admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-30T19:00:50.309703+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-30 19:00:54 +00:00
parent 919c10b435
commit 0182331f25
101 changed files with 22971 additions and 3448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2917
CVE-2016/CVE-2016-12xx/CVE-2016-1285.json
View File

File diff suppressed because it is too large Load Diff

2772
CVE-2016/CVE-2016-12xx/CVE-2016-1286.json
View File

File diff suppressed because it is too large Load Diff

74
CVE-2021/CVE-2021-221xx/CVE-2021-22143.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-22143",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T02:15:41.860",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T18:33:39.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent."
},
{
"lang": "es",
"value": "Elastic APM .NET Agent puede filtrar informaci\u00f3n confidencial del encabezado HTTP al registrar los detalles durante un error de la aplicaci\u00f3n. Normalmente, el agente de APM sanitizar\u00e1 los detalles confidenciales del encabezado HTTP antes de enviar la informaci\u00f3n al servidor de APM. Durante un error de aplicaci\u00f3n, es posible que los encabezados no se saniticen antes de enviarlos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668",
"source": "bressers@elastic.co"
},
"nodes": [
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:apm_.net_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.0",
"matchCriteriaId": "09686D38-9240-4B82-8117-54E74CA49760"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668",
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2021/CVE-2021-221xx/CVE-2021-22151.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-22151",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T01:15:07.607",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T18:14:28.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Kibana no estaba validando una ruta proporcionada por el usuario, que cargar\u00eda archivos .pbf. Debido a esto, un usuario malintencionado podr\u00eda atravesar arbitrariamente el host de Kibana para cargar archivos internos que terminen en la extensi\u00f3n .pbf."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co"
},
"nodes": [
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.9.0",
"versionEndIncluding": "7.14.0",
"matchCriteriaId": "56D72560-6AA8-46CE-892B-C9D190BEECE7"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2021/CVE-2021-379xx/CVE-2021-37937.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-37937",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T02:15:42.043",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T18:38:13.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema con la forma en que se crean las claves API con la cuenta de servicio Fleet-Server. Cuando se crea una clave API con una cuenta de servicio, es posible que la clave API se cree con privilegios m\u00e1s altos de los previstos. Al utilizar esta vulnerabilidad, una cuenta de servicio Fleet-Server comprometida podr\u00eda convertirse en superusuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co"
},
"nodes": [
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.13.0",
"versionEndIncluding": "7.14.0",
"matchCriteriaId": "B9D9B543-8A33-4644-B846-ADAA6278ACD2"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-206xx/CVE-2022-20618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20618",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.957",
"lastModified": "2023-10-25T18:16:54.703",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:43:21.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20619",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.007",
"lastModified": "2023-10-25T18:16:54.783",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:43:15.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20620",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.057",
"lastModified": "2023-10-25T18:16:54.850",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:43:03.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20621",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.107",
"lastModified": "2023-10-25T18:16:54.903",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:50.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-231xx/CVE-2022-23111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23111",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.450",
"lastModified": "2023-10-25T18:16:55.330",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:44.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-231xx/CVE-2022-23112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23112",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.507",
"lastModified": "2023-10-25T18:16:55.397",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:43:58.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-231xx/CVE-2022-23113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23113",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.557",
"lastModified": "2023-10-25T18:16:55.453",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:29.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-231xx/CVE-2022-23114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23114",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.607",
"lastModified": "2023-10-25T18:16:55.510",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:24.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-231xx/CVE-2022-23115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23115",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.657",
"lastModified": "2023-10-25T18:16:55.573",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:19.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

9
CVE-2022/CVE-2022-231xx/CVE-2022-23116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23116",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.707",
"lastModified": "2023-10-25T18:16:55.630",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:59:43.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,7 +104,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-251xx/CVE-2022-25178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25178",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.837",
"lastModified": "2023-10-25T18:16:56.153",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:59:36.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

5
CVE-2022/CVE-2022-251xx/CVE-2022-25179.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25179",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.907",
"lastModified": "2023-10-25T18:16:56.210",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:59:23.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

5
CVE-2022/CVE-2022-251xx/CVE-2022-25180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25180",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.977",
"lastModified": "2023-10-25T18:16:56.267",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:59:17.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

5
CVE-2022/CVE-2022-251xx/CVE-2022-25181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25181",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.047",
"lastModified": "2023-10-25T18:16:56.330",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:59:09.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2441",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

5
CVE-2022/CVE-2022-251xx/CVE-2022-25182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25182",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.120",
"lastModified": "2023-10-25T18:16:56.397",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:53:37.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

4
CVE-2022/CVE-2022-251xx/CVE-2022-25187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25187",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.477",
"lastModified": "2023-10-25T18:16:56.697",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:37.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-251xx/CVE-2022-25188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25188",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.547",
"lastModified": "2023-10-25T18:16:56.763",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:14.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-251xx/CVE-2022-25189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25189",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.880",
"lastModified": "2023-10-25T18:16:56.823",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:01.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-272xx/CVE-2022-27203.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27203",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.877",
"lastModified": "2023-10-25T18:16:58.807",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:43:28.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-272xx/CVE-2022-27204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27204",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.073",
"lastModified": "2023-10-25T18:16:58.877",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:43:09.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-272xx/CVE-2022-27205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27205",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.203",
"lastModified": "2023-10-25T18:16:58.933",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T18:42:55.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-22xx/CVE-2023-2264.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2264",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:07.787",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
}
]
}

55
CVE-2023/CVE-2023-22xx/CVE-2023-2265.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2265",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:07.973",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
}
]
}

55
CVE-2023/CVE-2023-22xx/CVE-2023-2266.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2266",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.170",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
}
]
}

55
CVE-2023/CVE-2023-22xx/CVE-2023-2267.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2267",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.347",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
}
]
}

4
CVE-2023/CVE-2023-250xx/CVE-2023-25057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25057",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:07.903",
"lastModified": "2023-11-30T16:15:07.903",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

17032
CVE-2023/CVE-2023-257xx/CVE-2023-25756.json
View File

File diff suppressed because it is too large Load Diff

4
CVE-2023/CVE-2023-265xx/CVE-2023-26533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26533",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.490",
"lastModified": "2023-11-30T16:15:08.490",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

189
CVE-2023/CVE-2023-273xx/CVE-2023-27306.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27306",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:20.657",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:12:52.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "Una inicializaci\u00f3n incorrecta del firmware para algunos productos Intel(R) Optane(TM) SSD puede permitir que un usuario autenticado pueda habilitar la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,155 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"source": "secure@intel.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:optane_memory_h20_with_solid_state_storage_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "u4110553-g004",
"matchCriteriaId": "FA3AE360-6625-4682-9E17-32BCEE976552"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:optane_memory_h20_with_solid_state_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00EFD6D0-2B8B-4450-A073-C6121264C94F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e2010650",
"matchCriteriaId": "4E6363E3-64FC-4D8C-9779-B140AC0F9FE0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFC9CF7-581F-4B2D-B93C-3D7E3C136F4C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:optane_ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e2010650",
"matchCriteriaId": "9D850E02-9A03-49A8-86F4-1D2B9203143D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:optane_ssd_dc_p4800x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6F7C04-DA32-42BC-9C5F-651DF61E5589"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:optane_ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e2010650",
"matchCriteriaId": "A73436E5-92D0-4C3A-AF56-8551ABAF04F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:optane_ssd_dc_p4801x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15DAAAC1-DBA7-47BC-8796-B7C8B86DEFD0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e2010650",
"matchCriteriaId": "AFDD04FB-5301-42FF-AA92-FD0BC5CD26EE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD5595C-0047-441A-B398-8ACA421BB439"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

134
CVE-2023/CVE-2023-283xx/CVE-2023-28378.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28378",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:22.147",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T18:37:10.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La autorizaci\u00f3n inadecuada en algunos controladores Intel(R) QAT para Windows - HW versi\u00f3n 2.0 anterior a la versi\u00f3n 2.0.4 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,100 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"source": "secure@intel.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:quickassist_technology_library:22.07.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2500ABC-5FA8-4C77-93F5-D8DFB1DC5C31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "1.10",
"matchCriteriaId": "5B398520-CEA4-4AFC-9044-C98A6E8F8E54"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:quickassist_technology:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D56E5C-EB15-4269-98C2-B0C9AD0EE627"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.0",
"versionEndExcluding": "2.04",
"matchCriteriaId": "0D4F1DA2-636B-4F30-B250-376E39E8551E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:quickassist_technology:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D56E5C-EB15-4269-98C2-B0C9AD0EE627"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31176.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31176",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.520",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.\u00a0\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-331"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31177.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31177",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.763",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Input During Web Page Generation\u00a0 ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

55
CVE-2023/CVE-2023-340xx/CVE-2023-34018.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34018",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:08.940",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/soundcloud-shortcode/wordpress-soundcloud-shortcode-plugin-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-343xx/CVE-2023-34388.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34388",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:09.133",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-343xx/CVE-2023-34389.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34389",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:09.380",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-343xx/CVE-2023-34390.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34390",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:09.570",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

75
CVE-2023/CVE-2023-351xx/CVE-2023-35127.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35127",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-22T01:15:07.813",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:24:26.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file."
},
{
"lang": "es",
"value": "Puede producirse un desbordamiento del b\u00fafer basado en pila cuando Fuji Electric Tellus Lite V-Simulator analiza un archivo de entrada especialmente manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov"
},
"nodes": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.19.0",
"matchCriteriaId": "FAB64D74-124B-4253-9018-B274D252FA34"
}
]
}
]
}
],
"references": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2023/CVE-2023-365xx/CVE-2023-36507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36507",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.693",
"lastModified": "2023-11-30T16:15:08.693",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-365xx/CVE-2023-36523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36523",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.893",
"lastModified": "2023-11-30T16:15:08.893",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-378xx/CVE-2023-37868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37868",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.080",
"lastModified": "2023-11-30T16:15:09.080",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-378xx/CVE-2023-37890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37890",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.267",
"lastModified": "2023-11-30T16:15:09.267",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-384xx/CVE-2023-38400.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38400",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:09.750",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/enfold/wordpress-enfold-theme-5-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2023/CVE-2023-394xx/CVE-2023-39417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39417",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.870",
"lastModified": "2023-11-29T18:15:07.043",
"lastModified": "2023-11-30T18:15:07.370",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -184,6 +184,10 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7581",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7616",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39417",
"source": "secalert@redhat.com",

4
CVE-2023/CVE-2023-399xx/CVE-2023-39921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39921",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.463",
"lastModified": "2023-11-30T16:15:09.463",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-401xx/CVE-2023-40152.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40152",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-22T01:15:08.007",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:28:53.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur."
},
{
"lang": "es",
"value": "Cuando Fuji Electric Tellus Lite V-Simulator analiza un archivo de entrada especialmente manipulado, puede producirse una escritura fuera de los l\u00edmites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov"
},
"nodes": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.19.0",
"matchCriteriaId": "FAB64D74-124B-4253-9018-B274D252FA34"
}
]
}
]
}
],
"references": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

63
CVE-2023/CVE-2023-417xx/CVE-2023-41786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41786",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.023",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:06:53.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,33 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndExcluding": "773",
"matchCriteriaId": "6E6C2D47-FC03-4430-BEE8-2183D4876B67"
}
]
}
]
}
],
"references": [
{
"url": "https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-418xx/CVE-2023-41812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41812",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:10.170",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:04:44.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndExcluding": "774",
"matchCriteriaId": "4BFBB222-690E-4B0B-B345-40BCB34BC8FE"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-441xx/CVE-2023-44143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44143",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.653",
"lastModified": "2023-11-30T16:15:09.653",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-456xx/CVE-2023-45609.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45609",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.843",
"lastModified": "2023-11-30T16:15:09.843",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-460xx/CVE-2023-46086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46086",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.037",
"lastModified": "2023-11-30T16:15:10.037",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

62
CVE-2023/CVE-2023-46xx/CVE-2023-4677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4677",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:10.410",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:06:24.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndExcluding": "773",
"matchCriteriaId": "6E6C2D47-FC03-4430-BEE8-2183D4876B67"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-475xx/CVE-2023-47521.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47521",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:09.947",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/q2w3-post-order/wordpress-q2w3-post-order-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47844.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47844",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:10.137",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/save-grab/wordpress-grab-save-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47848.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47848",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:10.330",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47853.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47853",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:10.523",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-478xx/CVE-2023-47870.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47870",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T18:15:07.513",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47872.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47872",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:10.717",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47875.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47875",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:10.903",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47876.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47876",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:11.093",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47877.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47877",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:11.290",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48272.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48272",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:11.477",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik \u2013 Spam Blacklist allows Stored XSS.This issue affects Maspik \u2013 Spam Blacklist: from n/a through 0.9.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48278.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48278",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:11.670",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-forms-puzzle-captcha/wordpress-wp-forms-puzzle-captcha-plugin-4-1-csrf-to-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48317.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48317",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:11.860",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/display-custom-post/wordpress-display-custom-post-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48320.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48320",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:12.050",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/player/wordpress-spidervplayer-plugin-1-5-22-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48321.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48321",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:12.257",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP \u2013 Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP \u2013 Accelerated Mobile Pages: from n/a through 1.0.88.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-88-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-483xx/CVE-2023-48328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48328",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.227",
"lastModified": "2023-11-30T16:15:10.227",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

56
CVE-2023/CVE-2023-487xx/CVE-2023-48700.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48700",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T23:15:08.307",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:07:35.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials."
},
{
"lang": "es",
"value": "El complemento Nautobot Device Onboarding utiliza las librer\u00edas netmiko y NAPALM para simplificar el proceso de incorporaci\u00f3n de un nuevo dispositivo a Nautobot hasta, en muchos casos, una direcci\u00f3n IP y una ubicaci\u00f3n. A partir de la versi\u00f3n 2.0.0 y anteriores a la versi\u00f3n 3.0.0, las credenciales proporcionadas para la tarea de incorporaci\u00f3n son visibles a trav\u00e9s de los resultados del trabajo desde la ejecuci\u00f3n de una tarea de incorporaci\u00f3n. La versi\u00f3n 3.0.0 soluciona este problema; no hay workarounds conocidos disponibles. Las recomendaciones de mitigaci\u00f3n incluyen eliminar todos los resultados del trabajo para cualquier tarea de incorporaci\u00f3n para eliminar las credenciales de texto plano de las entradas de la base de datos que se ejecutaron en la versi\u00f3n 2.0.X, actualizar a la versi\u00f3n 3.0.0 y rotar las credenciales expuestas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +74,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/nautobot/nautobot-plugin-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nautobot:nautobot-plugin-device-onboarding:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "1974D38A-2A2A-4498-95A1-C9EB2137CB43"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nautobot/nautobot-plugin-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48746.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48746",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:12.450",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48748.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48748",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:12.640",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/salient-core/wordpress-salient-core-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48749.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48749",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:12.830",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/salient-core/wordpress-salient-core-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48752.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48752",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:13.023",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms: from n/a through 1.25.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/happyforms/wordpress-happyforms-plugin-1-25-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-487xx/CVE-2023-48754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48754",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.420",
"lastModified": "2023-11-30T16:15:10.420",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-488xx/CVE-2023-48802.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48802",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.727",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-6-9541a9b3387a40de856a1cad692ba8d4?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48803.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48803",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.770",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-4-aead0a851416422ea2e282409eec3351?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48804.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48804",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.820",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-1-e9697e90e8b04e05a6d10c9fb7288750?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48805.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48805",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.870",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-2-6a912e23617244409ae8c5837d4288b4?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48806.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48806",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.917",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-5-92b3d1e22e764ae7a18cdf0d8ac24e4f?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48807.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48807",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.963",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-3-1e21686eebf94cee8a7819d1d7aa29b9?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48808.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48808",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:08.007",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-9-075ccc78275a4381a65e114eb1fddd6e?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48810.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48810",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:08.053",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-7-d5387bf8d16846c2b4f19b15a808aa4c?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48811.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48811",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:08.097",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-8-2332305e3d8044c09f093404a8ae59f4?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48812.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48812",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:08.137",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-10-82467d98d07c45a59ec3729ec712cb57?pvs=4",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-52xx/CVE-2023-5299.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5299",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-22T01:15:08.187",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T17:37:48.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system."
},
{
"lang": "es",
"value": "Un usuario con una cuenta est\u00e1ndar en Fuji Electric Tellus Lite puede sobrescribir archivos en el sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov"
},
"nodes": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.19.0",
"matchCriteriaId": "FAB64D74-124B-4253-9018-B274D252FA34"
}
]
}
]
}
],
"references": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2023/CVE-2023-58xx/CVE-2023-5803.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5803",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.610",
"lastModified": "2023-11-30T16:15:10.610",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-63xx/CVE-2023-6341.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6341",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.180",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://catalisgov.com/courts-land-records-support/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-Catalis.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

63
CVE-2023/CVE-2023-63xx/CVE-2023-6342.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6342",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.380",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and \n'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable \"pay for print\" feature was removed on or around 2023-11-01."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

71
CVE-2023/CVE-2023-63xx/CVE-2023-6343.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-6343",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.573",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.aquaforest.com/blog/tiff-server-security-update",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

71
CVE-2023/CVE-2023-63xx/CVE-2023-6344.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-6344",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.767",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.aquaforest.com/blog/tiff-server-security-update",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

67
CVE-2023/CVE-2023-63xx/CVE-2023-6352.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-6352",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.963",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.aquaforest.com/blog/tiff-server-security-update",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

63
CVE-2023/CVE-2023-63xx/CVE-2023-6353.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6353",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.147",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

63
CVE-2023/CVE-2023-63xx/CVE-2023-6354.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6354",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.333",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

4
CVE-2023/CVE-2023-63xx/CVE-2023-6360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6360",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-30T16:15:11.820",
"lastModified": "2023-11-30T16:15:11.820",
"vulnStatus": "Received",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-63xx/CVE-2023-6375.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6375",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.523",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

63
CVE-2023/CVE-2023-63xx/CVE-2023-6376.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6376",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.720",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-Henschen%26Associates.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.henschen.com/government",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

88
CVE-2023/CVE-2023-64xx/CVE-2023-6438.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6438",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-30T17:15:13.223",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-837"
}
]
}
],
"references": [
{
"url": "http://124.71.147.32:8082",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.246438",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.246438",
"source": "cna@vuldb.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More