++ b/2023/38xxx/CVE-2023-38902.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://ruijie.com", - "refsource": "MISC", - "name": "http://ruijie.com" - }, - { - "url": "http://rg-ew.com", - "refsource": "MISC", - "name": "http://rg-ew.com" - }, { "refsource": "MISC", "name": "https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37", diff --git a/2023/38xxx/CVE-2023-38910.json b/2023/38xxx/CVE-2023-38910.json index 858c046910c..5e548435c4a 100644 --- a/2023/38xxx/CVE-2023-38910.json +++ b/2023/38xxx/CVE-2023-38910.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38910", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38910", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/desencrypt/CVE/tree/main/CVE-2023-", + "url": "https://github.com/desencrypt/CVE/tree/main/CVE-2023-" } ] } diff --git a/2023/38xxx/CVE-2023-38911.json b/2023/38xxx/CVE-2023-38911.json index f9e49156e27..aad806b298d 100644 --- a/2023/38xxx/CVE-2023-38911.json +++ b/2023/38xxx/CVE-2023-38911.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38911", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38911", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/desencrypt/CVE/tree/main/CVE-2023-1", + "refsource": "MISC", + "name": "https://github.com/desencrypt/CVE/tree/main/CVE-2023-1" + }, + { + "refsource": "MISC", + "name": "https://github.com/desencrypt/CVE/blob/main/CVE-2023-1/Readme.md", + "url": "https://github.com/desencrypt/CVE/blob/main/CVE-2023-1/Readme.md" } ] } diff --git a/2023/4xxx/CVE-2023-4422.json b/2023/4xxx/CVE-2023-4422.json new file mode 100644 index 00000000000..a9ac76737a9 --- /dev/null +++ b/2023/4xxx/CVE-2023-4422.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-4422", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cockpit-hq", + "product": { + "product_data": [ + { + "product_name": "cockpit-hq/cockpit", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/2e12b773-b6a2-48da-a4bb-55d5d1307d2e", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/2e12b773-b6a2-48da-a4bb-55d5d1307d2e" + }, + { + "url": "https://github.com/cockpit-hq/cockpit/commit/b8dad5e070608bb5e4ec58fabbee101b5af737cf", + "refsource": "MISC", + "name": "https://github.com/cockpit-hq/cockpit/commit/b8dad5e070608bb5e4ec58fabbee101b5af737cf" + } + ] + }, + "source": { + "advisory": "2e12b773-b6a2-48da-a4bb-55d5d1307d2e", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file