From f276ec941898fc79ea5b6099d847fdf4d8b1b9e9 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 10 May 2023 06:31:41 +0000 Subject: [PATCH] Advisory Database Sync --- .../GHSA-23pf-hqh5-742m.json | 39 +++++++++++++ .../GHSA-3r96-chfr-mwjp.json | 50 +++++++++++++++++ .../GHSA-4qvj-3p36-qxpv.json | 55 +++++++++++++++++++ .../GHSA-5fv5-gvx6-w9hh.json | 9 ++- .../GHSA-6gp6-xj27-g89q.json | 42 ++++++++++++++ .../GHSA-6q7w-3rwf-fh47.json | 39 +++++++++++++ .../GHSA-6vqj-7hpc-pvfj.json | 9 ++- .../GHSA-8crc-hv97-gjhh.json | 39 +++++++++++++ .../GHSA-8ffh-r455-9955.json | 55 +++++++++++++++++++ .../GHSA-9vmr-frgp-5398.json | 38 +++++++++++++ .../GHSA-ccc3-c3hc-g88x.json | 55 +++++++++++++++++++ .../GHSA-cjj2-fjv5-5qrq.json | 39 +++++++++++++ .../GHSA-g3x7-rm82-3mw8.json | 39 +++++++++++++ .../GHSA-g947-422m-hr7p.json | 42 ++++++++++++++ .../GHSA-gh9g-f4xx-9qwq.json | 38 +++++++++++++ .../GHSA-j4pf-2mmw-4h4r.json | 39 +++++++++++++ .../GHSA-j93v-cx26-2xc4.json | 42 ++++++++++++++ .../GHSA-m4jm-xmcc-hjcm.json | 55 +++++++++++++++++++ .../GHSA-mc83-5hwv-9c74.json | 35 ++++++++++++ .../GHSA-pjf4-g4fp-5xqm.json | 35 ++++++++++++ .../GHSA-pm5m-2p5c-6mv8.json | 9 ++- .../GHSA-pmq5-34w8-5c92.json | 55 +++++++++++++++++++ .../GHSA-q3w6-ggw8-49fj.json | 9 ++- .../GHSA-qwcg-gr98-8m32.json | 55 +++++++++++++++++++ .../GHSA-r74h-vqgq-qwxv.json | 9 ++- .../GHSA-rq6m-h9wr-jfpr.json | 55 +++++++++++++++++++ .../GHSA-v2pm-rv6h-9g9p.json | 50 +++++++++++++++++ .../GHSA-v4hm-xqrg-4qfp.json | 39 +++++++++++++ .../GHSA-vcxh-qvgr-9fw9.json | 42 ++++++++++++++ .../GHSA-w8mq-qvgq-hhjw.json | 46 ++++++++++++++++ .../GHSA-w9q9-jw2h-8gp3.json | 55 +++++++++++++++++++ .../GHSA-wv4v-2jhr-66qm.json | 9 ++- .../GHSA-ww2f-6g2m-fwjx.json | 55 +++++++++++++++++++ .../GHSA-wxpm-6qqj-jg73.json | 39 +++++++++++++ 34 files changed, 1303 insertions(+), 18 deletions(-) create mode 100644 advisories/unreviewed/2023/05/GHSA-23pf-hqh5-742m/GHSA-23pf-hqh5-742m.json create mode 100644 advisories/unreviewed/2023/05/GHSA-3r96-chfr-mwjp/GHSA-3r96-chfr-mwjp.json create mode 100644 advisories/unreviewed/2023/05/GHSA-4qvj-3p36-qxpv/GHSA-4qvj-3p36-qxpv.json create mode 100644 advisories/unreviewed/2023/05/GHSA-6gp6-xj27-g89q/GHSA-6gp6-xj27-g89q.json create mode 100644 advisories/unreviewed/2023/05/GHSA-6q7w-3rwf-fh47/GHSA-6q7w-3rwf-fh47.json create mode 100644 advisories/unreviewed/2023/05/GHSA-8crc-hv97-gjhh/GHSA-8crc-hv97-gjhh.json create mode 100644 advisories/unreviewed/2023/05/GHSA-8ffh-r455-9955/GHSA-8ffh-r455-9955.json create mode 100644 advisories/unreviewed/2023/05/GHSA-9vmr-frgp-5398/GHSA-9vmr-frgp-5398.json create mode 100644 advisories/unreviewed/2023/05/GHSA-ccc3-c3hc-g88x/GHSA-ccc3-c3hc-g88x.json create mode 100644 advisories/unreviewed/2023/05/GHSA-cjj2-fjv5-5qrq/GHSA-cjj2-fjv5-5qrq.json create mode 100644 advisories/unreviewed/2023/05/GHSA-g3x7-rm82-3mw8/GHSA-g3x7-rm82-3mw8.json create mode 100644 advisories/unreviewed/2023/05/GHSA-g947-422m-hr7p/GHSA-g947-422m-hr7p.json create mode 100644 advisories/unreviewed/2023/05/GHSA-gh9g-f4xx-9qwq/GHSA-gh9g-f4xx-9qwq.json create mode 100644 advisories/unreviewed/2023/05/GHSA-j4pf-2mmw-4h4r/GHSA-j4pf-2mmw-4h4r.json create mode 100644 advisories/unreviewed/2023/05/GHSA-j93v-cx26-2xc4/GHSA-j93v-cx26-2xc4.json create mode 100644 advisories/unreviewed/2023/05/GHSA-m4jm-xmcc-hjcm/GHSA-m4jm-xmcc-hjcm.json create mode 100644 advisories/unreviewed/2023/05/GHSA-mc83-5hwv-9c74/GHSA-mc83-5hwv-9c74.json create mode 100644 advisories/unreviewed/2023/05/GHSA-pjf4-g4fp-5xqm/GHSA-pjf4-g4fp-5xqm.json create mode 100644 advisories/unreviewed/2023/05/GHSA-pmq5-34w8-5c92/GHSA-pmq5-34w8-5c92.json create mode 100644 advisories/unreviewed/2023/05/GHSA-qwcg-gr98-8m32/GHSA-qwcg-gr98-8m32.json create mode 100644 advisories/unreviewed/2023/05/GHSA-rq6m-h9wr-jfpr/GHSA-rq6m-h9wr-jfpr.json create mode 100644 advisories/unreviewed/2023/05/GHSA-v2pm-rv6h-9g9p/GHSA-v2pm-rv6h-9g9p.json create mode 100644 advisories/unreviewed/2023/05/GHSA-v4hm-xqrg-4qfp/GHSA-v4hm-xqrg-4qfp.json create mode 100644 advisories/unreviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json create mode 100644 advisories/unreviewed/2023/05/GHSA-w8mq-qvgq-hhjw/GHSA-w8mq-qvgq-hhjw.json create mode 100644 advisories/unreviewed/2023/05/GHSA-w9q9-jw2h-8gp3/GHSA-w9q9-jw2h-8gp3.json create mode 100644 advisories/unreviewed/2023/05/GHSA-ww2f-6g2m-fwjx/GHSA-ww2f-6g2m-fwjx.json create mode 100644 advisories/unreviewed/2023/05/GHSA-wxpm-6qqj-jg73/GHSA-wxpm-6qqj-jg73.json diff --git a/advisories/unreviewed/2023/05/GHSA-23pf-hqh5-742m/GHSA-23pf-hqh5-742m.json b/advisories/unreviewed/2023/05/GHSA-23pf-hqh5-742m/GHSA-23pf-hqh5-742m.json new file mode 100644 index 0000000000000..defe447758602 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-23pf-hqh5-742m/GHSA-23pf-hqh5-742m.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-23pf-hqh5-742m", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-27385" + ], + "details": "Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27385" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/vu/JVNVU97372625/" + }, + { + "type": "WEB", + "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-004_en.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-3r96-chfr-mwjp/GHSA-3r96-chfr-mwjp.json b/advisories/unreviewed/2023/05/GHSA-3r96-chfr-mwjp/GHSA-3r96-chfr-mwjp.json new file mode 100644 index 0000000000000..7fda70c4a2a46 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-3r96-chfr-mwjp/GHSA-3r96-chfr-mwjp.json @@ -0,0 +1,50 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3r96-chfr-mwjp", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-2617" + ], + "details": "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2617" + }, + { + "type": "WEB", + "url": "https://github.com/opencv/opencv_contrib/pull/3480" + }, + { + "type": "WEB", + "url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.228547" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.228547" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-4qvj-3p36-qxpv/GHSA-4qvj-3p36-qxpv.json b/advisories/unreviewed/2023/05/GHSA-4qvj-3p36-qxpv/GHSA-4qvj-3p36-qxpv.json new file mode 100644 index 0000000000000..26a4382016b79 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-4qvj-3p36-qxpv/GHSA-4qvj-3p36-qxpv.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4qvj-3p36-qxpv", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-25072" + ], + "details": "Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25072" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-5fv5-gvx6-w9hh/GHSA-5fv5-gvx6-w9hh.json b/advisories/unreviewed/2023/05/GHSA-5fv5-gvx6-w9hh/GHSA-5fv5-gvx6-w9hh.json index 66f100a3c99e8..7c684a4744746 100644 --- a/advisories/unreviewed/2023/05/GHSA-5fv5-gvx6-w9hh/GHSA-5fv5-gvx6-w9hh.json +++ b/advisories/unreviewed/2023/05/GHSA-5fv5-gvx6-w9hh/GHSA-5fv5-gvx6-w9hh.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-5fv5-gvx6-w9hh", - "modified": "2023-05-02T21:31:48Z", + "modified": "2023-05-10T06:30:26Z", "published": "2023-05-02T21:31:48Z", "aliases": [ "CVE-2023-31434" ], "details": "The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-79" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/05/GHSA-6gp6-xj27-g89q/GHSA-6gp6-xj27-g89q.json b/advisories/unreviewed/2023/05/GHSA-6gp6-xj27-g89q/GHSA-6gp6-xj27-g89q.json new file mode 100644 index 0000000000000..fbb1f2b6d4e8f --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-6gp6-xj27-g89q/GHSA-6gp6-xj27-g89q.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6gp6-xj27-g89q", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-2614" + ], + "details": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614" + }, + { + "type": "WEB", + "url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-6q7w-3rwf-fh47/GHSA-6q7w-3rwf-fh47.json b/advisories/unreviewed/2023/05/GHSA-6q7w-3rwf-fh47/GHSA-6q7w-3rwf-fh47.json new file mode 100644 index 0000000000000..2edbf2f8f63ff --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-6q7w-3rwf-fh47/GHSA-6q7w-3rwf-fh47.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6q7w-3rwf-fh47", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-32570" + ], + "details": "VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32570" + }, + { + "type": "WEB", + "url": "https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa" + }, + { + "type": "WEB", + "url": "https://code.videolan.org/videolan/dav1d/-/tags/1.2.0" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-6vqj-7hpc-pvfj/GHSA-6vqj-7hpc-pvfj.json b/advisories/unreviewed/2023/05/GHSA-6vqj-7hpc-pvfj/GHSA-6vqj-7hpc-pvfj.json index a953ffee40d2a..9c0bf7a361fbf 100644 --- a/advisories/unreviewed/2023/05/GHSA-6vqj-7hpc-pvfj/GHSA-6vqj-7hpc-pvfj.json +++ b/advisories/unreviewed/2023/05/GHSA-6vqj-7hpc-pvfj/GHSA-6vqj-7hpc-pvfj.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-6vqj-7hpc-pvfj", - "modified": "2023-05-03T21:30:18Z", + "modified": "2023-05-10T06:30:27Z", "published": "2023-05-03T21:30:18Z", "aliases": [ "CVE-2020-22429" ], "details": "redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/05/GHSA-8crc-hv97-gjhh/GHSA-8crc-hv97-gjhh.json b/advisories/unreviewed/2023/05/GHSA-8crc-hv97-gjhh/GHSA-8crc-hv97-gjhh.json new file mode 100644 index 0000000000000..e925978212ff2 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-8crc-hv97-gjhh/GHSA-8crc-hv97-gjhh.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8crc-hv97-gjhh", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-27888" + ], + "details": "Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27888" + }, + { + "type": "WEB", + "url": "https://joruri-pwm.jp/org/docs/2022093000017/" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN87559956/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-8ffh-r455-9955/GHSA-8ffh-r455-9955.json b/advisories/unreviewed/2023/05/GHSA-8ffh-r455-9955/GHSA-8ffh-r455-9955.json new file mode 100644 index 0000000000000..060a0d32d5c82 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-8ffh-r455-9955/GHSA-8ffh-r455-9955.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8ffh-r455-9955", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-22361" + ], + "details": "Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22361" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-9vmr-frgp-5398/GHSA-9vmr-frgp-5398.json b/advisories/unreviewed/2023/05/GHSA-9vmr-frgp-5398/GHSA-9vmr-frgp-5398.json new file mode 100644 index 0000000000000..7ac1382e54941 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-9vmr-frgp-5398/GHSA-9vmr-frgp-5398.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9vmr-frgp-5398", + "modified": "2023-05-10T06:30:27Z", + "published": "2023-05-10T06:30:27Z", + "aliases": [ + "CVE-2023-32568" + ], + "details": "An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32568" + }, + { + "type": "WEB", + "url": "https://www.veritas.com/content/support/en_US/security/VTS23-007" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-ccc3-c3hc-g88x/GHSA-ccc3-c3hc-g88x.json b/advisories/unreviewed/2023/05/GHSA-ccc3-c3hc-g88x/GHSA-ccc3-c3hc-g88x.json new file mode 100644 index 0000000000000..b12cfe2103301 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-ccc3-c3hc-g88x/GHSA-ccc3-c3hc-g88x.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ccc3-c3hc-g88x", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-24586" + ], + "details": "Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24586" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-cjj2-fjv5-5qrq/GHSA-cjj2-fjv5-5qrq.json b/advisories/unreviewed/2023/05/GHSA-cjj2-fjv5-5qrq/GHSA-cjj2-fjv5-5qrq.json new file mode 100644 index 0000000000000..7fd31c2631dd0 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-cjj2-fjv5-5qrq/GHSA-cjj2-fjv5-5qrq.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cjj2-fjv5-5qrq", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-27527" + ], + "details": "Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27527" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN73178249/" + }, + { + "type": "WEB", + "url": "https://www.touki-kyoutaku-online.moj.go.jp/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-g3x7-rm82-3mw8/GHSA-g3x7-rm82-3mw8.json b/advisories/unreviewed/2023/05/GHSA-g3x7-rm82-3mw8/GHSA-g3x7-rm82-3mw8.json new file mode 100644 index 0000000000000..09a5744b7fe70 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-g3x7-rm82-3mw8/GHSA-g3x7-rm82-3mw8.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g3x7-rm82-3mw8", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-27510" + ], + "details": "JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27510" + }, + { + "type": "WEB", + "url": "https://jubei.co.jp/formmail/info20230414.html" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN36340790/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-g947-422m-hr7p/GHSA-g947-422m-hr7p.json b/advisories/unreviewed/2023/05/GHSA-g947-422m-hr7p/GHSA-g947-422m-hr7p.json new file mode 100644 index 0000000000000..1134e5a11ee41 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-g947-422m-hr7p/GHSA-g947-422m-hr7p.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g947-422m-hr7p", + "modified": "2023-05-10T06:30:27Z", + "published": "2023-05-10T06:30:27Z", + "aliases": [ + "CVE-2023-2616" + ], + "details": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2616" + }, + { + "type": "WEB", + "url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-gh9g-f4xx-9qwq/GHSA-gh9g-f4xx-9qwq.json b/advisories/unreviewed/2023/05/GHSA-gh9g-f4xx-9qwq/GHSA-gh9g-f4xx-9qwq.json new file mode 100644 index 0000000000000..c65d0f6f9c843 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-gh9g-f4xx-9qwq/GHSA-gh9g-f4xx-9qwq.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gh9g-f4xx-9qwq", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-32569" + ], + "details": "An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32569" + }, + { + "type": "WEB", + "url": "https://www.veritas.com/content/support/en_US/security/VTS23-007" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-j4pf-2mmw-4h4r/GHSA-j4pf-2mmw-4h4r.json b/advisories/unreviewed/2023/05/GHSA-j4pf-2mmw-4h4r/GHSA-j4pf-2mmw-4h4r.json new file mode 100644 index 0000000000000..a8f96fb307f25 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-j4pf-2mmw-4h4r/GHSA-j4pf-2mmw-4h4r.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j4pf-2mmw-4h4r", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-27918" + ], + "details": "Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27918" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN00971105/" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/ameliabooking/#developers" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-j93v-cx26-2xc4/GHSA-j93v-cx26-2xc4.json b/advisories/unreviewed/2023/05/GHSA-j93v-cx26-2xc4/GHSA-j93v-cx26-2xc4.json new file mode 100644 index 0000000000000..14c4b919dd12f --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-j93v-cx26-2xc4/GHSA-j93v-cx26-2xc4.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j93v-cx26-2xc4", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-2615" + ], + "details": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2615" + }, + { + "type": "WEB", + "url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-m4jm-xmcc-hjcm/GHSA-m4jm-xmcc-hjcm.json b/advisories/unreviewed/2023/05/GHSA-m4jm-xmcc-hjcm/GHSA-m4jm-xmcc-hjcm.json new file mode 100644 index 0000000000000..6827dd0a5072a --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-m4jm-xmcc-hjcm/GHSA-m4jm-xmcc-hjcm.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m4jm-xmcc-hjcm", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-23901" + ], + "details": "Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23901" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-mc83-5hwv-9c74/GHSA-mc83-5hwv-9c74.json b/advisories/unreviewed/2023/05/GHSA-mc83-5hwv-9c74/GHSA-mc83-5hwv-9c74.json new file mode 100644 index 0000000000000..09187b0324fa1 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-mc83-5hwv-9c74/GHSA-mc83-5hwv-9c74.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mc83-5hwv-9c74", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2022-4008" + ], + "details": "In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4008" + }, + { + "type": "WEB", + "url": "https://advisories.octopus.com/post/2023/sa2023-08/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-pjf4-g4fp-5xqm/GHSA-pjf4-g4fp-5xqm.json b/advisories/unreviewed/2023/05/GHSA-pjf4-g4fp-5xqm/GHSA-pjf4-g4fp-5xqm.json new file mode 100644 index 0000000000000..1334484d215d6 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-pjf4-g4fp-5xqm/GHSA-pjf4-g4fp-5xqm.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pjf4-g4fp-5xqm", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-32573" + ], + "details": "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573" + }, + { + "type": "WEB", + "url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-pm5m-2p5c-6mv8/GHSA-pm5m-2p5c-6mv8.json b/advisories/unreviewed/2023/05/GHSA-pm5m-2p5c-6mv8/GHSA-pm5m-2p5c-6mv8.json index 82dd25ab705fc..57ca82963b6c9 100644 --- a/advisories/unreviewed/2023/05/GHSA-pm5m-2p5c-6mv8/GHSA-pm5m-2p5c-6mv8.json +++ b/advisories/unreviewed/2023/05/GHSA-pm5m-2p5c-6mv8/GHSA-pm5m-2p5c-6mv8.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-pm5m-2p5c-6mv8", - "modified": "2023-05-03T21:30:18Z", + "modified": "2023-05-10T06:30:27Z", "published": "2023-05-03T21:30:18Z", "aliases": [ "CVE-2023-30300" ], "details": "An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-835" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/05/GHSA-pmq5-34w8-5c92/GHSA-pmq5-34w8-5c92.json b/advisories/unreviewed/2023/05/GHSA-pmq5-34w8-5c92/GHSA-pmq5-34w8-5c92.json new file mode 100644 index 0000000000000..0b58347384e6b --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-pmq5-34w8-5c92/GHSA-pmq5-34w8-5c92.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmq5-34w8-5c92", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-23578" + ], + "details": "Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23578" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-q3w6-ggw8-49fj/GHSA-q3w6-ggw8-49fj.json b/advisories/unreviewed/2023/05/GHSA-q3w6-ggw8-49fj/GHSA-q3w6-ggw8-49fj.json index 86aff2bca0007..af182990e96e8 100644 --- a/advisories/unreviewed/2023/05/GHSA-q3w6-ggw8-49fj/GHSA-q3w6-ggw8-49fj.json +++ b/advisories/unreviewed/2023/05/GHSA-q3w6-ggw8-49fj/GHSA-q3w6-ggw8-49fj.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-q3w6-ggw8-49fj", - "modified": "2023-05-02T21:31:49Z", + "modified": "2023-05-10T06:30:26Z", "published": "2023-05-02T21:31:49Z", "aliases": [ "CVE-2023-31435" ], "details": "Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-863" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/05/GHSA-qwcg-gr98-8m32/GHSA-qwcg-gr98-8m32.json b/advisories/unreviewed/2023/05/GHSA-qwcg-gr98-8m32/GHSA-qwcg-gr98-8m32.json new file mode 100644 index 0000000000000..97d2f3bb25a3e --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-qwcg-gr98-8m32/GHSA-qwcg-gr98-8m32.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qwcg-gr98-8m32", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-22441" + ], + "details": "Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22441" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-r74h-vqgq-qwxv/GHSA-r74h-vqgq-qwxv.json b/advisories/unreviewed/2023/05/GHSA-r74h-vqgq-qwxv/GHSA-r74h-vqgq-qwxv.json index c203face4fd46..bd3347bf4fb27 100644 --- a/advisories/unreviewed/2023/05/GHSA-r74h-vqgq-qwxv/GHSA-r74h-vqgq-qwxv.json +++ b/advisories/unreviewed/2023/05/GHSA-r74h-vqgq-qwxv/GHSA-r74h-vqgq-qwxv.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-r74h-vqgq-qwxv", - "modified": "2023-05-03T21:30:18Z", + "modified": "2023-05-10T06:30:27Z", "published": "2023-05-03T21:30:18Z", "aliases": [ "CVE-2023-24744" ], "details": "Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-79" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/05/GHSA-rq6m-h9wr-jfpr/GHSA-rq6m-h9wr-jfpr.json b/advisories/unreviewed/2023/05/GHSA-rq6m-h9wr-jfpr/GHSA-rq6m-h9wr-jfpr.json new file mode 100644 index 0000000000000..06718878e1617 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-rq6m-h9wr-jfpr/GHSA-rq6m-h9wr-jfpr.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rq6m-h9wr-jfpr", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-25184" + ], + "details": "Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25184" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-v2pm-rv6h-9g9p/GHSA-v2pm-rv6h-9g9p.json b/advisories/unreviewed/2023/05/GHSA-v2pm-rv6h-9g9p/GHSA-v2pm-rv6h-9g9p.json new file mode 100644 index 0000000000000..62723498afc0a --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-v2pm-rv6h-9g9p/GHSA-v2pm-rv6h-9g9p.json @@ -0,0 +1,50 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v2pm-rv6h-9g9p", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-2618" + ], + "details": "A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2618" + }, + { + "type": "WEB", + "url": "https://github.com/opencv/opencv_contrib/pull/3484" + }, + { + "type": "WEB", + "url": "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.228548" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.228548" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-v4hm-xqrg-4qfp/GHSA-v4hm-xqrg-4qfp.json b/advisories/unreviewed/2023/05/GHSA-v4hm-xqrg-4qfp/GHSA-v4hm-xqrg-4qfp.json new file mode 100644 index 0000000000000..c10ab35f45bb3 --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-v4hm-xqrg-4qfp/GHSA-v4hm-xqrg-4qfp.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v4hm-xqrg-4qfp", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-27919" + ], + "details": "Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27919" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN50862842/" + }, + { + "type": "WEB", + "url": "https://main.next-engine.com/Usernotice/detail?id=1054" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json b/advisories/unreviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json new file mode 100644 index 0000000000000..ab68b16ac540d --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vcxh-qvgr-9fw9", + "modified": "2023-05-10T06:30:27Z", + "published": "2023-05-10T06:30:27Z", + "aliases": [ + "CVE-2023-26126" + ], + "details": "All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.\n\n", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26126" + }, + { + "type": "WEB", + "url": "https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998" + }, + { + "type": "WEB", + "url": "https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-w8mq-qvgq-hhjw/GHSA-w8mq-qvgq-hhjw.json b/advisories/unreviewed/2023/05/GHSA-w8mq-qvgq-hhjw/GHSA-w8mq-qvgq-hhjw.json new file mode 100644 index 0000000000000..f6f1d2ec46fca --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-w8mq-qvgq-hhjw/GHSA-w8mq-qvgq-hhjw.json @@ -0,0 +1,46 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w8mq-qvgq-hhjw", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-2619" + ], + "details": "A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2619" + }, + { + "type": "WEB", + "url": "https://blog.csdn.net/weixin_43864034/article/details/130596916" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.228549" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.228549" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-w9q9-jw2h-8gp3/GHSA-w9q9-jw2h-8gp3.json b/advisories/unreviewed/2023/05/GHSA-w9q9-jw2h-8gp3/GHSA-w9q9-jw2h-8gp3.json new file mode 100644 index 0000000000000..1d4cd58567afe --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-w9q9-jw2h-8gp3/GHSA-w9q9-jw2h-8gp3.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w9q9-jw2h-8gp3", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-23906" + ], + "details": "Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23906" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-wv4v-2jhr-66qm/GHSA-wv4v-2jhr-66qm.json b/advisories/unreviewed/2023/05/GHSA-wv4v-2jhr-66qm/GHSA-wv4v-2jhr-66qm.json index 030b14a2861de..4798b6646208d 100644 --- a/advisories/unreviewed/2023/05/GHSA-wv4v-2jhr-66qm/GHSA-wv4v-2jhr-66qm.json +++ b/advisories/unreviewed/2023/05/GHSA-wv4v-2jhr-66qm/GHSA-wv4v-2jhr-66qm.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-wv4v-2jhr-66qm", - "modified": "2023-05-04T18:30:53Z", + "modified": "2023-05-10T06:30:27Z", "published": "2023-05-04T18:30:53Z", "aliases": [ "CVE-2023-30184" ], "details": "A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-79" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/05/GHSA-ww2f-6g2m-fwjx/GHSA-ww2f-6g2m-fwjx.json b/advisories/unreviewed/2023/05/GHSA-ww2f-6g2m-fwjx/GHSA-ww2f-6g2m-fwjx.json new file mode 100644 index 0000000000000..a0cbb3e2ae34a --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-ww2f-6g2m-fwjx/GHSA-ww2f-6g2m-fwjx.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww2f-6g2m-fwjx", + "modified": "2023-05-10T06:30:28Z", + "published": "2023-05-10T06:30:28Z", + "aliases": [ + "CVE-2023-25070" + ], + "details": "Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25070" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN40604023/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/archives/73969/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" + }, + { + "type": "WEB", + "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/05/GHSA-wxpm-6qqj-jg73/GHSA-wxpm-6qqj-jg73.json b/advisories/unreviewed/2023/05/GHSA-wxpm-6qqj-jg73/GHSA-wxpm-6qqj-jg73.json new file mode 100644 index 0000000000000..7150db8a557ed --- /dev/null +++ b/advisories/unreviewed/2023/05/GHSA-wxpm-6qqj-jg73/GHSA-wxpm-6qqj-jg73.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxpm-6qqj-jg73", + "modified": "2023-05-10T06:30:29Z", + "published": "2023-05-10T06:30:29Z", + "aliases": [ + "CVE-2023-27889" + ], + "details": "Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27889" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN99657911/" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/liquid-speech-balloon/#developers" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file