From 5936969dbe1c46cf397bcfff9b75a412a01ee483 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Thu, 6 Apr 2023 18:31:38 +0000 Subject: [PATCH] Advisory Database Sync --- .../GHSA-25p6-jmrr-3hj2.json | 13 ++++- .../GHSA-72qf-gj46-vcj3.json | 13 ++++- .../GHSA-grmf-95cx-g4hc.json | 13 ++++- .../GHSA-j83j-hfqj-cf5p.json | 6 +- .../GHSA-x2p7-rrrj-3m2g.json | 4 ++ .../GHSA-fxw7-8r5q-w2v4.json | 4 ++ .../GHSA-6g7q-j8xv-m8cg.json | 4 ++ .../GHSA-g55m-fv7q-p3f5.json | 4 ++ .../GHSA-g5qh-f5rv-grcp.json | 4 ++ .../GHSA-q3q6-m34m-pq3r.json | 4 ++ .../GHSA-vmh2-v97v-w833.json | 4 ++ .../GHSA-vvqp-3hj4-rj73.json | 4 ++ .../GHSA-2qgx-8w4f-jc5v.json | 11 ++-- .../GHSA-3452-rvwh-rv7h.json | 11 ++-- .../GHSA-345r-5qfx-4jpr.json | 11 ++-- .../GHSA-366x-2hwp-qq45.json | 12 ++-- .../GHSA-3jpf-c526-5cw2.json | 11 ++-- .../GHSA-3wm7-5h33-f92f.json | 11 ++-- .../GHSA-4gp8-394w-2vcg.json | 9 ++- .../GHSA-4rxf-rcjh-42f3.json | 9 ++- .../GHSA-567x-fp72-xh2g.json | 9 ++- .../GHSA-5rqc-wqwj-478f.json | 11 ++-- .../GHSA-6gg3-r538-67r7.json | 9 ++- .../GHSA-7h5h-fqwm-4g32.json | 11 ++-- .../GHSA-7vjm-f76c-4jgr.json | 11 ++-- .../GHSA-88v9-2vvv-pvwv.json | 9 ++- .../GHSA-8cf2-943h-fh5p.json | 9 ++- .../GHSA-8j2h-rjqx-hfj6.json | 11 ++-- .../GHSA-962c-q54j-xg6v.json | 9 ++- .../GHSA-c459-crcf-rfqh.json | 9 ++- .../GHSA-cqq6-v7j5-vr3p.json | 11 ++-- .../GHSA-f9v3-rvrm-52r5.json | 11 ++-- .../GHSA-fh4c-rwgp-mc5v.json | 9 ++- .../GHSA-fhgm-rvpq-xwx9.json | 9 ++- .../GHSA-frrc-f75h-9j62.json | 11 ++-- .../GHSA-fvpr-q9j2-9vq7.json | 9 ++- .../GHSA-g594-6376-7c5r.json | 11 ++-- .../GHSA-gjq7-hxqp-x7cf.json | 9 ++- .../GHSA-gq7r-qxw5-w38c.json | 9 ++- .../GHSA-hhqx-5j72-qf6h.json | 11 ++-- .../GHSA-j6jr-7hqv-4mp7.json | 11 ++-- .../GHSA-jhq5-5c6h-9xj2.json | 11 ++-- .../GHSA-jjgj-498m-3v78.json | 11 ++-- .../GHSA-jmxp-55h2-rg35.json | 9 ++- .../GHSA-jv3h-vgc4-3286.json | 10 +++- .../GHSA-mwjw-gjjg-g95f.json | 9 ++- .../GHSA-pc9v-3h75-cp72.json | 9 ++- .../GHSA-pp3c-rj85-cc8g.json | 11 ++-- .../GHSA-pvmm-fgf7-r833.json | 11 ++-- .../GHSA-qjg8-7gjq-vxf4.json | 9 ++- .../GHSA-v594-5w2m-322p.json | 9 ++- .../GHSA-vc38-hp22-mh4x.json | 11 ++-- .../GHSA-vf28-x3q6-9qg2.json | 11 ++-- .../GHSA-vrvf-x4g2-cx9g.json | 9 ++- .../GHSA-wf6j-p2w6-h539.json | 9 ++- .../GHSA-xhfw-qhxr-hjhq.json | 11 ++-- .../GHSA-xw5c-xwc7-95gf.json | 11 ++-- .../GHSA-xxhf-r9rq-5rj8.json | 11 ++-- .../GHSA-xxw7-44hw-5xgc.json | 9 ++- .../GHSA-39ph-x487-rw5g.json | 35 ++++++++++++ .../GHSA-3c9r-w7qx-rq3w.json | 35 ++++++++++++ .../GHSA-3jgm-v75x-gfc2.json | 35 ++++++++++++ .../GHSA-4qvr-2hph-h947.json | 35 ++++++++++++ .../GHSA-4vgc-jw7q-vm43.json | 35 ++++++++++++ .../GHSA-637q-wqq3-x6v8.json | 35 ++++++++++++ .../GHSA-6pxh-m5x3-c752.json | 35 ++++++++++++ .../GHSA-7h7g-548g-p88x.json | 35 ++++++++++++ .../GHSA-7mgx-8745-58vp.json | 35 ++++++++++++ .../GHSA-7p9g-63g3-fhgj.json | 35 ++++++++++++ .../GHSA-85p4-j66f-mvwq.json | 35 ++++++++++++ .../GHSA-8f6c-jc9v-fhwm.json | 35 ++++++++++++ .../GHSA-8hfp-7pjq-xq3r.json | 35 ++++++++++++ .../GHSA-8v5j-pwr7-w5f8.json | 47 ++++++++++++++++ .../GHSA-9f7g-gqwh-jpf5.json | 55 +++++++++++++++++++ .../GHSA-9p5f-g2wv-w9w9.json | 35 ++++++++++++ .../GHSA-c2xc-7cgf-x32h.json | 35 ++++++++++++ .../GHSA-cmjm-8mpc-4gh4.json | 35 ++++++++++++ .../GHSA-cqp4-5mq6-q79h.json | 35 ++++++++++++ .../GHSA-f6vq-4jgh-q77m.json | 35 ++++++++++++ .../GHSA-fp86-2355-v99r.json | 47 ++++++++++++++++ .../GHSA-frqm-jxhr-mq8w.json | 35 ++++++++++++ .../GHSA-gfq3-95xq-g4jg.json | 35 ++++++++++++ .../GHSA-ggw3-vfpp-xgwh.json | 35 ++++++++++++ .../GHSA-gqg6-q62h-373r.json | 35 ++++++++++++ .../GHSA-hm72-c465-ffvp.json | 35 ++++++++++++ .../GHSA-j5gj-g4cc-754w.json | 35 ++++++++++++ .../GHSA-jj6r-5jxq-c8cw.json | 35 ++++++++++++ .../GHSA-mr9w-55jg-hq87.json | 35 ++++++++++++ .../GHSA-mx54-78g5-6r6j.json | 35 ++++++++++++ .../GHSA-p98c-jrxv-7m76.json | 35 ++++++++++++ .../GHSA-pjv6-q9xq-x489.json | 35 ++++++++++++ .../GHSA-r6rg-3rf4-rhw7.json | 35 ++++++++++++ .../GHSA-r8ww-jwqh-vfcj.json | 35 ++++++++++++ .../GHSA-v4m2-x4rp-hv22.json | 47 ++++++++++++++++ .../GHSA-vmmc-hrcp-2f4p.json | 35 ++++++++++++ .../GHSA-x5vw-7f44-jrxq.json | 43 +++++++++++++++ .../GHSA-xfv3-jp8h-q7v6.json | 43 +++++++++++++++ 97 files changed, 1778 insertions(+), 176 deletions(-) create mode 100644 advisories/unreviewed/2023/04/GHSA-39ph-x487-rw5g/GHSA-39ph-x487-rw5g.json create mode 100644 advisories/unreviewed/2023/04/GHSA-3c9r-w7qx-rq3w/GHSA-3c9r-w7qx-rq3w.json create mode 100644 advisories/unreviewed/2023/04/GHSA-3jgm-v75x-gfc2/GHSA-3jgm-v75x-gfc2.json create mode 100644 advisories/unreviewed/2023/04/GHSA-4qvr-2hph-h947/GHSA-4qvr-2hph-h947.json create mode 100644 advisories/unreviewed/2023/04/GHSA-4vgc-jw7q-vm43/GHSA-4vgc-jw7q-vm43.json create mode 100644 advisories/unreviewed/2023/04/GHSA-637q-wqq3-x6v8/GHSA-637q-wqq3-x6v8.json create mode 100644 advisories/unreviewed/2023/04/GHSA-6pxh-m5x3-c752/GHSA-6pxh-m5x3-c752.json create mode 100644 advisories/unreviewed/2023/04/GHSA-7h7g-548g-p88x/GHSA-7h7g-548g-p88x.json create mode 100644 advisories/unreviewed/2023/04/GHSA-7mgx-8745-58vp/GHSA-7mgx-8745-58vp.json create mode 100644 advisories/unreviewed/2023/04/GHSA-7p9g-63g3-fhgj/GHSA-7p9g-63g3-fhgj.json create mode 100644 advisories/unreviewed/2023/04/GHSA-85p4-j66f-mvwq/GHSA-85p4-j66f-mvwq.json create mode 100644 advisories/unreviewed/2023/04/GHSA-8f6c-jc9v-fhwm/GHSA-8f6c-jc9v-fhwm.json create mode 100644 advisories/unreviewed/2023/04/GHSA-8hfp-7pjq-xq3r/GHSA-8hfp-7pjq-xq3r.json create mode 100644 advisories/unreviewed/2023/04/GHSA-8v5j-pwr7-w5f8/GHSA-8v5j-pwr7-w5f8.json create mode 100644 advisories/unreviewed/2023/04/GHSA-9f7g-gqwh-jpf5/GHSA-9f7g-gqwh-jpf5.json create mode 100644 advisories/unreviewed/2023/04/GHSA-9p5f-g2wv-w9w9/GHSA-9p5f-g2wv-w9w9.json create mode 100644 advisories/unreviewed/2023/04/GHSA-c2xc-7cgf-x32h/GHSA-c2xc-7cgf-x32h.json create mode 100644 advisories/unreviewed/2023/04/GHSA-cmjm-8mpc-4gh4/GHSA-cmjm-8mpc-4gh4.json create mode 100644 advisories/unreviewed/2023/04/GHSA-cqp4-5mq6-q79h/GHSA-cqp4-5mq6-q79h.json create mode 100644 advisories/unreviewed/2023/04/GHSA-f6vq-4jgh-q77m/GHSA-f6vq-4jgh-q77m.json create mode 100644 advisories/unreviewed/2023/04/GHSA-fp86-2355-v99r/GHSA-fp86-2355-v99r.json create mode 100644 advisories/unreviewed/2023/04/GHSA-frqm-jxhr-mq8w/GHSA-frqm-jxhr-mq8w.json create mode 100644 advisories/unreviewed/2023/04/GHSA-gfq3-95xq-g4jg/GHSA-gfq3-95xq-g4jg.json create mode 100644 advisories/unreviewed/2023/04/GHSA-ggw3-vfpp-xgwh/GHSA-ggw3-vfpp-xgwh.json create mode 100644 advisories/unreviewed/2023/04/GHSA-gqg6-q62h-373r/GHSA-gqg6-q62h-373r.json create mode 100644 advisories/unreviewed/2023/04/GHSA-hm72-c465-ffvp/GHSA-hm72-c465-ffvp.json create mode 100644 advisories/unreviewed/2023/04/GHSA-j5gj-g4cc-754w/GHSA-j5gj-g4cc-754w.json create mode 100644 advisories/unreviewed/2023/04/GHSA-jj6r-5jxq-c8cw/GHSA-jj6r-5jxq-c8cw.json create mode 100644 advisories/unreviewed/2023/04/GHSA-mr9w-55jg-hq87/GHSA-mr9w-55jg-hq87.json create mode 100644 advisories/unreviewed/2023/04/GHSA-mx54-78g5-6r6j/GHSA-mx54-78g5-6r6j.json create mode 100644 advisories/unreviewed/2023/04/GHSA-p98c-jrxv-7m76/GHSA-p98c-jrxv-7m76.json create mode 100644 advisories/unreviewed/2023/04/GHSA-pjv6-q9xq-x489/GHSA-pjv6-q9xq-x489.json create mode 100644 advisories/unreviewed/2023/04/GHSA-r6rg-3rf4-rhw7/GHSA-r6rg-3rf4-rhw7.json create mode 100644 advisories/unreviewed/2023/04/GHSA-r8ww-jwqh-vfcj/GHSA-r8ww-jwqh-vfcj.json create mode 100644 advisories/unreviewed/2023/04/GHSA-v4m2-x4rp-hv22/GHSA-v4m2-x4rp-hv22.json create mode 100644 advisories/unreviewed/2023/04/GHSA-vmmc-hrcp-2f4p/GHSA-vmmc-hrcp-2f4p.json create mode 100644 advisories/unreviewed/2023/04/GHSA-x5vw-7f44-jrxq/GHSA-x5vw-7f44-jrxq.json create mode 100644 advisories/unreviewed/2023/04/GHSA-xfv3-jp8h-q7v6/GHSA-xfv3-jp8h-q7v6.json diff --git a/advisories/unreviewed/2022/05/GHSA-25p6-jmrr-3hj2/GHSA-25p6-jmrr-3hj2.json b/advisories/unreviewed/2022/05/GHSA-25p6-jmrr-3hj2/GHSA-25p6-jmrr-3hj2.json index 9f7f06d72afa2..e848091f3bd47 100644 --- a/advisories/unreviewed/2022/05/GHSA-25p6-jmrr-3hj2/GHSA-25p6-jmrr-3hj2.json +++ b/advisories/unreviewed/2022/05/GHSA-25p6-jmrr-3hj2/GHSA-25p6-jmrr-3hj2.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-25p6-jmrr-3hj2", - "modified": "2022-05-24T17:20:04Z", + "modified": "2023-04-06T18:30:19Z", "published": "2022-05-24T17:20:04Z", "aliases": [ "CVE-2020-11798" ], "details": "A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } ], "affected": [ @@ -25,11 +28,15 @@ { "type": "WEB", "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171751/Mitel-MiCollab-AWV-8.1.2.4-9.1.3-Directory-Traversal-LFI.html" } ], "database_specific": { "cwe_ids": [ - + "CWE-22" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/05/GHSA-72qf-gj46-vcj3/GHSA-72qf-gj46-vcj3.json b/advisories/unreviewed/2022/05/GHSA-72qf-gj46-vcj3/GHSA-72qf-gj46-vcj3.json index 9541a907b186b..8192a7e84bc04 100644 --- a/advisories/unreviewed/2022/05/GHSA-72qf-gj46-vcj3/GHSA-72qf-gj46-vcj3.json +++ b/advisories/unreviewed/2022/05/GHSA-72qf-gj46-vcj3/GHSA-72qf-gj46-vcj3.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-72qf-gj46-vcj3", - "modified": "2022-05-24T17:29:14Z", + "modified": "2023-04-06T18:30:20Z", "published": "2022-05-24T17:29:14Z", "aliases": [ "CVE-2019-15993" ], "details": "A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } ], "affected": [ @@ -21,11 +24,15 @@ { "type": "WEB", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html" } ], "database_specific": { "cwe_ids": [ - + "CWE-287" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/05/GHSA-grmf-95cx-g4hc/GHSA-grmf-95cx-g4hc.json b/advisories/unreviewed/2022/05/GHSA-grmf-95cx-g4hc/GHSA-grmf-95cx-g4hc.json index 1c499bfa5123d..62a8d45e94221 100644 --- a/advisories/unreviewed/2022/05/GHSA-grmf-95cx-g4hc/GHSA-grmf-95cx-g4hc.json +++ b/advisories/unreviewed/2022/05/GHSA-grmf-95cx-g4hc/GHSA-grmf-95cx-g4hc.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-grmf-95cx-g4hc", - "modified": "2022-05-24T17:14:00Z", + "modified": "2023-04-06T18:30:19Z", "published": "2022-05-24T17:14:00Z", "aliases": [ "CVE-2020-5330" ], "details": "Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -21,11 +24,15 @@ { "type": "WEB", "url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html" } ], "database_specific": { "cwe_ids": [ - + "CWE-200" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/05/GHSA-j83j-hfqj-cf5p/GHSA-j83j-hfqj-cf5p.json b/advisories/unreviewed/2022/05/GHSA-j83j-hfqj-cf5p/GHSA-j83j-hfqj-cf5p.json index 888f776edafb5..3b92059957ab1 100644 --- a/advisories/unreviewed/2022/05/GHSA-j83j-hfqj-cf5p/GHSA-j83j-hfqj-cf5p.json +++ b/advisories/unreviewed/2022/05/GHSA-j83j-hfqj-cf5p/GHSA-j83j-hfqj-cf5p.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-j83j-hfqj-cf5p", - "modified": "2022-05-13T01:02:58Z", + "modified": "2023-04-06T18:30:20Z", "published": "2022-05-13T01:02:58Z", "aliases": [ "CVE-2019-9193" @@ -48,6 +48,10 @@ { "type": "WEB", "url": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2022/08/GHSA-x2p7-rrrj-3m2g/GHSA-x2p7-rrrj-3m2g.json b/advisories/unreviewed/2022/08/GHSA-x2p7-rrrj-3m2g/GHSA-x2p7-rrrj-3m2g.json index f5bb2ff2f15da..571089c644231 100644 --- a/advisories/unreviewed/2022/08/GHSA-x2p7-rrrj-3m2g/GHSA-x2p7-rrrj-3m2g.json +++ b/advisories/unreviewed/2022/08/GHSA-x2p7-rrrj-3m2g/GHSA-x2p7-rrrj-3m2g.json @@ -32,6 +32,10 @@ { "type": "WEB", "url": "http://frappe.com" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171730/ERPNext-12.29-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/01/GHSA-fxw7-8r5q-w2v4/GHSA-fxw7-8r5q-w2v4.json b/advisories/unreviewed/2023/01/GHSA-fxw7-8r5q-w2v4/GHSA-fxw7-8r5q-w2v4.json index af7de8abee1e5..656999b2395aa 100644 --- a/advisories/unreviewed/2023/01/GHSA-fxw7-8r5q-w2v4/GHSA-fxw7-8r5q-w2v4.json +++ b/advisories/unreviewed/2023/01/GHSA-fxw7-8r5q-w2v4/GHSA-fxw7-8r5q-w2v4.json @@ -37,6 +37,10 @@ "type": "WEB", "url": "http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Jan/1" diff --git a/advisories/unreviewed/2023/02/GHSA-6g7q-j8xv-m8cg/GHSA-6g7q-j8xv-m8cg.json b/advisories/unreviewed/2023/02/GHSA-6g7q-j8xv-m8cg/GHSA-6g7q-j8xv-m8cg.json index cccf4bf6bd99b..04ba7a0ec6f7c 100644 --- a/advisories/unreviewed/2023/02/GHSA-6g7q-j8xv-m8cg/GHSA-6g7q-j8xv-m8cg.json +++ b/advisories/unreviewed/2023/02/GHSA-6g7q-j8xv-m8cg/GHSA-6g7q-j8xv-m8cg.json @@ -32,6 +32,10 @@ { "type": "WEB", "url": "https://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/02/GHSA-g55m-fv7q-p3f5/GHSA-g55m-fv7q-p3f5.json b/advisories/unreviewed/2023/02/GHSA-g55m-fv7q-p3f5/GHSA-g55m-fv7q-p3f5.json index c611bf8e2af50..6eb8b741e60ec 100644 --- a/advisories/unreviewed/2023/02/GHSA-g55m-fv7q-p3f5/GHSA-g55m-fv7q-p3f5.json +++ b/advisories/unreviewed/2023/02/GHSA-g55m-fv7q-p3f5/GHSA-g55m-fv7q-p3f5.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://www.provideserver.se/" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/02/GHSA-g5qh-f5rv-grcp/GHSA-g5qh-f5rv-grcp.json b/advisories/unreviewed/2023/02/GHSA-g5qh-f5rv-grcp/GHSA-g5qh-f5rv-grcp.json index 77a54d060b5eb..959414293ef68 100644 --- a/advisories/unreviewed/2023/02/GHSA-g5qh-f5rv-grcp/GHSA-g5qh-f5rv-grcp.json +++ b/advisories/unreviewed/2023/02/GHSA-g5qh-f5rv-grcp/GHSA-g5qh-f5rv-grcp.json @@ -44,6 +44,10 @@ { "type": "WEB", "url": "https://www.metabaseq.com/imagemagick-zero-days/" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/02/GHSA-q3q6-m34m-pq3r/GHSA-q3q6-m34m-pq3r.json b/advisories/unreviewed/2023/02/GHSA-q3q6-m34m-pq3r/GHSA-q3q6-m34m-pq3r.json index 32ddb7c91820c..054b90b3de528 100644 --- a/advisories/unreviewed/2023/02/GHSA-q3q6-m34m-pq3r/GHSA-q3q6-m34m-pq3r.json +++ b/advisories/unreviewed/2023/02/GHSA-q3q6-m34m-pq3r/GHSA-q3q6-m34m-pq3r.json @@ -32,6 +32,10 @@ { "type": "WEB", "url": "https://medium.com/@_sadshade/file-extention-bypass-in-responsive-filemanager-9-5-5-leading-to-rce-authenticated-3290eddc54e7" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/02/GHSA-vmh2-v97v-w833/GHSA-vmh2-v97v-w833.json b/advisories/unreviewed/2023/02/GHSA-vmh2-v97v-w833/GHSA-vmh2-v97v-w833.json index 608f65204bfbb..7899e4ca15647 100644 --- a/advisories/unreviewed/2023/02/GHSA-vmh2-v97v-w833/GHSA-vmh2-v97v-w833.json +++ b/advisories/unreviewed/2023/02/GHSA-vmh2-v97v-w833/GHSA-vmh2-v97v-w833.json @@ -32,6 +32,10 @@ { "type": "WEB", "url": "https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/02/GHSA-vvqp-3hj4-rj73/GHSA-vvqp-3hj4-rj73.json b/advisories/unreviewed/2023/02/GHSA-vvqp-3hj4-rj73/GHSA-vvqp-3hj4-rj73.json index 4fdd99be35a35..35fde221fef4e 100644 --- a/advisories/unreviewed/2023/02/GHSA-vvqp-3hj4-rj73/GHSA-vvqp-3hj4-rj73.json +++ b/advisories/unreviewed/2023/02/GHSA-vvqp-3hj4-rj73/GHSA-vvqp-3hj4-rj73.json @@ -32,6 +32,10 @@ { "type": "WEB", "url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/03/GHSA-2qgx-8w4f-jc5v/GHSA-2qgx-8w4f-jc5v.json b/advisories/unreviewed/2023/03/GHSA-2qgx-8w4f-jc5v/GHSA-2qgx-8w4f-jc5v.json index 3ccba86e51a7f..860e64588e3df 100644 --- a/advisories/unreviewed/2023/03/GHSA-2qgx-8w4f-jc5v/GHSA-2qgx-8w4f-jc5v.json +++ b/advisories/unreviewed/2023/03/GHSA-2qgx-8w4f-jc5v/GHSA-2qgx-8w4f-jc5v.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-2qgx-8w4f-jc5v", - "modified": "2023-03-30T12:30:14Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-30T12:30:14Z", "aliases": [ "CVE-2023-28731" ], "details": "AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,9 +32,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-434" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-30T12:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-3452-rvwh-rv7h/GHSA-3452-rvwh-rv7h.json b/advisories/unreviewed/2023/03/GHSA-3452-rvwh-rv7h/GHSA-3452-rvwh-rv7h.json index a3a003c064edb..44a82aeebe182 100644 --- a/advisories/unreviewed/2023/03/GHSA-3452-rvwh-rv7h/GHSA-3452-rvwh-rv7h.json +++ b/advisories/unreviewed/2023/03/GHSA-3452-rvwh-rv7h/GHSA-3452-rvwh-rv7h.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3452-rvwh-rv7h", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2023-1656" ], "details": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -29,9 +32,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-319" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T20:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-345r-5qfx-4jpr/GHSA-345r-5qfx-4jpr.json b/advisories/unreviewed/2023/03/GHSA-345r-5qfx-4jpr/GHSA-345r-5qfx-4jpr.json index 6ec7181ff2f09..3a42772df4f42 100644 --- a/advisories/unreviewed/2023/03/GHSA-345r-5qfx-4jpr/GHSA-345r-5qfx-4jpr.json +++ b/advisories/unreviewed/2023/03/GHSA-345r-5qfx-4jpr/GHSA-345r-5qfx-4jpr.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-345r-5qfx-4jpr", - "modified": "2023-03-29T21:30:15Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-29T21:30:15Z", "aliases": [ "CVE-2023-28509" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-327" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-366x-2hwp-qq45/GHSA-366x-2hwp-qq45.json b/advisories/unreviewed/2023/03/GHSA-366x-2hwp-qq45/GHSA-366x-2hwp-qq45.json index b5be4068b23a7..c4802dce5df1e 100644 --- a/advisories/unreviewed/2023/03/GHSA-366x-2hwp-qq45/GHSA-366x-2hwp-qq45.json +++ b/advisories/unreviewed/2023/03/GHSA-366x-2hwp-qq45/GHSA-366x-2hwp-qq45.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-366x-2hwp-qq45", - "modified": "2023-03-29T21:30:20Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:20Z", "aliases": [ "CVE-2022-37381" ], "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,9 +32,10 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-3jpf-c526-5cw2/GHSA-3jpf-c526-5cw2.json b/advisories/unreviewed/2023/03/GHSA-3jpf-c526-5cw2/GHSA-3jpf-c526-5cw2.json index 217054a2b602d..c257aeba548f1 100644 --- a/advisories/unreviewed/2023/03/GHSA-3jpf-c526-5cw2/GHSA-3jpf-c526-5cw2.json +++ b/advisories/unreviewed/2023/03/GHSA-3jpf-c526-5cw2/GHSA-3jpf-c526-5cw2.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3jpf-c526-5cw2", - "modified": "2023-03-30T12:30:14Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-30T12:30:14Z", "aliases": [ "CVE-2023-28733" ], "details": "AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -29,9 +32,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-79" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-30T12:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-3wm7-5h33-f92f/GHSA-3wm7-5h33-f92f.json b/advisories/unreviewed/2023/03/GHSA-3wm7-5h33-f92f/GHSA-3wm7-5h33-f92f.json index 3dc6617e6f7e0..1af75f0ae1650 100644 --- a/advisories/unreviewed/2023/03/GHSA-3wm7-5h33-f92f/GHSA-3wm7-5h33-f92f.json +++ b/advisories/unreviewed/2023/03/GHSA-3wm7-5h33-f92f/GHSA-3wm7-5h33-f92f.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3wm7-5h33-f92f", - "modified": "2023-03-29T21:30:15Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:15Z", "aliases": [ "CVE-2023-28505" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-120" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-4gp8-394w-2vcg/GHSA-4gp8-394w-2vcg.json b/advisories/unreviewed/2023/03/GHSA-4gp8-394w-2vcg/GHSA-4gp8-394w-2vcg.json index 0378cb68b5ed6..9b5a68d55748a 100644 --- a/advisories/unreviewed/2023/03/GHSA-4gp8-394w-2vcg/GHSA-4gp8-394w-2vcg.json +++ b/advisories/unreviewed/2023/03/GHSA-4gp8-394w-2vcg/GHSA-4gp8-394w-2vcg.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-4gp8-394w-2vcg", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2022-47602" ], "details": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-79" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T20:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-4rxf-rcjh-42f3/GHSA-4rxf-rcjh-42f3.json b/advisories/unreviewed/2023/03/GHSA-4rxf-rcjh-42f3/GHSA-4rxf-rcjh-42f3.json index e688f0f69cad4..968a8942c3586 100644 --- a/advisories/unreviewed/2023/03/GHSA-4rxf-rcjh-42f3/GHSA-4rxf-rcjh-42f3.json +++ b/advisories/unreviewed/2023/03/GHSA-4rxf-rcjh-42f3/GHSA-4rxf-rcjh-42f3.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-4rxf-rcjh-42f3", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-37390" ], "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17551.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-416" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-567x-fp72-xh2g/GHSA-567x-fp72-xh2g.json b/advisories/unreviewed/2023/03/GHSA-567x-fp72-xh2g/GHSA-567x-fp72-xh2g.json index 790d3ea36ee13..3eb5be931d295 100644 --- a/advisories/unreviewed/2023/03/GHSA-567x-fp72-xh2g/GHSA-567x-fp72-xh2g.json +++ b/advisories/unreviewed/2023/03/GHSA-567x-fp72-xh2g/GHSA-567x-fp72-xh2g.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-567x-fp72-xh2g", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-42426" ], "details": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-5rqc-wqwj-478f/GHSA-5rqc-wqwj-478f.json b/advisories/unreviewed/2023/03/GHSA-5rqc-wqwj-478f/GHSA-5rqc-wqwj-478f.json index 876fe964f9965..8687dce1e24f2 100644 --- a/advisories/unreviewed/2023/03/GHSA-5rqc-wqwj-478f/GHSA-5rqc-wqwj-478f.json +++ b/advisories/unreviewed/2023/03/GHSA-5rqc-wqwj-478f/GHSA-5rqc-wqwj-478f.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-5rqc-wqwj-478f", - "modified": "2023-03-28T21:30:16Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-28T21:30:16Z", "aliases": [ "CVE-2023-20903" ], "details": "This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA. It is expected that the UAA would reject a refresh token during a refresh token grant, but it does not (hence the vulnerability). It will continue to issue access tokens to request presenting such refresh tokens, as if the identity provider was still active. As a result, clients with refresh tokens issued through the deactivated identity provider would still have access to Cloud Foundry resources until their refresh token expires (which defaults to 30 days).", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-613" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-28T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-6gg3-r538-67r7/GHSA-6gg3-r538-67r7.json b/advisories/unreviewed/2023/03/GHSA-6gg3-r538-67r7/GHSA-6gg3-r538-67r7.json index f0b9cf0a5b7ec..c884f57012bbd 100644 --- a/advisories/unreviewed/2023/03/GHSA-6gg3-r538-67r7/GHSA-6gg3-r538-67r7.json +++ b/advisories/unreviewed/2023/03/GHSA-6gg3-r538-67r7/GHSA-6gg3-r538-67r7.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-6gg3-r538-67r7", - "modified": "2023-03-29T21:30:18Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-29T21:30:18Z", "aliases": [ "CVE-2022-45355" ], "details": "Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-7h5h-fqwm-4g32/GHSA-7h5h-fqwm-4g32.json b/advisories/unreviewed/2023/03/GHSA-7h5h-fqwm-4g32/GHSA-7h5h-fqwm-4g32.json index 56b381ccab112..3a659afbfa467 100644 --- a/advisories/unreviewed/2023/03/GHSA-7h5h-fqwm-4g32/GHSA-7h5h-fqwm-4g32.json +++ b/advisories/unreviewed/2023/03/GHSA-7h5h-fqwm-4g32/GHSA-7h5h-fqwm-4g32.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-7h5h-fqwm-4g32", - "modified": "2023-03-29T21:30:17Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T21:30:17Z", "aliases": [ "CVE-2020-14140" ], "details": "When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-306" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T20:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-7vjm-f76c-4jgr/GHSA-7vjm-f76c-4jgr.json b/advisories/unreviewed/2023/03/GHSA-7vjm-f76c-4jgr/GHSA-7vjm-f76c-4jgr.json index 2d9886bc51408..d686e463926f0 100644 --- a/advisories/unreviewed/2023/03/GHSA-7vjm-f76c-4jgr/GHSA-7vjm-f76c-4jgr.json +++ b/advisories/unreviewed/2023/03/GHSA-7vjm-f76c-4jgr/GHSA-7vjm-f76c-4jgr.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-7vjm-f76c-4jgr", - "modified": "2023-03-29T21:30:15Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:15Z", "aliases": [ "CVE-2023-28506" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-787" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-88v9-2vvv-pvwv/GHSA-88v9-2vvv-pvwv.json b/advisories/unreviewed/2023/03/GHSA-88v9-2vvv-pvwv/GHSA-88v9-2vvv-pvwv.json index 6281b1dad6e15..c5bb9e29dc523 100644 --- a/advisories/unreviewed/2023/03/GHSA-88v9-2vvv-pvwv/GHSA-88v9-2vvv-pvwv.json +++ b/advisories/unreviewed/2023/03/GHSA-88v9-2vvv-pvwv/GHSA-88v9-2vvv-pvwv.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-88v9-2vvv-pvwv", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-37382" ], "details": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17383.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-416" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-8cf2-943h-fh5p/GHSA-8cf2-943h-fh5p.json b/advisories/unreviewed/2023/03/GHSA-8cf2-943h-fh5p/GHSA-8cf2-943h-fh5p.json index 8ee187100802b..01e1d3c4b4b16 100644 --- a/advisories/unreviewed/2023/03/GHSA-8cf2-943h-fh5p/GHSA-8cf2-943h-fh5p.json +++ b/advisories/unreviewed/2023/03/GHSA-8cf2-943h-fh5p/GHSA-8cf2-943h-fh5p.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-8cf2-943h-fh5p", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2023-22705" ], "details": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-79" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T20:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-8j2h-rjqx-hfj6/GHSA-8j2h-rjqx-hfj6.json b/advisories/unreviewed/2023/03/GHSA-8j2h-rjqx-hfj6/GHSA-8j2h-rjqx-hfj6.json index ced55a90cf21f..6534031578c41 100644 --- a/advisories/unreviewed/2023/03/GHSA-8j2h-rjqx-hfj6/GHSA-8j2h-rjqx-hfj6.json +++ b/advisories/unreviewed/2023/03/GHSA-8j2h-rjqx-hfj6/GHSA-8j2h-rjqx-hfj6.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-8j2h-rjqx-hfj6", - "modified": "2023-03-30T12:30:14Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-30T12:30:14Z", "aliases": [ "CVE-2023-28732" ], "details": "Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -33,9 +36,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-22" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-30T12:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-962c-q54j-xg6v/GHSA-962c-q54j-xg6v.json b/advisories/unreviewed/2023/03/GHSA-962c-q54j-xg6v/GHSA-962c-q54j-xg6v.json index ff521854de0f0..e238aa02d3bf2 100644 --- a/advisories/unreviewed/2023/03/GHSA-962c-q54j-xg6v/GHSA-962c-q54j-xg6v.json +++ b/advisories/unreviewed/2023/03/GHSA-962c-q54j-xg6v/GHSA-962c-q54j-xg6v.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-962c-q54j-xg6v", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-37391" ], "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17661.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-416" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-c459-crcf-rfqh/GHSA-c459-crcf-rfqh.json b/advisories/unreviewed/2023/03/GHSA-c459-crcf-rfqh/GHSA-c459-crcf-rfqh.json index 9cb621b13e975..8c8aa72769d1a 100644 --- a/advisories/unreviewed/2023/03/GHSA-c459-crcf-rfqh/GHSA-c459-crcf-rfqh.json +++ b/advisories/unreviewed/2023/03/GHSA-c459-crcf-rfqh/GHSA-c459-crcf-rfqh.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-c459-crcf-rfqh", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-42425" ], "details": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18555.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-cqq6-v7j5-vr3p/GHSA-cqq6-v7j5-vr3p.json b/advisories/unreviewed/2023/03/GHSA-cqq6-v7j5-vr3p/GHSA-cqq6-v7j5-vr3p.json index 87963d2321fdf..47a9d45e4d87d 100644 --- a/advisories/unreviewed/2023/03/GHSA-cqq6-v7j5-vr3p/GHSA-cqq6-v7j5-vr3p.json +++ b/advisories/unreviewed/2023/03/GHSA-cqq6-v7j5-vr3p/GHSA-cqq6-v7j5-vr3p.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cqq6-v7j5-vr3p", - "modified": "2023-03-31T09:30:19Z", + "modified": "2023-04-06T18:30:15Z", "published": "2023-03-31T09:30:19Z", "aliases": [ "CVE-2023-28727" ], "details": "Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-287" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-31T07:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-f9v3-rvrm-52r5/GHSA-f9v3-rvrm-52r5.json b/advisories/unreviewed/2023/03/GHSA-f9v3-rvrm-52r5/GHSA-f9v3-rvrm-52r5.json index 8c57271e5033b..a08db56398388 100644 --- a/advisories/unreviewed/2023/03/GHSA-f9v3-rvrm-52r5/GHSA-f9v3-rvrm-52r5.json +++ b/advisories/unreviewed/2023/03/GHSA-f9v3-rvrm-52r5/GHSA-f9v3-rvrm-52r5.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-f9v3-rvrm-52r5", - "modified": "2023-03-29T21:30:15Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-29T21:30:15Z", "aliases": [ "CVE-2023-28508" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-787" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-fh4c-rwgp-mc5v/GHSA-fh4c-rwgp-mc5v.json b/advisories/unreviewed/2023/03/GHSA-fh4c-rwgp-mc5v/GHSA-fh4c-rwgp-mc5v.json index e9163bb0f131a..34cc4693d263c 100644 --- a/advisories/unreviewed/2023/03/GHSA-fh4c-rwgp-mc5v/GHSA-fh4c-rwgp-mc5v.json +++ b/advisories/unreviewed/2023/03/GHSA-fh4c-rwgp-mc5v/GHSA-fh4c-rwgp-mc5v.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-fh4c-rwgp-mc5v", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-42427" ], "details": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18541.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-fhgm-rvpq-xwx9/GHSA-fhgm-rvpq-xwx9.json b/advisories/unreviewed/2023/03/GHSA-fhgm-rvpq-xwx9/GHSA-fhgm-rvpq-xwx9.json index ea962daacbec9..7be3b03d191b0 100644 --- a/advisories/unreviewed/2023/03/GHSA-fhgm-rvpq-xwx9/GHSA-fhgm-rvpq-xwx9.json +++ b/advisories/unreviewed/2023/03/GHSA-fhgm-rvpq-xwx9/GHSA-fhgm-rvpq-xwx9.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-fhgm-rvpq-xwx9", - "modified": "2023-03-30T15:30:19Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-30T15:30:19Z", "aliases": [ "CVE-2023-25076" ], "details": "A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-120" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-30T15:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-frrc-f75h-9j62/GHSA-frrc-f75h-9j62.json b/advisories/unreviewed/2023/03/GHSA-frrc-f75h-9j62/GHSA-frrc-f75h-9j62.json index 0ea9046b06fa5..0b7db4e11b47f 100644 --- a/advisories/unreviewed/2023/03/GHSA-frrc-f75h-9j62/GHSA-frrc-f75h-9j62.json +++ b/advisories/unreviewed/2023/03/GHSA-frrc-f75h-9j62/GHSA-frrc-f75h-9j62.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-frrc-f75h-9j62", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2017-6894" ], "details": "A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-269" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-fvpr-q9j2-9vq7/GHSA-fvpr-q9j2-9vq7.json b/advisories/unreviewed/2023/03/GHSA-fvpr-q9j2-9vq7/GHSA-fvpr-q9j2-9vq7.json index 37c1974af4b95..7a890248ee0f9 100644 --- a/advisories/unreviewed/2023/03/GHSA-fvpr-q9j2-9vq7/GHSA-fvpr-q9j2-9vq7.json +++ b/advisories/unreviewed/2023/03/GHSA-fvpr-q9j2-9vq7/GHSA-fvpr-q9j2-9vq7.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-fvpr-q9j2-9vq7", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-37385" ], "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17301.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-416" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-g594-6376-7c5r/GHSA-g594-6376-7c5r.json b/advisories/unreviewed/2023/03/GHSA-g594-6376-7c5r/GHSA-g594-6376-7c5r.json index 2b10334b40f56..b2771b817cb1d 100644 --- a/advisories/unreviewed/2023/03/GHSA-g594-6376-7c5r/GHSA-g594-6376-7c5r.json +++ b/advisories/unreviewed/2023/03/GHSA-g594-6376-7c5r/GHSA-g594-6376-7c5r.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-g594-6376-7c5r", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2023-28503" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-287" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-gjq7-hxqp-x7cf/GHSA-gjq7-hxqp-x7cf.json b/advisories/unreviewed/2023/03/GHSA-gjq7-hxqp-x7cf/GHSA-gjq7-hxqp-x7cf.json index 5ca24a392314c..628b13e003be0 100644 --- a/advisories/unreviewed/2023/03/GHSA-gjq7-hxqp-x7cf/GHSA-gjq7-hxqp-x7cf.json +++ b/advisories/unreviewed/2023/03/GHSA-gjq7-hxqp-x7cf/GHSA-gjq7-hxqp-x7cf.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-gjq7-hxqp-x7cf", - "modified": "2023-03-29T09:30:32Z", + "modified": "2023-04-06T18:30:16Z", "published": "2023-03-29T09:30:32Z", "aliases": [ "CVE-2022-27598" ], "details": "A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T07:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-gq7r-qxw5-w38c/GHSA-gq7r-qxw5-w38c.json b/advisories/unreviewed/2023/03/GHSA-gq7r-qxw5-w38c/GHSA-gq7r-qxw5-w38c.json index 7b17931de5f3d..d0a65620e2d3b 100644 --- a/advisories/unreviewed/2023/03/GHSA-gq7r-qxw5-w38c/GHSA-gq7r-qxw5-w38c.json +++ b/advisories/unreviewed/2023/03/GHSA-gq7r-qxw5-w38c/GHSA-gq7r-qxw5-w38c.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-gq7r-qxw5-w38c", - "modified": "2023-03-29T09:30:32Z", + "modified": "2023-04-06T18:30:16Z", "published": "2023-03-29T09:30:32Z", "aliases": [ "CVE-2022-27597" ], "details": "A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T07:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-hhqx-5j72-qf6h/GHSA-hhqx-5j72-qf6h.json b/advisories/unreviewed/2023/03/GHSA-hhqx-5j72-qf6h/GHSA-hhqx-5j72-qf6h.json index 4bf88da2c8e22..35a1018df1800 100644 --- a/advisories/unreviewed/2023/03/GHSA-hhqx-5j72-qf6h/GHSA-hhqx-5j72-qf6h.json +++ b/advisories/unreviewed/2023/03/GHSA-hhqx-5j72-qf6h/GHSA-hhqx-5j72-qf6h.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-hhqx-5j72-qf6h", - "modified": "2023-03-30T12:30:15Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-30T12:30:15Z", "aliases": [ "CVE-2023-1699" ], "details": "Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-425" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-30T10:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-j6jr-7hqv-4mp7/GHSA-j6jr-7hqv-4mp7.json b/advisories/unreviewed/2023/03/GHSA-j6jr-7hqv-4mp7/GHSA-j6jr-7hqv-4mp7.json index 53bbfc6109164..cda5113656362 100644 --- a/advisories/unreviewed/2023/03/GHSA-j6jr-7hqv-4mp7/GHSA-j6jr-7hqv-4mp7.json +++ b/advisories/unreviewed/2023/03/GHSA-j6jr-7hqv-4mp7/GHSA-j6jr-7hqv-4mp7.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-j6jr-7hqv-4mp7", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2023-28502" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the \"udadmin\" service that can lead to remote code execution as the root user.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-787" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-jhq5-5c6h-9xj2/GHSA-jhq5-5c6h-9xj2.json b/advisories/unreviewed/2023/03/GHSA-jhq5-5c6h-9xj2/GHSA-jhq5-5c6h-9xj2.json index c084fca4b782b..308addf30460f 100644 --- a/advisories/unreviewed/2023/03/GHSA-jhq5-5c6h-9xj2/GHSA-jhq5-5c6h-9xj2.json +++ b/advisories/unreviewed/2023/03/GHSA-jhq5-5c6h-9xj2/GHSA-jhq5-5c6h-9xj2.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-jhq5-5c6h-9xj2", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2023-28501" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-190" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T20:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-jjgj-498m-3v78/GHSA-jjgj-498m-3v78.json b/advisories/unreviewed/2023/03/GHSA-jjgj-498m-3v78/GHSA-jjgj-498m-3v78.json index dde24ebe696e4..32412426a56e7 100644 --- a/advisories/unreviewed/2023/03/GHSA-jjgj-498m-3v78/GHSA-jjgj-498m-3v78.json +++ b/advisories/unreviewed/2023/03/GHSA-jjgj-498m-3v78/GHSA-jjgj-498m-3v78.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-jjgj-498m-3v78", - "modified": "2023-03-31T12:30:16Z", + "modified": "2023-04-06T18:30:16Z", "published": "2023-03-31T12:30:16Z", "aliases": [ "CVE-2023-1773" ], "details": "A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -33,9 +36,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-94" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-31T12:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-jmxp-55h2-rg35/GHSA-jmxp-55h2-rg35.json b/advisories/unreviewed/2023/03/GHSA-jmxp-55h2-rg35/GHSA-jmxp-55h2-rg35.json index a86802aa0fb33..56ada60c1a17d 100644 --- a/advisories/unreviewed/2023/03/GHSA-jmxp-55h2-rg35/GHSA-jmxp-55h2-rg35.json +++ b/advisories/unreviewed/2023/03/GHSA-jmxp-55h2-rg35/GHSA-jmxp-55h2-rg35.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-jmxp-55h2-rg35", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-3093" ], "details": "This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-367" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-jv3h-vgc4-3286/GHSA-jv3h-vgc4-3286.json b/advisories/unreviewed/2023/03/GHSA-jv3h-vgc4-3286/GHSA-jv3h-vgc4-3286.json index 7258ad31d196e..5b3ca6daaf892 100644 --- a/advisories/unreviewed/2023/03/GHSA-jv3h-vgc4-3286/GHSA-jv3h-vgc4-3286.json +++ b/advisories/unreviewed/2023/03/GHSA-jv3h-vgc4-3286/GHSA-jv3h-vgc4-3286.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-jv3h-vgc4-3286", - "modified": "2023-03-29T21:30:22Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T21:30:22Z", "aliases": [ "CVE-2022-27645" ], "details": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,9 +32,10 @@ ], "database_specific": { "cwe_ids": [ + "CWE-697", "CWE-863" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-mwjw-gjjg-g95f/GHSA-mwjw-gjjg-g95f.json b/advisories/unreviewed/2023/03/GHSA-mwjw-gjjg-g95f/GHSA-mwjw-gjjg-g95f.json index 3fa62f53d3454..b9b7ccf4adb72 100644 --- a/advisories/unreviewed/2023/03/GHSA-mwjw-gjjg-g95f/GHSA-mwjw-gjjg-g95f.json +++ b/advisories/unreviewed/2023/03/GHSA-mwjw-gjjg-g95f/GHSA-mwjw-gjjg-g95f.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mwjw-gjjg-g95f", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-42424" ], "details": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18556.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -27,7 +30,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-pc9v-3h75-cp72/GHSA-pc9v-3h75-cp72.json b/advisories/unreviewed/2023/03/GHSA-pc9v-3h75-cp72/GHSA-pc9v-3h75-cp72.json index 016d10c28bc29..e3e283a462cec 100644 --- a/advisories/unreviewed/2023/03/GHSA-pc9v-3h75-cp72/GHSA-pc9v-3h75-cp72.json +++ b/advisories/unreviewed/2023/03/GHSA-pc9v-3h75-cp72/GHSA-pc9v-3h75-cp72.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-pc9v-3h75-cp72", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-37386" ], "details": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17550.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-125" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-pp3c-rj85-cc8g/GHSA-pp3c-rj85-cc8g.json b/advisories/unreviewed/2023/03/GHSA-pp3c-rj85-cc8g/GHSA-pp3c-rj85-cc8g.json index 3f3720f25bc2f..279f5514046c7 100644 --- a/advisories/unreviewed/2023/03/GHSA-pp3c-rj85-cc8g/GHSA-pp3c-rj85-cc8g.json +++ b/advisories/unreviewed/2023/03/GHSA-pp3c-rj85-cc8g/GHSA-pp3c-rj85-cc8g.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-pp3c-rj85-cc8g", - "modified": "2023-03-31T12:30:16Z", + "modified": "2023-04-06T18:30:16Z", "published": "2023-03-31T12:30:16Z", "aliases": [ "CVE-2023-1772" ], "details": "A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -33,9 +36,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-79" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-31T12:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-pvmm-fgf7-r833/GHSA-pvmm-fgf7-r833.json b/advisories/unreviewed/2023/03/GHSA-pvmm-fgf7-r833/GHSA-pvmm-fgf7-r833.json index ec4b16424d3e5..f99f3bdac0b42 100644 --- a/advisories/unreviewed/2023/03/GHSA-pvmm-fgf7-r833/GHSA-pvmm-fgf7-r833.json +++ b/advisories/unreviewed/2023/03/GHSA-pvmm-fgf7-r833/GHSA-pvmm-fgf7-r833.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-pvmm-fgf7-r833", - "modified": "2023-03-29T21:30:15Z", + "modified": "2023-04-06T18:30:19Z", "published": "2023-03-29T21:30:15Z", "aliases": [ "CVE-2023-28507" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-400" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-qjg8-7gjq-vxf4/GHSA-qjg8-7gjq-vxf4.json b/advisories/unreviewed/2023/03/GHSA-qjg8-7gjq-vxf4/GHSA-qjg8-7gjq-vxf4.json index 9803d64e40e1c..b4c891671c3c9 100644 --- a/advisories/unreviewed/2023/03/GHSA-qjg8-7gjq-vxf4/GHSA-qjg8-7gjq-vxf4.json +++ b/advisories/unreviewed/2023/03/GHSA-qjg8-7gjq-vxf4/GHSA-qjg8-7gjq-vxf4.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-qjg8-7gjq-vxf4", - "modified": "2023-03-29T21:30:22Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T21:30:22Z", "aliases": [ "CVE-2022-27646" ], "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-121" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-v594-5w2m-322p/GHSA-v594-5w2m-322p.json b/advisories/unreviewed/2023/03/GHSA-v594-5w2m-322p/GHSA-v594-5w2m-322p.json index fbb9543cb0699..c4721eacb5fe1 100644 --- a/advisories/unreviewed/2023/03/GHSA-v594-5w2m-322p/GHSA-v594-5w2m-322p.json +++ b/advisories/unreviewed/2023/03/GHSA-v594-5w2m-322p/GHSA-v594-5w2m-322p.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-v594-5w2m-322p", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-37388" ], "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17516.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-125" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-vc38-hp22-mh4x/GHSA-vc38-hp22-mh4x.json b/advisories/unreviewed/2023/03/GHSA-vc38-hp22-mh4x/GHSA-vc38-hp22-mh4x.json index 5fe8f56a73f81..fdb999b76f4f7 100644 --- a/advisories/unreviewed/2023/03/GHSA-vc38-hp22-mh4x/GHSA-vc38-hp22-mh4x.json +++ b/advisories/unreviewed/2023/03/GHSA-vc38-hp22-mh4x/GHSA-vc38-hp22-mh4x.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-vc38-hp22-mh4x", - "modified": "2023-03-29T21:30:15Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:15Z", "aliases": [ "CVE-2023-28504" ], "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-787" ], - "severity": null, + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-vf28-x3q6-9qg2/GHSA-vf28-x3q6-9qg2.json b/advisories/unreviewed/2023/03/GHSA-vf28-x3q6-9qg2/GHSA-vf28-x3q6-9qg2.json index 275e6d46b4555..ed36873369461 100644 --- a/advisories/unreviewed/2023/03/GHSA-vf28-x3q6-9qg2/GHSA-vf28-x3q6-9qg2.json +++ b/advisories/unreviewed/2023/03/GHSA-vf28-x3q6-9qg2/GHSA-vf28-x3q6-9qg2.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-vf28-x3q6-9qg2", - "modified": "2023-03-29T06:30:19Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T06:30:19Z", "aliases": [ "CVE-2023-23355" ], "details": "A vulnerability has been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR. We have already fixed the vulnerability in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-77" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T05:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-vrvf-x4g2-cx9g/GHSA-vrvf-x4g2-cx9g.json b/advisories/unreviewed/2023/03/GHSA-vrvf-x4g2-cx9g/GHSA-vrvf-x4g2-cx9g.json index 8f10a65c32d2d..5ea687dac61f9 100644 --- a/advisories/unreviewed/2023/03/GHSA-vrvf-x4g2-cx9g/GHSA-vrvf-x4g2-cx9g.json +++ b/advisories/unreviewed/2023/03/GHSA-vrvf-x4g2-cx9g/GHSA-vrvf-x4g2-cx9g.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-vrvf-x4g2-cx9g", - "modified": "2023-03-29T21:30:20Z", + "modified": "2023-04-06T18:30:21Z", "published": "2023-03-29T21:30:20Z", "aliases": [ "CVE-2022-36982" ], "details": "This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-22" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-wf6j-p2w6-h539/GHSA-wf6j-p2w6-h539.json b/advisories/unreviewed/2023/03/GHSA-wf6j-p2w6-h539/GHSA-wf6j-p2w6-h539.json index 7852b251d58b2..5e2c1d64dc877 100644 --- a/advisories/unreviewed/2023/03/GHSA-wf6j-p2w6-h539/GHSA-wf6j-p2w6-h539.json +++ b/advisories/unreviewed/2023/03/GHSA-wf6j-p2w6-h539/GHSA-wf6j-p2w6-h539.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-wf6j-p2w6-h539", - "modified": "2023-03-29T21:30:19Z", + "modified": "2023-04-06T18:30:20Z", "published": "2023-03-29T21:30:19Z", "aliases": [ "CVE-2022-37387" ], "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17552.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ "CWE-416" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T19:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-xhfw-qhxr-hjhq/GHSA-xhfw-qhxr-hjhq.json b/advisories/unreviewed/2023/03/GHSA-xhfw-qhxr-hjhq/GHSA-xhfw-qhxr-hjhq.json index 0315a35641a34..b46625361108f 100644 --- a/advisories/unreviewed/2023/03/GHSA-xhfw-qhxr-hjhq/GHSA-xhfw-qhxr-hjhq.json +++ b/advisories/unreviewed/2023/03/GHSA-xhfw-qhxr-hjhq/GHSA-xhfw-qhxr-hjhq.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xhfw-qhxr-hjhq", - "modified": "2023-03-29T21:30:16Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T21:30:16Z", "aliases": [ "CVE-2023-0836" ], "details": "An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-459" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-29T21:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-xw5c-xwc7-95gf/GHSA-xw5c-xwc7-95gf.json b/advisories/unreviewed/2023/03/GHSA-xw5c-xwc7-95gf/GHSA-xw5c-xwc7-95gf.json index f6b6cac07a6e7..7227f3a6d4506 100644 --- a/advisories/unreviewed/2023/03/GHSA-xw5c-xwc7-95gf/GHSA-xw5c-xwc7-95gf.json +++ b/advisories/unreviewed/2023/03/GHSA-xw5c-xwc7-95gf/GHSA-xw5c-xwc7-95gf.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xw5c-xwc7-95gf", - "modified": "2023-03-31T09:30:19Z", + "modified": "2023-04-06T18:30:16Z", "published": "2023-03-31T09:30:19Z", "aliases": [ "CVE-2023-1258" ], "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-200" ], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-31T08:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-xxhf-r9rq-5rj8/GHSA-xxhf-r9rq-5rj8.json b/advisories/unreviewed/2023/03/GHSA-xxhf-r9rq-5rj8/GHSA-xxhf-r9rq-5rj8.json index 466ab4f7b11a9..7c6deaa244ce0 100644 --- a/advisories/unreviewed/2023/03/GHSA-xxhf-r9rq-5rj8/GHSA-xxhf-r9rq-5rj8.json +++ b/advisories/unreviewed/2023/03/GHSA-xxhf-r9rq-5rj8/GHSA-xxhf-r9rq-5rj8.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xxhf-r9rq-5rj8", - "modified": "2023-03-31T09:30:19Z", + "modified": "2023-04-06T18:30:15Z", "published": "2023-03-31T09:30:19Z", "aliases": [ "CVE-2023-28726" ], "details": "Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,9 +28,9 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-78" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-31T07:15:00Z" diff --git a/advisories/unreviewed/2023/03/GHSA-xxw7-44hw-5xgc/GHSA-xxw7-44hw-5xgc.json b/advisories/unreviewed/2023/03/GHSA-xxw7-44hw-5xgc/GHSA-xxw7-44hw-5xgc.json index 89fd7f9d11bc8..782f522e50f84 100644 --- a/advisories/unreviewed/2023/03/GHSA-xxw7-44hw-5xgc/GHSA-xxw7-44hw-5xgc.json +++ b/advisories/unreviewed/2023/03/GHSA-xxw7-44hw-5xgc/GHSA-xxw7-44hw-5xgc.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xxw7-44hw-5xgc", - "modified": "2023-03-29T00:30:16Z", + "modified": "2023-04-06T18:30:18Z", "published": "2023-03-29T00:30:16Z", "aliases": [ "CVE-2022-46397" ], "details": "FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ @@ -31,7 +34,7 @@ "cwe_ids": [ ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-28T22:15:00Z" diff --git a/advisories/unreviewed/2023/04/GHSA-39ph-x487-rw5g/GHSA-39ph-x487-rw5g.json b/advisories/unreviewed/2023/04/GHSA-39ph-x487-rw5g/GHSA-39ph-x487-rw5g.json new file mode 100644 index 0000000000000..9693f9345b135 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-39ph-x487-rw5g/GHSA-39ph-x487-rw5g.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-39ph-x487-rw5g", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20674" + ], + "details": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20674" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-3c9r-w7qx-rq3w/GHSA-3c9r-w7qx-rq3w.json b/advisories/unreviewed/2023/04/GHSA-3c9r-w7qx-rq3w/GHSA-3c9r-w7qx-rq3w.json new file mode 100644 index 0000000000000..d0fc22549ed1f --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-3c9r-w7qx-rq3w/GHSA-3c9r-w7qx-rq3w.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3c9r-w7qx-rq3w", + "modified": "2023-04-06T18:30:21Z", + "published": "2023-04-06T18:30:21Z", + "aliases": [ + "CVE-2022-46781" + ], + "details": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46781" + }, + { + "type": "WEB", + "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-3jgm-v75x-gfc2/GHSA-3jgm-v75x-gfc2.json b/advisories/unreviewed/2023/04/GHSA-3jgm-v75x-gfc2/GHSA-3jgm-v75x-gfc2.json new file mode 100644 index 0000000000000..1f1ca637ca5b7 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-3jgm-v75x-gfc2/GHSA-3jgm-v75x-gfc2.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3jgm-v75x-gfc2", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20681" + ], + "details": "In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20681" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-4qvr-2hph-h947/GHSA-4qvr-2hph-h947.json b/advisories/unreviewed/2023/04/GHSA-4qvr-2hph-h947/GHSA-4qvr-2hph-h947.json new file mode 100644 index 0000000000000..78fe199928eb4 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-4qvr-2hph-h947/GHSA-4qvr-2hph-h947.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4qvr-2hph-h947", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20657" + ], + "details": "In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20657" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-4vgc-jw7q-vm43/GHSA-4vgc-jw7q-vm43.json b/advisories/unreviewed/2023/04/GHSA-4vgc-jw7q-vm43/GHSA-4vgc-jw7q-vm43.json new file mode 100644 index 0000000000000..0b94b83d58502 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-4vgc-jw7q-vm43/GHSA-4vgc-jw7q-vm43.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4vgc-jw7q-vm43", + "modified": "2023-04-06T18:30:18Z", + "published": "2023-04-06T18:30:18Z", + "aliases": [ + "CVE-2023-20652" + ], + "details": "In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20652" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-637q-wqq3-x6v8/GHSA-637q-wqq3-x6v8.json b/advisories/unreviewed/2023/04/GHSA-637q-wqq3-x6v8/GHSA-637q-wqq3-x6v8.json new file mode 100644 index 0000000000000..19d21edbf2996 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-637q-wqq3-x6v8/GHSA-637q-wqq3-x6v8.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-637q-wqq3-x6v8", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20664" + ], + "details": "In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20664" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-6pxh-m5x3-c752/GHSA-6pxh-m5x3-c752.json b/advisories/unreviewed/2023/04/GHSA-6pxh-m5x3-c752/GHSA-6pxh-m5x3-c752.json new file mode 100644 index 0000000000000..2d81dccdeaad9 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-6pxh-m5x3-c752/GHSA-6pxh-m5x3-c752.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6pxh-m5x3-c752", + "modified": "2023-04-06T18:30:16Z", + "published": "2023-04-06T18:30:16Z", + "aliases": [ + "CVE-2023-20685" + ], + "details": "In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20685" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-7h7g-548g-p88x/GHSA-7h7g-548g-p88x.json b/advisories/unreviewed/2023/04/GHSA-7h7g-548g-p88x/GHSA-7h7g-548g-p88x.json new file mode 100644 index 0000000000000..855e25dd95f53 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-7h7g-548g-p88x/GHSA-7h7g-548g-p88x.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7h7g-548g-p88x", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20675" + ], + "details": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20675" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-7mgx-8745-58vp/GHSA-7mgx-8745-58vp.json b/advisories/unreviewed/2023/04/GHSA-7mgx-8745-58vp/GHSA-7mgx-8745-58vp.json new file mode 100644 index 0000000000000..3844aaecbbacf --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-7mgx-8745-58vp/GHSA-7mgx-8745-58vp.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7mgx-8745-58vp", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20680" + ], + "details": "In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20680" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-7p9g-63g3-fhgj/GHSA-7p9g-63g3-fhgj.json b/advisories/unreviewed/2023/04/GHSA-7p9g-63g3-fhgj/GHSA-7p9g-63g3-fhgj.json new file mode 100644 index 0000000000000..d4a7977dafaf6 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-7p9g-63g3-fhgj/GHSA-7p9g-63g3-fhgj.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7p9g-63g3-fhgj", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20658" + ], + "details": "In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20658" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-85p4-j66f-mvwq/GHSA-85p4-j66f-mvwq.json b/advisories/unreviewed/2023/04/GHSA-85p4-j66f-mvwq/GHSA-85p4-j66f-mvwq.json new file mode 100644 index 0000000000000..4d62d880fc6bb --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-85p4-j66f-mvwq/GHSA-85p4-j66f-mvwq.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-85p4-j66f-mvwq", + "modified": "2023-04-06T18:30:16Z", + "published": "2023-04-06T18:30:16Z", + "aliases": [ + "CVE-2023-20687" + ], + "details": "In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20687" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-8f6c-jc9v-fhwm/GHSA-8f6c-jc9v-fhwm.json b/advisories/unreviewed/2023/04/GHSA-8f6c-jc9v-fhwm/GHSA-8f6c-jc9v-fhwm.json new file mode 100644 index 0000000000000..b6afd974838da --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-8f6c-jc9v-fhwm/GHSA-8f6c-jc9v-fhwm.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8f6c-jc9v-fhwm", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20663" + ], + "details": "In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20663" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-8hfp-7pjq-xq3r/GHSA-8hfp-7pjq-xq3r.json b/advisories/unreviewed/2023/04/GHSA-8hfp-7pjq-xq3r/GHSA-8hfp-7pjq-xq3r.json new file mode 100644 index 0000000000000..a16326c2a1ce1 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-8hfp-7pjq-xq3r/GHSA-8hfp-7pjq-xq3r.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8hfp-7pjq-xq3r", + "modified": "2023-04-06T18:30:18Z", + "published": "2023-04-06T18:30:18Z", + "aliases": [ + "CVE-2022-32599" + ], + "details": "In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32599" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-8v5j-pwr7-w5f8/GHSA-8v5j-pwr7-w5f8.json b/advisories/unreviewed/2023/04/GHSA-8v5j-pwr7-w5f8/GHSA-8v5j-pwr7-w5f8.json new file mode 100644 index 0000000000000..26806e68d0f40 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-8v5j-pwr7-w5f8/GHSA-8v5j-pwr7-w5f8.json @@ -0,0 +1,47 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8v5j-pwr7-w5f8", + "modified": "2023-04-06T18:30:21Z", + "published": "2023-04-06T18:30:21Z", + "aliases": [ + "CVE-2023-24534" + ], + "details": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534" + }, + { + "type": "WEB", + "url": "https://go.dev/cl/481994" + }, + { + "type": "WEB", + "url": "https://go.dev/issue/58975" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" + }, + { + "type": "WEB", + "url": "https://pkg.go.dev/vuln/GO-2023-1704" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-9f7g-gqwh-jpf5/GHSA-9f7g-gqwh-jpf5.json b/advisories/unreviewed/2023/04/GHSA-9f7g-gqwh-jpf5/GHSA-9f7g-gqwh-jpf5.json new file mode 100644 index 0000000000000..173257ffdf598 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-9f7g-gqwh-jpf5/GHSA-9f7g-gqwh-jpf5.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9f7g-gqwh-jpf5", + "modified": "2023-04-06T18:30:21Z", + "published": "2023-04-06T18:30:21Z", + "aliases": [ + "CVE-2023-24536" + ], + "details": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536" + }, + { + "type": "WEB", + "url": "https://go.dev/cl/482075" + }, + { + "type": "WEB", + "url": "https://go.dev/cl/482076" + }, + { + "type": "WEB", + "url": "https://go.dev/cl/482077" + }, + { + "type": "WEB", + "url": "https://go.dev/issue/59153" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" + }, + { + "type": "WEB", + "url": "https://pkg.go.dev/vuln/GO-2023-1705" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-9p5f-g2wv-w9w9/GHSA-9p5f-g2wv-w9w9.json b/advisories/unreviewed/2023/04/GHSA-9p5f-g2wv-w9w9/GHSA-9p5f-g2wv-w9w9.json new file mode 100644 index 0000000000000..52184446fa8fe --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-9p5f-g2wv-w9w9/GHSA-9p5f-g2wv-w9w9.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9p5f-g2wv-w9w9", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20659" + ], + "details": "In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20659" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-c2xc-7cgf-x32h/GHSA-c2xc-7cgf-x32h.json b/advisories/unreviewed/2023/04/GHSA-c2xc-7cgf-x32h/GHSA-c2xc-7cgf-x32h.json new file mode 100644 index 0000000000000..466fc1b48db69 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-c2xc-7cgf-x32h/GHSA-c2xc-7cgf-x32h.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c2xc-7cgf-x32h", + "modified": "2023-04-06T18:30:19Z", + "published": "2023-04-06T18:30:19Z", + "aliases": [ + "CVE-2023-0580" + ], + "details": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0580" + }, + { + "type": "WEB", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T17:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-cmjm-8mpc-4gh4/GHSA-cmjm-8mpc-4gh4.json b/advisories/unreviewed/2023/04/GHSA-cmjm-8mpc-4gh4/GHSA-cmjm-8mpc-4gh4.json new file mode 100644 index 0000000000000..d9f9f78a365b4 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-cmjm-8mpc-4gh4/GHSA-cmjm-8mpc-4gh4.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cmjm-8mpc-4gh4", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20666" + ], + "details": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20666" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-cqp4-5mq6-q79h/GHSA-cqp4-5mq6-q79h.json b/advisories/unreviewed/2023/04/GHSA-cqp4-5mq6-q79h/GHSA-cqp4-5mq6-q79h.json new file mode 100644 index 0000000000000..0a464d877220f --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-cqp4-5mq6-q79h/GHSA-cqp4-5mq6-q79h.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cqp4-5mq6-q79h", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20676" + ], + "details": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20676" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-f6vq-4jgh-q77m/GHSA-f6vq-4jgh-q77m.json b/advisories/unreviewed/2023/04/GHSA-f6vq-4jgh-q77m/GHSA-f6vq-4jgh-q77m.json new file mode 100644 index 0000000000000..9a2ca32f2b971 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-f6vq-4jgh-q77m/GHSA-f6vq-4jgh-q77m.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f6vq-4jgh-q77m", + "modified": "2023-04-06T18:30:18Z", + "published": "2023-04-06T18:30:18Z", + "aliases": [ + "CVE-2023-20653" + ], + "details": "In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20653" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-fp86-2355-v99r/GHSA-fp86-2355-v99r.json b/advisories/unreviewed/2023/04/GHSA-fp86-2355-v99r/GHSA-fp86-2355-v99r.json new file mode 100644 index 0000000000000..913b9ef30bf98 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-fp86-2355-v99r/GHSA-fp86-2355-v99r.json @@ -0,0 +1,47 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fp86-2355-v99r", + "modified": "2023-04-06T18:30:21Z", + "published": "2023-04-06T18:30:21Z", + "aliases": [ + "CVE-2023-24537" + ], + "details": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537" + }, + { + "type": "WEB", + "url": "https://go.dev/cl/482078" + }, + { + "type": "WEB", + "url": "https://go.dev/issue/59180" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" + }, + { + "type": "WEB", + "url": "https://pkg.go.dev/vuln/GO-2023-1702" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-frqm-jxhr-mq8w/GHSA-frqm-jxhr-mq8w.json b/advisories/unreviewed/2023/04/GHSA-frqm-jxhr-mq8w/GHSA-frqm-jxhr-mq8w.json new file mode 100644 index 0000000000000..16eb28c40d64e --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-frqm-jxhr-mq8w/GHSA-frqm-jxhr-mq8w.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-frqm-jxhr-mq8w", + "modified": "2023-04-06T18:30:18Z", + "published": "2023-04-06T18:30:18Z", + "aliases": [ + "CVE-2023-20654" + ], + "details": "In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20654" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-gfq3-95xq-g4jg/GHSA-gfq3-95xq-g4jg.json b/advisories/unreviewed/2023/04/GHSA-gfq3-95xq-g4jg/GHSA-gfq3-95xq-g4jg.json new file mode 100644 index 0000000000000..261f01bd0d6cb --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-gfq3-95xq-g4jg/GHSA-gfq3-95xq-g4jg.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gfq3-95xq-g4jg", + "modified": "2023-04-06T18:30:18Z", + "published": "2023-04-06T18:30:18Z", + "aliases": [ + "CVE-2023-20656" + ], + "details": "In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20656" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-ggw3-vfpp-xgwh/GHSA-ggw3-vfpp-xgwh.json b/advisories/unreviewed/2023/04/GHSA-ggw3-vfpp-xgwh/GHSA-ggw3-vfpp-xgwh.json new file mode 100644 index 0000000000000..1d678ccb4722c --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-ggw3-vfpp-xgwh/GHSA-ggw3-vfpp-xgwh.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ggw3-vfpp-xgwh", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20660" + ], + "details": "In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20660" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-gqg6-q62h-373r/GHSA-gqg6-q62h-373r.json b/advisories/unreviewed/2023/04/GHSA-gqg6-q62h-373r/GHSA-gqg6-q62h-373r.json new file mode 100644 index 0000000000000..03b3f753f6d83 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-gqg6-q62h-373r/GHSA-gqg6-q62h-373r.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gqg6-q62h-373r", + "modified": "2023-04-06T18:30:18Z", + "published": "2023-04-06T18:30:18Z", + "aliases": [ + "CVE-2023-20655" + ], + "details": "In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20655" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-hm72-c465-ffvp/GHSA-hm72-c465-ffvp.json b/advisories/unreviewed/2023/04/GHSA-hm72-c465-ffvp/GHSA-hm72-c465-ffvp.json new file mode 100644 index 0000000000000..12e7da67ee062 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-hm72-c465-ffvp/GHSA-hm72-c465-ffvp.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hm72-c465-ffvp", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20661" + ], + "details": "In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20661" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-j5gj-g4cc-754w/GHSA-j5gj-g4cc-754w.json b/advisories/unreviewed/2023/04/GHSA-j5gj-g4cc-754w/GHSA-j5gj-g4cc-754w.json new file mode 100644 index 0000000000000..3fd088d0eb4d4 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-j5gj-g4cc-754w/GHSA-j5gj-g4cc-754w.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j5gj-g4cc-754w", + "modified": "2023-04-06T18:30:16Z", + "published": "2023-04-06T18:30:16Z", + "aliases": [ + "CVE-2023-20686" + ], + "details": "In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20686" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-jj6r-5jxq-c8cw/GHSA-jj6r-5jxq-c8cw.json b/advisories/unreviewed/2023/04/GHSA-jj6r-5jxq-c8cw/GHSA-jj6r-5jxq-c8cw.json new file mode 100644 index 0000000000000..b6b06e466bb12 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-jj6r-5jxq-c8cw/GHSA-jj6r-5jxq-c8cw.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jj6r-5jxq-c8cw", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20677" + ], + "details": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20677" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-mr9w-55jg-hq87/GHSA-mr9w-55jg-hq87.json b/advisories/unreviewed/2023/04/GHSA-mr9w-55jg-hq87/GHSA-mr9w-55jg-hq87.json new file mode 100644 index 0000000000000..a9b4c3148d7ae --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-mr9w-55jg-hq87/GHSA-mr9w-55jg-hq87.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mr9w-55jg-hq87", + "modified": "2023-04-06T18:30:16Z", + "published": "2023-04-06T18:30:16Z", + "aliases": [ + "CVE-2023-20688" + ], + "details": "In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20688" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-mx54-78g5-6r6j/GHSA-mx54-78g5-6r6j.json b/advisories/unreviewed/2023/04/GHSA-mx54-78g5-6r6j/GHSA-mx54-78g5-6r6j.json new file mode 100644 index 0000000000000..35e9cdbabd348 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-mx54-78g5-6r6j/GHSA-mx54-78g5-6r6j.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mx54-78g5-6r6j", + "modified": "2023-04-06T18:30:16Z", + "published": "2023-04-06T18:30:16Z", + "aliases": [ + "CVE-2023-20684" + ], + "details": "In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20684" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-p98c-jrxv-7m76/GHSA-p98c-jrxv-7m76.json b/advisories/unreviewed/2023/04/GHSA-p98c-jrxv-7m76/GHSA-p98c-jrxv-7m76.json new file mode 100644 index 0000000000000..40b36e6aa1b01 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-p98c-jrxv-7m76/GHSA-p98c-jrxv-7m76.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p98c-jrxv-7m76", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20670" + ], + "details": "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20670" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-pjv6-q9xq-x489/GHSA-pjv6-q9xq-x489.json b/advisories/unreviewed/2023/04/GHSA-pjv6-q9xq-x489/GHSA-pjv6-q9xq-x489.json new file mode 100644 index 0000000000000..ae091255f1e2d --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-pjv6-q9xq-x489/GHSA-pjv6-q9xq-x489.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pjv6-q9xq-x489", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20679" + ], + "details": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20679" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-r6rg-3rf4-rhw7/GHSA-r6rg-3rf4-rhw7.json b/advisories/unreviewed/2023/04/GHSA-r6rg-3rf4-rhw7/GHSA-r6rg-3rf4-rhw7.json new file mode 100644 index 0000000000000..2c2d2abed08d8 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-r6rg-3rf4-rhw7/GHSA-r6rg-3rf4-rhw7.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r6rg-3rf4-rhw7", + "modified": "2023-04-06T18:30:16Z", + "published": "2023-04-06T18:30:16Z", + "aliases": [ + "CVE-2023-20682" + ], + "details": "In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20682" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-r8ww-jwqh-vfcj/GHSA-r8ww-jwqh-vfcj.json b/advisories/unreviewed/2023/04/GHSA-r8ww-jwqh-vfcj/GHSA-r8ww-jwqh-vfcj.json new file mode 100644 index 0000000000000..851954dc0e24e --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-r8ww-jwqh-vfcj/GHSA-r8ww-jwqh-vfcj.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8ww-jwqh-vfcj", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20662" + ], + "details": "In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20662" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-v4m2-x4rp-hv22/GHSA-v4m2-x4rp-hv22.json b/advisories/unreviewed/2023/04/GHSA-v4m2-x4rp-hv22/GHSA-v4m2-x4rp-hv22.json new file mode 100644 index 0000000000000..3cc5f262a120d --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-v4m2-x4rp-hv22/GHSA-v4m2-x4rp-hv22.json @@ -0,0 +1,47 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v4m2-x4rp-hv22", + "modified": "2023-04-06T18:30:21Z", + "published": "2023-04-06T18:30:21Z", + "aliases": [ + "CVE-2023-24538" + ], + "details": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538" + }, + { + "type": "WEB", + "url": "https://go.dev/cl/482079" + }, + { + "type": "WEB", + "url": "https://go.dev/issue/59234" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" + }, + { + "type": "WEB", + "url": "https://pkg.go.dev/vuln/GO-2023-1703" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-vmmc-hrcp-2f4p/GHSA-vmmc-hrcp-2f4p.json b/advisories/unreviewed/2023/04/GHSA-vmmc-hrcp-2f4p/GHSA-vmmc-hrcp-2f4p.json new file mode 100644 index 0000000000000..9f8186cbbea4c --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-vmmc-hrcp-2f4p/GHSA-vmmc-hrcp-2f4p.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vmmc-hrcp-2f4p", + "modified": "2023-04-06T18:30:17Z", + "published": "2023-04-06T18:30:17Z", + "aliases": [ + "CVE-2023-20665" + ], + "details": "In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20665" + }, + { + "type": "WEB", + "url": "https://corp.mediatek.com/product-security-bulletin/April-2023" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-x5vw-7f44-jrxq/GHSA-x5vw-7f44-jrxq.json b/advisories/unreviewed/2023/04/GHSA-x5vw-7f44-jrxq/GHSA-x5vw-7f44-jrxq.json new file mode 100644 index 0000000000000..dd7d6a0c7ffdf --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-x5vw-7f44-jrxq/GHSA-x5vw-7f44-jrxq.json @@ -0,0 +1,43 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x5vw-7f44-jrxq", + "modified": "2023-04-06T18:30:18Z", + "published": "2023-04-06T18:30:18Z", + "aliases": [ + "CVE-2020-19678" + ], + "details": "Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19678" + }, + { + "type": "WEB", + "url": "https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3" + }, + { + "type": "WEB", + "url": "https://pastebin.com/8dj59053" + }, + { + "type": "WEB", + "url": "http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T18:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/04/GHSA-xfv3-jp8h-q7v6/GHSA-xfv3-jp8h-q7v6.json b/advisories/unreviewed/2023/04/GHSA-xfv3-jp8h-q7v6/GHSA-xfv3-jp8h-q7v6.json new file mode 100644 index 0000000000000..2619bfe187de4 --- /dev/null +++ b/advisories/unreviewed/2023/04/GHSA-xfv3-jp8h-q7v6/GHSA-xfv3-jp8h-q7v6.json @@ -0,0 +1,43 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xfv3-jp8h-q7v6", + "modified": "2023-04-06T18:30:21Z", + "published": "2023-04-06T18:30:21Z", + "aliases": [ + "CVE-2023-26083" + ], + "details": "Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26083" + }, + { + "type": "WEB", + "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities" + }, + { + "type": "WEB", + "url": "https://www.cybersecurity-help.cz/vdb/SB2023033049" + }, + { + "type": "WEB", + "url": "https://www.cybersecurity-help.cz/vulnerabilities/74210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2023-04-06T16:15:00Z" + } +} \ No newline at end of file