Advisory Database Sync

advisories/unreviewed/2022/05/GHSA-25p6-jmrr-3hj2/GHSA-25p6-jmrr-3hj2.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-25p6-jmrr-3hj2",
-  "modified": "2022-05-24T17:20:04Z",
+  "modified": "2023-04-06T18:30:19Z",
   "published": "2022-05-24T17:20:04Z",
   "aliases": [
     "CVE-2020-11798"
   ],
   "details": "A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -25,11 +28,15 @@
     {
       "type": "WEB",
       "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171751/Mitel-MiCollab-AWV-8.1.2.4-9.1.3-Directory-Traversal-LFI.html"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-22"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-72qf-gj46-vcj3/GHSA-72qf-gj46-vcj3.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-72qf-gj46-vcj3",
-  "modified": "2022-05-24T17:29:14Z",
+  "modified": "2023-04-06T18:30:20Z",
   "published": "2022-05-24T17:29:14Z",
   "aliases": [
     "CVE-2019-15993"
   ],
   "details": "A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -21,11 +24,15 @@
     {
       "type": "WEB",
       "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-287"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-grmf-95cx-g4hc/GHSA-grmf-95cx-g4hc.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-grmf-95cx-g4hc",
-  "modified": "2022-05-24T17:14:00Z",
+  "modified": "2023-04-06T18:30:19Z",
   "published": "2022-05-24T17:14:00Z",
   "aliases": [
     "CVE-2020-5330"
   ],
   "details": "Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -21,11 +24,15 @@
     {
       "type": "WEB",
       "url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-200"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-j83j-hfqj-cf5p/GHSA-j83j-hfqj-cf5p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j83j-hfqj-cf5p",
-  "modified": "2022-05-13T01:02:58Z",
+  "modified": "2023-04-06T18:30:20Z",
   "published": "2022-05-13T01:02:58Z",
   "aliases": [
     "CVE-2019-9193"
@@ -48,6 +48,10 @@
     {
       "type": "WEB",
       "url": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2022/08/GHSA-x2p7-rrrj-3m2g/GHSA-x2p7-rrrj-3m2g.json

@@ -32,6 +32,10 @@
     {
       "type": "WEB",
       "url": "http://frappe.com"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171730/ERPNext-12.29-Cross-Site-Scripting.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2023/01/GHSA-fxw7-8r5q-w2v4/GHSA-fxw7-8r5q-w2v4.json

@@ -37,6 +37,10 @@
       "type": "WEB",
       "url": "http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html"
     },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html"
+    },
     {
       "type": "WEB",
       "url": "http://seclists.org/fulldisclosure/2023/Jan/1"

advisories/unreviewed/2023/02/GHSA-6g7q-j8xv-m8cg/GHSA-6g7q-j8xv-m8cg.json

@@ -32,6 +32,10 @@
     {
       "type": "WEB",
       "url": "https://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2023/02/GHSA-g55m-fv7q-p3f5/GHSA-g55m-fv7q-p3f5.json

@@ -28,6 +28,10 @@
     {
       "type": "WEB",
       "url": "https://www.provideserver.se/"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2023/02/GHSA-g5qh-f5rv-grcp/GHSA-g5qh-f5rv-grcp.json

@@ -44,6 +44,10 @@
     {
       "type": "WEB",
       "url": "https://www.metabaseq.com/imagemagick-zero-days/"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2023/02/GHSA-q3q6-m34m-pq3r/GHSA-q3q6-m34m-pq3r.json

@@ -32,6 +32,10 @@
     {
       "type": "WEB",
       "url": "https://medium.com/@_sadshade/file-extention-bypass-in-responsive-filemanager-9-5-5-leading-to-rce-authenticated-3290eddc54e7"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2023/02/GHSA-vmh2-v97v-w833/GHSA-vmh2-v97v-w833.json

@@ -32,6 +32,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2023/02/GHSA-vvqp-3hj4-rj73/GHSA-vvqp-3hj4-rj73.json

@@ -32,6 +32,10 @@
     {
       "type": "WEB",
       "url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2023/03/GHSA-2qgx-8w4f-jc5v/GHSA-2qgx-8w4f-jc5v.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2qgx-8w4f-jc5v",
-  "modified": "2023-03-30T12:30:14Z",
+  "modified": "2023-04-06T18:30:19Z",
   "published": "2023-03-30T12:30:14Z",
   "aliases": [
     "CVE-2023-28731"
   ],
   "details": "AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-434"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-03-30T12:15:00Z"

advisories/unreviewed/2023/03/GHSA-3452-rvwh-rv7h/GHSA-3452-rvwh-rv7h.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3452-rvwh-rv7h",
-  "modified": "2023-03-29T21:30:16Z",
+  "modified": "2023-04-06T18:30:18Z",
   "published": "2023-03-29T21:30:16Z",
   "aliases": [
     "CVE-2023-1656"
   ],
   "details": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-319"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-03-29T20:15:00Z"

advisories/unreviewed/2023/03/GHSA-345r-5qfx-4jpr/GHSA-345r-5qfx-4jpr.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-345r-5qfx-4jpr",
-  "modified": "2023-03-29T21:30:15Z",
+  "modified": "2023-04-06T18:30:19Z",
   "published": "2023-03-29T21:30:15Z",
   "aliases": [
     "CVE-2023-28509"
   ],
   "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-327"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-03-29T21:15:00Z"

advisories/unreviewed/2023/03/GHSA-366x-2hwp-qq45/GHSA-366x-2hwp-qq45.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-366x-2hwp-qq45",
-  "modified": "2023-03-29T21:30:20Z",
+  "modified": "2023-04-06T18:30:21Z",
   "published": "2023-03-29T21:30:20Z",
   "aliases": [
     "CVE-2022-37381"
   ],
   "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,10 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-787"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-03-29T19:15:00Z"

advisories/unreviewed/2023/03/GHSA-3jpf-c526-5cw2/GHSA-3jpf-c526-5cw2.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3jpf-c526-5cw2",
-  "modified": "2023-03-30T12:30:14Z",
+  "modified": "2023-04-06T18:30:19Z",
   "published": "2023-03-30T12:30:14Z",
   "aliases": [
     "CVE-2023-28733"
   ],
   "details": "AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-03-30T12:15:00Z"