Skip to content

Commit

Permalink
Publish Advisories
Browse files Browse the repository at this point in the history 
GHSA-2c9q-4475-49j3
GHSA-45g9-v625-vr5r
GHSA-47vg-jqf6-p59f
GHSA-7xrr-p6hm-9f5f
GHSA-84hw-65xp-5cx9
GHSA-865w-mq7p-j8f4
GHSA-ccr7-m2xp-492w
GHSA-f3fc-w342-3j5r
GHSA-j9wr-m578-9wvj
GHSA-m23w-85pq-x692
GHSA-pmv9-f5mg-cp3v
GHSA-q7q7-xc84-hcqj
GHSA-r7ch-cwp4-rh7c
GHSA-w62j-g234-3f6f
  • Loading branch information
@advisory-database
advisory-database[bot] committed Feb 13, 2023
1 parent 5dfa42d commit b5fb92c
Show file tree
Hide file tree
Showing 14 changed files with 274 additions and 27 deletions.
35 changes: 35 additions & 0 deletions advisories/unreviewed/2023/02/GHSA-2c9q-4475-49j3/GHSA-2c9q-4475-49j3.json
View file
@@ -0,0 +1,35 @@
{
"schema_version": "1.3.0",
"id": "GHSA-2c9q-4475-49j3",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-13T18:30:25Z",
"aliases": [
"CVE-2023-23553"
],
"details": "Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.",
"severity": [

],
"affected": [

],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23553"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T18:15:00Z"
}
}
11 changes: 7 additions & 4 deletions advisories/unreviewed/2023/02/GHSA-45g9-v625-vr5r/GHSA-45g9-v625-vr5r.json
View file
@@ -1,14 +1,17 @@
{
"schema_version": "1.3.0",
"id": "GHSA-45g9-v625-vr5r",
"modified": "2023-02-06T15:30:23Z",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-06T15:30:23Z",
"aliases": [
"CVE-2023-24276"
],
"details": "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand All @@ -25,9 +28,9 @@
],
"database_specific": {
"cwe_ids": [

"CWE-77"
],
"severity": null,
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T15:15:00Z"
Expand Down
9 changes: 6 additions & 3 deletions advisories/unreviewed/2023/02/GHSA-47vg-jqf6-p59f/GHSA-47vg-jqf6-p59f.json
View file
@@ -1,14 +1,17 @@
{
"schema_version": "1.3.0",
"id": "GHSA-47vg-jqf6-p59f",
"modified": "2023-02-06T15:30:24Z",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-06T15:30:24Z",
"aliases": [
"CVE-2023-0679"
],
"details": "A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand All @@ -35,7 +38,7 @@
"cwe_ids": [
"CWE-89"
],
"severity": null,
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T13:15:00Z"
Expand Down
11 changes: 7 additions & 4 deletions advisories/unreviewed/2023/02/GHSA-7xrr-p6hm-9f5f/GHSA-7xrr-p6hm-9f5f.json
View file
@@ -1,14 +1,17 @@
{
"schema_version": "1.3.0",
"id": "GHSA-7xrr-p6hm-9f5f",
"modified": "2023-02-03T18:30:26Z",
"modified": "2023-02-13T18:30:24Z",
"published": "2023-02-03T18:30:26Z",
"aliases": [
"CVE-2021-37376"
],
"details": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [

Expand All @@ -29,9 +32,9 @@
],
"database_specific": {
"cwe_ids": [

"CWE-79"
],
"severity": null,
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-03T18:15:00Z"
Expand Down
11 changes: 7 additions & 4 deletions advisories/unreviewed/2023/02/GHSA-84hw-65xp-5cx9/GHSA-84hw-65xp-5cx9.json
View file
@@ -1,14 +1,17 @@
{
"schema_version": "1.3.0",
"id": "GHSA-84hw-65xp-5cx9",
"modified": "2023-02-03T18:30:26Z",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-03T18:30:26Z",
"aliases": [
"CVE-2021-37375"
],
"details": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [

Expand All @@ -25,9 +28,9 @@
],
"database_specific": {
"cwe_ids": [

"CWE-79"
],
"severity": null,
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-03T18:15:00Z"
Expand Down
11 changes: 7 additions & 4 deletions advisories/unreviewed/2023/02/GHSA-865w-mq7p-j8f4/GHSA-865w-mq7p-j8f4.json
View file
@@ -1,14 +1,17 @@
{
"schema_version": "1.3.0",
"id": "GHSA-865w-mq7p-j8f4",
"modified": "2023-02-03T18:30:26Z",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-03T18:30:26Z",
"aliases": [
"CVE-2021-37379"
],
"details": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [

Expand All @@ -25,9 +28,9 @@
],
"database_specific": {
"cwe_ids": [

"CWE-79"
],
"severity": null,
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-03T18:15:00Z"
Expand Down
35 changes: 35 additions & 0 deletions advisories/unreviewed/2023/02/GHSA-ccr7-m2xp-492w/GHSA-ccr7-m2xp-492w.json
View file
@@ -0,0 +1,35 @@
{
"schema_version": "1.3.0",
"id": "GHSA-ccr7-m2xp-492w",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-13T18:30:25Z",
"aliases": [
"CVE-2023-23551"
],
"details": "Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.",
"severity": [

],
"affected": [

],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23551"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01"
}
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T18:15:00Z"
}
}
39 changes: 39 additions & 0 deletions advisories/unreviewed/2023/02/GHSA-f3fc-w342-3j5r/GHSA-f3fc-w342-3j5r.json
View file
@@ -0,0 +1,39 @@
{
"schema_version": "1.3.0",
"id": "GHSA-f3fc-w342-3j5r",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-13T18:30:25Z",
"aliases": [
"CVE-2023-0810"
],
"details": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.",
"severity": [

],
"affected": [

],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0810"
},
{
"type": "WEB",
"url": "https://github.com/btcpayserver/btcpayserver/commit/dffa6accb04df7b80bc584dedef22c9297292ce6"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a48414ea-63d9-453c-b3f3-2c927b71ec68"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T17:15:00Z"
}
}
11 changes: 7 additions & 4 deletions advisories/unreviewed/2023/02/GHSA-j9wr-m578-9wvj/GHSA-j9wr-m578-9wvj.json
View file
@@ -1,14 +1,17 @@
{
"schema_version": "1.3.0",
"id": "GHSA-j9wr-m578-9wvj",
"modified": "2023-02-06T15:30:24Z",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-06T15:30:24Z",
"aliases": [
"CVE-2022-48085"
],
"details": "Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [

Expand Down Expand Up @@ -41,9 +44,9 @@
],
"database_specific": {
"cwe_ids": [

"CWE-79"
],
"severity": null,
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T14:15:00Z"
Expand Down
11 changes: 7 additions & 4 deletions advisories/unreviewed/2023/02/GHSA-m23w-85pq-x692/GHSA-m23w-85pq-x692.json
View file
@@ -1,14 +1,17 @@
{
"schema_version": "1.3.0",
"id": "GHSA-m23w-85pq-x692",
"modified": "2023-02-06T15:30:24Z",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-06T15:30:24Z",
"aliases": [
"CVE-2022-45722"
],
"details": "ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [

Expand All @@ -29,9 +32,9 @@
],
"database_specific": {
"cwe_ids": [

"CWE-79"
],
"severity": null,
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T13:15:00Z"
Expand Down
39 changes: 39 additions & 0 deletions advisories/unreviewed/2023/02/GHSA-pmv9-f5mg-cp3v/GHSA-pmv9-f5mg-cp3v.json
View file
@@ -0,0 +1,39 @@
{
"schema_version": "1.3.0",
"id": "GHSA-pmv9-f5mg-cp3v",
"modified": "2023-02-13T18:30:25Z",
"published": "2023-02-13T18:30:25Z",
"aliases": [
"CVE-2022-48077"
],
"details": "Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.",
"severity": [

],
"affected": [

],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48077"
},
{
"type": "WEB",
"url": "https://gist.github.com/hax3xploit/3210813c7221f3ae505494da57f26cbc"
},
{
"type": "WEB",
"url": "https://github.com/hax3xploit/CVEs/blob/master/GenymotionDesktop.md"
}
],
"database_specific": {
"cwe_ids": [

],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T17:15:00Z"
}
}

0 comments on commit b5fb92c

Please sign in to comment.