Advisory Database Sync

github · Feb 23, 2023 · a4d017d · a4d017d
1 parent 5a0162b
commit a4d017d
Show file tree

Hide file tree

Showing 54 changed files with 440 additions and 176 deletions.
diff --git a/advisories/unreviewed/2023/02/GHSA-25rm-p4h5-753p/GHSA-25rm-p4h5-753p.json b/advisories/unreviewed/2023/02/GHSA-25rm-p4h5-753p/GHSA-25rm-p4h5-753p.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-25rm-p4h5-753p",
-  "modified": "2023-02-13T15:30:26Z",
+  "modified": "2023-02-23T06:30:17Z",
   "published": "2023-02-13T15:30:26Z",
   "aliases": [
     "CVE-2022-45724"
   ],
   "details": "Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -35,7 +38,7 @@
     "cwe_ids": [
 
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T14:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-323f-mg66-x3jg/GHSA-323f-mg66-x3jg.json b/advisories/unreviewed/2023/02/GHSA-323f-mg66-x3jg/GHSA-323f-mg66-x3jg.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-323f-mg66-x3jg",
-  "modified": "2023-02-13T15:30:26Z",
+  "modified": "2023-02-23T06:30:19Z",
   "published": "2023-02-13T15:30:26Z",
   "aliases": [
     "CVE-2022-4488"
   ],
   "details": "The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -27,7 +30,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T15:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-35m5-pgqp-r25w/GHSA-35m5-pgqp-r25w.json b/advisories/unreviewed/2023/02/GHSA-35m5-pgqp-r25w/GHSA-35m5-pgqp-r25w.json
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.3.0",
+  "id": "GHSA-35m5-pgqp-r25w",
+  "modified": "2023-02-23T06:30:16Z",
+  "published": "2023-02-23T06:30:16Z",
+  "aliases": [
+    "CVE-2021-45032"
+  ],
+  "details": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45032"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2023-02-23T06:15:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2023/02/GHSA-368j-g93f-6hjp/GHSA-368j-g93f-6hjp.json b/advisories/unreviewed/2023/02/GHSA-368j-g93f-6hjp/GHSA-368j-g93f-6hjp.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-368j-g93f-6hjp",
-  "modified": "2023-02-13T15:30:26Z",
+  "modified": "2023-02-23T06:30:17Z",
   "published": "2023-02-13T15:30:26Z",
   "aliases": [
     "CVE-2022-45725"
   ],
   "details": "Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -35,7 +38,7 @@
     "cwe_ids": [
 
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T14:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-434c-w883-rf5w/GHSA-434c-w883-rf5w.json b/advisories/unreviewed/2023/02/GHSA-434c-w883-rf5w/GHSA-434c-w883-rf5w.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-434c-w883-rf5w",
-  "modified": "2023-02-08T21:30:20Z",
+  "modified": "2023-02-23T06:30:16Z",
   "published": "2023-02-08T21:30:20Z",
   "aliases": [
     "CVE-2022-34350"
   ],
   "details": "IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    }
   ],
   "affected": [
 
@@ -29,9 +32,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-20"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-08T20:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-449p-v9gc-4xv4/GHSA-449p-v9gc-4xv4.json b/advisories/unreviewed/2023/02/GHSA-449p-v9gc-4xv4/GHSA-449p-v9gc-4xv4.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-449p-v9gc-4xv4",
-  "modified": "2023-02-13T15:30:26Z",
+  "modified": "2023-02-23T06:30:19Z",
   "published": "2023-02-13T15:30:26Z",
   "aliases": [
     "CVE-2022-4682"
   ],
   "details": "The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -27,7 +30,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T15:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-4pgg-95h7-rqc6/GHSA-4pgg-95h7-rqc6.json b/advisories/unreviewed/2023/02/GHSA-4pgg-95h7-rqc6/GHSA-4pgg-95h7-rqc6.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-4pgg-95h7-rqc6",
-  "modified": "2023-02-13T12:30:25Z",
+  "modified": "2023-02-23T06:30:17Z",
   "published": "2023-02-13T12:30:25Z",
   "aliases": [
     "CVE-2022-45455"
   ],
   "details": "Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-459"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T10:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-4qc8-v4xw-jxxp/GHSA-4qc8-v4xw-jxxp.json b/advisories/unreviewed/2023/02/GHSA-4qc8-v4xw-jxxp/GHSA-4qc8-v4xw-jxxp.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-4qc8-v4xw-jxxp",
-  "modified": "2023-02-15T21:30:28Z",
+  "modified": "2023-02-23T06:30:18Z",
   "published": "2023-02-15T21:30:28Z",
   "aliases": [
     "CVE-2022-45546"
   ],
   "details": "Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-319"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-15T21:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-54q4-74p3-mgcw/GHSA-54q4-74p3-mgcw.json b/advisories/unreviewed/2023/02/GHSA-54q4-74p3-mgcw/GHSA-54q4-74p3-mgcw.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-54q4-74p3-mgcw",
-  "modified": "2023-02-16T00:30:27Z",
+  "modified": "2023-02-23T06:30:17Z",
   "published": "2023-02-16T00:30:27Z",
   "aliases": [
     "CVE-2022-38867"
   ],
   "details": "SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -25,9 +28,9 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-89"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-15T22:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-5mv2-wc78-4c8g/GHSA-5mv2-wc78-4c8g.json b/advisories/unreviewed/2023/02/GHSA-5mv2-wc78-4c8g/GHSA-5mv2-wc78-4c8g.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-5mv2-wc78-4c8g",
-  "modified": "2023-02-13T15:30:26Z",
+  "modified": "2023-02-23T06:30:19Z",
   "published": "2023-02-13T15:30:26Z",
   "aliases": [
     "CVE-2022-4551"
   ],
   "details": "The Rich Table of Contents WordPress plugin through 1.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -27,7 +30,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T15:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-7764-pjx3-6vw6/GHSA-7764-pjx3-6vw6.json b/advisories/unreviewed/2023/02/GHSA-7764-pjx3-6vw6/GHSA-7764-pjx3-6vw6.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-7764-pjx3-6vw6",
-  "modified": "2023-02-13T15:30:26Z",
+  "modified": "2023-02-23T06:30:19Z",
   "published": "2023-02-13T15:30:26Z",
   "aliases": [
     "CVE-2022-4628"
   ],
   "details": "The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -27,7 +30,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T15:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-7rhv-g4rx-5j6x/GHSA-7rhv-g4rx-5j6x.json b/advisories/unreviewed/2023/02/GHSA-7rhv-g4rx-5j6x/GHSA-7rhv-g4rx-5j6x.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-7rhv-g4rx-5j6x",
-  "modified": "2023-02-13T15:30:26Z",
+  "modified": "2023-02-23T06:30:17Z",
   "published": "2023-02-13T15:30:26Z",
   "aliases": [
     "CVE-2022-4445"
   ],
   "details": "The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -27,7 +30,7 @@
     "cwe_ids": [
       "CWE-89"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T15:15:00Z"

diff --git a/advisories/unreviewed/2023/02/GHSA-8cwg-pj8f-8j23/GHSA-8cwg-pj8f-8j23.json b/advisories/unreviewed/2023/02/GHSA-8cwg-pj8f-8j23/GHSA-8cwg-pj8f-8j23.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-8cwg-pj8f-8j23",
-  "modified": "2023-02-13T15:30:25Z",
+  "modified": "2023-02-23T06:30:18Z",
   "published": "2023-02-13T15:30:25Z",
   "aliases": [
     "CVE-2023-0034"
   ],
   "details": "The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -27,7 +30,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-02-13T15:15:00Z"