github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Publish Advisories 

GHSA-6qw9-cqm2-283v
GHSA-32mh-vqmr-g449
GHSA-34jx-q9xg-rr5x
GHSA-3736-rg79-m6vq
GHSA-4cfm-33p5-g53v
GHSA-9hr4-7jqw-c29q
GHSA-9rhv-wh54-fxjm
GHSA-cmgp-xgw3-9v5v
GHSA-cpj9-wvvx-v589
GHSA-jf7m-8f85-9c35
GHSA-m6qj-fx7x-v24r
GHSA-mj7q-7phw-qxj9
GHSA-ppm9-6vj8-gfgp
GHSA-rhqw-486f-x8rq
GHSA-wwm3-xc28-hgpv
GHSA-x33q-m927-7mq6
This commit is contained in:
advisory-database[bot] 2023-12-29 09:31:37 +00:00
Родитель 9c8cb7f8cb
Коммит c25f905d41
16 изменённых файлов: 588 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
advisories/unreviewed/2023/04/GHSA-6qw9-cqm2-283v/GHSA-6qw9-cqm2-283v.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6qw9-cqm2-283v",
"modified": "2023-04-24T18:30:31Z",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-04-24T18:30:31Z",
"aliases": [
"CVE-2023-27990"
@ -30,7 +30,7 @@
"cwe_ids": [
"CWE-79"
],
"severity": null,
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-24T18:15:09Z"

38
advisories/unreviewed/2023/12/GHSA-32mh-vqmr-g449/GHSA-32mh-vqmr-g449.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-32mh-vqmr-g449",
"modified": "2023-12-29T09:30:26Z",
"published": "2023-12-29T09:30:26Z",
"aliases": [
"CVE-2023-40606"
],
"details": "Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40606"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:08Z"
}
}

38
advisories/unreviewed/2023/12/GHSA-34jx-q9xg-rr5x/GHSA-34jx-q9xg-rr5x.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-34jx-q9xg-rr5x",
"modified": "2023-12-29T09:30:26Z",
"published": "2023-12-29T09:30:26Z",
"aliases": [
"CVE-2023-45751"
],
"details": "Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45751"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:09Z"
}
}

50
advisories/unreviewed/2023/12/GHSA-3736-rg79-m6vq/GHSA-3736-rg79-m6vq.json Normal file
Просмотреть файл

@ -0,0 +1,50 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3736-rg79-m6vq",
"modified": "2023-12-29T09:30:26Z",
"published": "2023-12-29T09:30:26Z",
"aliases": [
"CVE-2023-7166"
],
"details": "A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7166"
},
{
"type": "WEB",
"url": "https://github.com/201206030/novel-plus/commit/c62da9bb3a9b3603014d0edb436146512631100d"
},
{
"type": "WEB",
"url": "https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS/en-us.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249201"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249201"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:09Z"
}
}

38
advisories/unreviewed/2023/12/GHSA-4cfm-33p5-g53v/GHSA-4cfm-33p5-g53v.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4cfm-33p5-g53v",
"modified": "2023-12-29T09:30:26Z",
"published": "2023-12-29T09:30:26Z",
"aliases": [
"CVE-2023-47840"
],
"details": "Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47840"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:09Z"
}
}

38
advisories/unreviewed/2023/12/GHSA-9hr4-7jqw-c29q/GHSA-9hr4-7jqw-c29q.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9hr4-7jqw-c29q",
"modified": "2023-12-29T09:30:26Z",
"published": "2023-12-29T09:30:26Z",
"aliases": [
"CVE-2023-32095"
],
"details": "Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32095"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:08Z"
}
}

38
advisories/unreviewed/2023/12/GHSA-9rhv-wh54-fxjm/GHSA-9rhv-wh54-fxjm.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9rhv-wh54-fxjm",
"modified": "2023-12-29T09:30:26Z",
"published": "2023-12-29T09:30:26Z",
"aliases": [
"CVE-2023-46623"
],
"details": "Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46623"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:09Z"
}
}

46
advisories/unreviewed/2023/12/GHSA-cmgp-xgw3-9v5v/GHSA-cmgp-xgw3-9v5v.json Normal file
Просмотреть файл

@ -0,0 +1,46 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cmgp-xgw3-9v5v",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-7161"
],
"details": "A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7161"
},
{
"type": "WEB",
"url": "https://github.com/fixitc/cve/blob/main/sql.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249183"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249183"
}
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T08:15:37Z"
}
}

50
advisories/unreviewed/2023/12/GHSA-cpj9-wvvx-v589/GHSA-cpj9-wvvx-v589.json Normal file
Просмотреть файл

@ -0,0 +1,50 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cpj9-wvvx-v589",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-7159"
],
"details": "A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7159"
},
{
"type": "WEB",
"url": "https://note.zhaoj.in/share/FE79uijyqmG7"
},
{
"type": "WEB",
"url": "https://note.zhaoj.in/share/jNbywlXI46HV"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249181"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249181"
}
],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T07:15:11Z"
}
}

38
advisories/unreviewed/2023/12/GHSA-jf7m-8f85-9c35/GHSA-jf7m-8f85-9c35.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jf7m-8f85-9c35",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-22676"
],
"details": "Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22676"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/acf-image-crop-add-on/wordpress-advanced-custom-fields-image-crop-add-on-plugin-1-4-12-broken-access-control?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:08Z"
}
}

2
advisories/unreviewed/2023/12/GHSA-m6qj-fx7x-v24r/GHSA-m6qj-fx7x-v24r.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m6qj-fx7x-v24r",
"modified": "2023-12-20T18:30:32Z",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-20T18:30:32Z",
"aliases": [
"CVE-2023-35915"

35
advisories/unreviewed/2023/12/GHSA-mj7q-7phw-qxj9/GHSA-mj7q-7phw-qxj9.json Normal file
Просмотреть файл

@ -0,0 +1,35 @@
{
"schema_version": "1.4.0",
"id": "GHSA-mj7q-7phw-qxj9",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-23634"
],
"details": "SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.",
"severity": [
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23634"
},
{
"type": "WEB",
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0066/"
}
],
"database_specific": {
"cwe_ids": [
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T07:15:10Z"
}
}

38
advisories/unreviewed/2023/12/GHSA-ppm9-6vj8-gfgp/GHSA-ppm9-6vj8-gfgp.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-ppm9-6vj8-gfgp",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-25054"
],
"details": "Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25054"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:08Z"
}
}

38
advisories/unreviewed/2023/12/GHSA-rhqw-486f-x8rq/GHSA-rhqw-486f-x8rq.json Normal file
Просмотреть файл

@ -0,0 +1,38 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rhqw-486f-x8rq",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-22677"
],
"details": "Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.\n\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22677"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/wp-booklet/wordpress-wp-booklet-plugin-2-1-8-remote-code-execution-rce?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T09:15:08Z"
}
}

42
advisories/unreviewed/2023/12/GHSA-wwm3-xc28-hgpv/GHSA-wwm3-xc28-hgpv.json Normal file
Просмотреть файл

@ -0,0 +1,42 @@
{
"schema_version": "1.4.0",
"id": "GHSA-wwm3-xc28-hgpv",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-7160"
],
"details": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7160"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249182"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249182"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T08:15:36Z"
}
}

58
advisories/unreviewed/2023/12/GHSA-x33q-m927-7mq6/GHSA-x33q-m927-7mq6.json Normal file
Просмотреть файл

@ -0,0 +1,58 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x33q-m927-7mq6",
"modified": "2023-12-29T09:30:25Z",
"published": "2023-12-29T09:30:25Z",
"aliases": [
"CVE-2023-7158"
],
"details": "A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7158"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/issues/13007"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/pull/13039"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/pull/13039/commits/f397a3ec318f3ad05aa287764ae7cef32202380f"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/releases/tag/v1.22.0"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249180"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249180"
}
],
"database_specific": {
"cwe_ids": [
"CWE-122"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T07:15:11Z"
}
}