admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-08T15:00:18.428530+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-08 15:00:22 +00:00
parent 91c1831624
commit 02d4859fe4
37 changed files with 715 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
CVE-2023/CVE-2023-240xx/CVE-2023-24048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.220",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:57:57.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo mediante una solicitud GET manipulada a /man_password.htm."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:connectize:ac21000_g6_firmware:641.139.1.1256:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC3408F-6CB5-4B0E-9536-D08A4DE072B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:connectize:ac21000_g6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C55398C2-DC1C-4623-8AD8-7064125604FA"
}
]
}
]
}
],
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-261xx/CVE-2023-26158.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26158",
"sourceIdentifier": "report@snyk.io",
"published": "2023-12-08T05:15:07.870",
"lastModified": "2023-12-08T05:15:07.870",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-324xx/CVE-2023-32460.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32460",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-08T06:15:45.427",
"lastModified": "2023-12-08T06:15:45.427",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-356xx/CVE-2023-35618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35618",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-07T21:15:07.450",
"lastModified": "2023-12-07T21:15:07.450",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-368xx/CVE-2023-36880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36880",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-07T21:15:07.640",
"lastModified": "2023-12-07T21:15:07.640",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-381xx/CVE-2023-38174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38174",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-07T21:15:07.840",
"lastModified": "2023-12-07T21:15:07.840",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-41xx/CVE-2023-4122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4122",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-07T23:15:07.277",
"lastModified": "2023-12-07T23:15:07.277",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-433xx/CVE-2023-43305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43305",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T02:15:06.433",
"lastModified": "2023-12-08T02:15:06.433",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-437xx/CVE-2023-43742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43742",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T01:15:07.200",
"lastModified": "2023-12-08T01:15:07.200",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-437xx/CVE-2023-43743.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43743",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T01:15:07.270",
"lastModified": "2023-12-08T01:15:07.270",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-437xx/CVE-2023-43744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43744",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T01:15:07.337",
"lastModified": "2023-12-08T01:15:07.337",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-458xx/CVE-2023-45866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45866",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T06:15:45.690",
"lastModified": "2023-12-08T06:15:45.690",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-461xx/CVE-2023-46157.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46157",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T13:15:07.193",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cloudpanel.io/docs/v2/changelog/",
"source": "cve@mitre.org"
},
{
"url": "https://www.mgt-commerce.com/docs/mgt-cloudpanel/dashboard",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-466xx/CVE-2023-46693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46693",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T22:15:08.250",
"lastModified": "2023-12-07T22:15:08.250",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-481xx/CVE-2023-48122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48122",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T04:15:06.850",
"lastModified": "2023-12-08T04:15:06.850",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-489xx/CVE-2023-48928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48928",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T05:15:08.807",
"lastModified": "2023-12-08T05:15:08.807",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-489xx/CVE-2023-48929.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48929",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T05:15:08.897",
"lastModified": "2023-12-08T05:15:08.897",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-490xx/CVE-2023-49007.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49007",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T14:15:07.153",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/5erua/netgear_orbi_overflow_vulnerability/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-50xx/CVE-2023-5008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5008",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-08T00:15:07.597",
"lastModified": "2023-12-08T00:15:07.597",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-50xx/CVE-2023-5058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5058",
"sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"published": "2023-12-07T23:15:07.490",
"lastModified": "2023-12-07T23:15:07.490",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-58xx/CVE-2023-5884.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5884",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-04T22:15:08.020",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:49:31.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Word Balloon de WordPress anterior a 4.20.3 no protege algunas de sus acciones contra ataques CSRF, lo que permite a un atacante no autenticado enga\u00f1ar a un usuario que ha iniciado sesi\u00f3n para que elimine avatares arbitrarios haciendo clic en un enlace."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:back2nature:word_balloon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.20.3",
"matchCriteriaId": "536CBC26-2CB2-4FB7-AAAD-7AB16DF59298"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f4a7937c-6f4b-49dd-b88a-67ebe718ad19",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-59xx/CVE-2023-5952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5952",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-04T22:15:08.117",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:13:20.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 deserializa la entrada del usuario a trav\u00e9s de cookies, lo que podr\u00eda permitir a usuarios no autenticados realizar inyecci\u00f3n de objetos PHP cuando hay un gadget adecuado presente en el blog."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:collne:welcart:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.9.5",
"matchCriteriaId": "6D77F5A6-A6AB-4943-8702-4475CB1CA7E0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-59xx/CVE-2023-5953.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5953",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-04T22:15:08.170",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:14:24.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no valida los archivos que se van a cargar, adem\u00e1s de que no tiene autorizaci\u00f3n ni CSRF en una acci\u00f3n AJAX que maneje dicha carga. Como resultado, cualquier usuario autenticado, como un suscriptor, podr\u00eda cargar archivos arbitrarios, como PHP, en el servidor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.9.5",
"matchCriteriaId": "62DCBB7B-A579-499A-B300-87D4F88A44C5"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/6d29ba12-f14a-4cee-baae-a6049d83bce6",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-59xx/CVE-2023-5979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5979",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-04T22:15:08.220",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:20:45.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "El complemento eCommerce Product Catalog para WordPress anterior a la versi\u00f3n 3.3.26 no tiene comprobaciones CSRF en algunas de sus p\u00e1ginas de administraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas mediante ataques CSRF, como eliminar todos los productos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.3.26",
"matchCriteriaId": "0968A7D1-5344-48EF-9FA4-368F477B6E6E"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-59xx/CVE-2023-5990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5990",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-04T22:15:08.293",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:32:27.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor de WordPress anteriores a 3.4.2 no tienen controles CSRF en algunas de las acciones de su formulario, como la eliminaci\u00f3n y la duplicaci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que el administrador conectado realice tales acciones a trav\u00e9s de Ataques CSRF"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:funnelforms:funnelforms_free:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.2",
"matchCriteriaId": "71A40CFB-64C4-40B1-AB84-881C7C095898"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0a615ce3-93da-459d-a33f-a2a6e74a2f94",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-60xx/CVE-2023-6061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6061",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-08T00:15:07.853",
"lastModified": "2023-12-08T00:15:07.853",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
CVE-2023/CVE-2023-60xx/CVE-2023-6063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6063",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-04T22:15:08.337",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:39:22.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "El complemento WP Fastest Cache de WordPress anterior a 1.2.2 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios no autenticados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.2",
"matchCriteriaId": "65E05E20-552A-411D-B2F8-8B8E3AD79C17"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-64xx/CVE-2023-6460.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6460",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-04T13:15:07.800",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T14:03:08.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue"
},
{
"lang": "es",
"value": "Existe un posible registro de la clave de Firestore a trav\u00e9s del registro dentro de nodejs-firestore: los desarrolladores que registraran objetos a trav\u00e9s de this._settings registrar\u00edan la clave de Firestore y potencialmente la expondr\u00edan a cualquier persona con acceso de lectura de registros. Recomendamos actualizar a la versi\u00f3n 6.1.0 para evitar este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:cloud_firestore:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "6.1.0",
"matchCriteriaId": "78F1EFF8-1061-46D1-A756-72B080F6F17A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/googleapis/nodejs-firestore/pull/1742",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

4
CVE-2023/CVE-2023-65xx/CVE-2023-6576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6576",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T21:15:08.387",
"lastModified": "2023-12-07T21:15:08.387",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6577.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6577",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T21:15:08.620",
"lastModified": "2023-12-07T21:15:08.620",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6578",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T21:15:08.863",
"lastModified": "2023-12-07T21:15:08.863",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6579.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6579",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T22:15:08.300",
"lastModified": "2023-12-07T22:15:08.300",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6580",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T22:15:08.533",
"lastModified": "2023-12-07T22:15:08.533",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6581",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T22:15:08.770",
"lastModified": "2023-12-07T22:15:08.770",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6599",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-08T00:15:08.113",
"lastModified": "2023-12-08T00:15:08.113",
"vulnStatus": "Received",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2023/CVE-2023-66xx/CVE-2023-6607.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6607",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T14:15:07.203",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/willchen0011/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247243",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247243",
"source": "cna@vuldb.com"
}
]
}

39
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-08T13:00:58.286860+00:00
2023-12-08T15:00:18.428530+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-08T12:15:44.307000+00:00
2023-12-08T14:57:57.133000+00:00
```
### Last Data Feed Release
@ -29,20 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232578
232581
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `3`
* [CVE-2023-46157](CVE-2023/CVE-2023-461xx/CVE-2023-46157.json) (`2023-12-08T13:15:07.193`)
* [CVE-2023-49007](CVE-2023/CVE-2023-490xx/CVE-2023-49007.json) (`2023-12-08T14:15:07.153`)
* [CVE-2023-6607](CVE-2023/CVE-2023-66xx/CVE-2023-6607.json) (`2023-12-08T14:15:07.203`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `33`
* [CVE-2023-3164](CVE-2023/CVE-2023-31xx/CVE-2023-3164.json) (`2023-12-08T12:15:44.307`)
* [CVE-2023-5008](CVE-2023/CVE-2023-50xx/CVE-2023-5008.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-6061](CVE-2023/CVE-2023-60xx/CVE-2023-6061.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-6599](CVE-2023/CVE-2023-65xx/CVE-2023-6599.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-43742](CVE-2023/CVE-2023-437xx/CVE-2023-43742.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-43743](CVE-2023/CVE-2023-437xx/CVE-2023-43743.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-43744](CVE-2023/CVE-2023-437xx/CVE-2023-43744.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-43305](CVE-2023/CVE-2023-433xx/CVE-2023-43305.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-48122](CVE-2023/CVE-2023-481xx/CVE-2023-48122.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-26158](CVE-2023/CVE-2023-261xx/CVE-2023-26158.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-48928](CVE-2023/CVE-2023-489xx/CVE-2023-48928.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-48929](CVE-2023/CVE-2023-489xx/CVE-2023-48929.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-32460](CVE-2023/CVE-2023-324xx/CVE-2023-32460.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-45866](CVE-2023/CVE-2023-458xx/CVE-2023-45866.json) (`2023-12-08T14:23:10.393`)
* [CVE-2023-35618](CVE-2023/CVE-2023-356xx/CVE-2023-35618.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-36880](CVE-2023/CVE-2023-368xx/CVE-2023-36880.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-38174](CVE-2023/CVE-2023-381xx/CVE-2023-38174.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-6576](CVE-2023/CVE-2023-65xx/CVE-2023-6576.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-6577](CVE-2023/CVE-2023-65xx/CVE-2023-6577.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-6578](CVE-2023/CVE-2023-65xx/CVE-2023-6578.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-46693](CVE-2023/CVE-2023-466xx/CVE-2023-46693.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-6579](CVE-2023/CVE-2023-65xx/CVE-2023-6579.json) (`2023-12-08T14:23:14.473`)
* [CVE-2023-5990](CVE-2023/CVE-2023-59xx/CVE-2023-5990.json) (`2023-12-08T14:32:27.447`)
* [CVE-2023-6063](CVE-2023/CVE-2023-60xx/CVE-2023-6063.json) (`2023-12-08T14:39:22.200`)
* [CVE-2023-5884](CVE-2023/CVE-2023-58xx/CVE-2023-5884.json) (`2023-12-08T14:49:31.140`)
* [CVE-2023-24048](CVE-2023/CVE-2023-240xx/CVE-2023-24048.json) (`2023-12-08T14:57:57.133`)
## Download and Usage