From 02d4859fe43fd684013e6b5e2317ac8e2e9cdd12 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 8 Dec 2023 15:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-12-08T15:00:18.428530+00:00 --- CVE-2023/CVE-2023-240xx/CVE-2023-24048.json | 75 +++++++++++++++++- CVE-2023/CVE-2023-261xx/CVE-2023-26158.json | 4 +- CVE-2023/CVE-2023-324xx/CVE-2023-32460.json | 4 +- CVE-2023/CVE-2023-356xx/CVE-2023-35618.json | 4 +- CVE-2023/CVE-2023-368xx/CVE-2023-36880.json | 4 +- CVE-2023/CVE-2023-381xx/CVE-2023-38174.json | 4 +- CVE-2023/CVE-2023-41xx/CVE-2023-4122.json | 4 +- CVE-2023/CVE-2023-433xx/CVE-2023-43305.json | 4 +- CVE-2023/CVE-2023-437xx/CVE-2023-43742.json | 4 +- CVE-2023/CVE-2023-437xx/CVE-2023-43743.json | 4 +- CVE-2023/CVE-2023-437xx/CVE-2023-43744.json | 4 +- CVE-2023/CVE-2023-458xx/CVE-2023-45866.json | 4 +- CVE-2023/CVE-2023-461xx/CVE-2023-46157.json | 24 ++++++ CVE-2023/CVE-2023-466xx/CVE-2023-46693.json | 4 +- CVE-2023/CVE-2023-481xx/CVE-2023-48122.json | 4 +- CVE-2023/CVE-2023-489xx/CVE-2023-48928.json | 4 +- CVE-2023/CVE-2023-489xx/CVE-2023-48929.json | 4 +- CVE-2023/CVE-2023-490xx/CVE-2023-49007.json | 20 +++++ CVE-2023/CVE-2023-50xx/CVE-2023-5008.json | 4 +- CVE-2023/CVE-2023-50xx/CVE-2023-5058.json | 4 +- CVE-2023/CVE-2023-58xx/CVE-2023-5884.json | 65 ++++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5952.json | 65 ++++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5953.json | 65 ++++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5979.json | 64 ++++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5990.json | 65 ++++++++++++++- CVE-2023/CVE-2023-60xx/CVE-2023-6061.json | 4 +- CVE-2023/CVE-2023-60xx/CVE-2023-6063.json | 71 +++++++++++++++-- CVE-2023/CVE-2023-64xx/CVE-2023-6460.json | 62 ++++++++++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6576.json | 4 +- CVE-2023/CVE-2023-65xx/CVE-2023-6577.json | 4 +- CVE-2023/CVE-2023-65xx/CVE-2023-6578.json | 4 +- CVE-2023/CVE-2023-65xx/CVE-2023-6579.json | 4 +- CVE-2023/CVE-2023-65xx/CVE-2023-6580.json | 4 +- CVE-2023/CVE-2023-65xx/CVE-2023-6581.json | 4 +- CVE-2023/CVE-2023-65xx/CVE-2023-6599.json | 4 +- CVE-2023/CVE-2023-66xx/CVE-2023-6607.json | 88 +++++++++++++++++++++ README.md | 39 +++++++-- 37 files changed, 715 insertions(+), 88 deletions(-) create mode 100644 CVE-2023/CVE-2023-461xx/CVE-2023-46157.json create mode 100644 CVE-2023/CVE-2023-490xx/CVE-2023-49007.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6607.json diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json index 98997e93aab..911af9883b0 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24048", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.220", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:57:57.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,78 @@ "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo mediante una solicitud GET manipulada a /man_password.htm." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:connectize:ac21000_g6_firmware:641.139.1.1256:*:*:*:*:*:*:*", + "matchCriteriaId": "7CC3408F-6CB5-4B0E-9536-D08A4DE072B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:connectize:ac21000_g6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C55398C2-DC1C-4623-8AD8-7064125604FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26158.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26158.json index 54537c94696..25efced82d7 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26158.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26158.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26158", "sourceIdentifier": "report@snyk.io", "published": "2023-12-08T05:15:07.870", - "lastModified": "2023-12-08T05:15:07.870", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32460.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32460.json index 5eeedfcfdf6..092de46fa20 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32460.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32460.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32460", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-08T06:15:45.427", - "lastModified": "2023-12-08T06:15:45.427", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35618.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35618.json index a88bdd11342..89e814bb0be 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35618.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35618.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35618", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-07T21:15:07.450", - "lastModified": "2023-12-07T21:15:07.450", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36880.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36880.json index 99b22780615..530811ecb00 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36880.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36880.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36880", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-07T21:15:07.640", - "lastModified": "2023-12-07T21:15:07.640", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38174.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38174.json index c65232658a7..ad29d8f95e4 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38174.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38174.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38174", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-07T21:15:07.840", - "lastModified": "2023-12-07T21:15:07.840", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4122.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4122.json index 3467b17b1ec..5886e16bdfe 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4122.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4122.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4122", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-07T23:15:07.277", - "lastModified": "2023-12-07T23:15:07.277", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43305.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43305.json index 786ac09e74b..ad9244e7459 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43305.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43305.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43305", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T02:15:06.433", - "lastModified": "2023-12-08T02:15:06.433", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43742.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43742.json index df0e81cf838..415474c0771 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43742.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43742.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43742", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T01:15:07.200", - "lastModified": "2023-12-08T01:15:07.200", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43743.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43743.json index 133d31f858b..cdf75cdbbd8 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43743.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43743.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43743", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T01:15:07.270", - "lastModified": "2023-12-08T01:15:07.270", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43744.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43744.json index f1351735e39..8e4bc246378 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43744.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43744.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43744", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T01:15:07.337", - "lastModified": "2023-12-08T01:15:07.337", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json index 699ae020ada..1d155e9c5ab 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45866", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T06:15:45.690", - "lastModified": "2023-12-08T06:15:45.690", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46157.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46157.json new file mode 100644 index 00000000000..cc83c363f0a --- /dev/null +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46157.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46157", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-08T13:15:07.193", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.cloudpanel.io/docs/v2/changelog/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mgt-commerce.com/docs/mgt-cloudpanel/dashboard", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46693.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46693.json index f7fea6085ad..708eeedcc1c 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46693.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46693", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T22:15:08.250", - "lastModified": "2023-12-07T22:15:08.250", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48122.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48122.json index 571cb75fed2..31eee27d92b 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48122.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48122.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48122", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T04:15:06.850", - "lastModified": "2023-12-08T04:15:06.850", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-489xx/CVE-2023-48928.json b/CVE-2023/CVE-2023-489xx/CVE-2023-48928.json index 0dded607d99..9c342e6d534 100644 --- a/CVE-2023/CVE-2023-489xx/CVE-2023-48928.json +++ b/CVE-2023/CVE-2023-489xx/CVE-2023-48928.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48928", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T05:15:08.807", - "lastModified": "2023-12-08T05:15:08.807", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-489xx/CVE-2023-48929.json b/CVE-2023/CVE-2023-489xx/CVE-2023-48929.json index ced3f45755f..5f66e1a8cda 100644 --- a/CVE-2023/CVE-2023-489xx/CVE-2023-48929.json +++ b/CVE-2023/CVE-2023-489xx/CVE-2023-48929.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48929", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T05:15:08.897", - "lastModified": "2023-12-08T05:15:08.897", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49007.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49007.json new file mode 100644 index 00000000000..22f7515eed2 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49007.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-49007", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-08T14:15:07.153", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/5erua/netgear_orbi_overflow_vulnerability/blob/main/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5008.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5008.json index fb19d57c0e4..4f5706fafd6 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5008.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5008.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5008", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-08T00:15:07.597", - "lastModified": "2023-12-08T00:15:07.597", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5058.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5058.json index c07b896f3b1..5e3ece4f978 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5058.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5058.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5058", "sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de", "published": "2023-12-07T23:15:07.490", - "lastModified": "2023-12-07T23:15:07.490", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json index f672d2da5a0..d5bc8f2d27b 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5884", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.020", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:49:31.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento Word Balloon de WordPress anterior a 4.20.3 no protege algunas de sus acciones contra ataques CSRF, lo que permite a un atacante no autenticado enga\u00f1ar a un usuario que ha iniciado sesi\u00f3n para que elimine avatares arbitrarios haciendo clic en un enlace." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:back2nature:word_balloon:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.20.3", + "matchCriteriaId": "536CBC26-2CB2-4FB7-AAAD-7AB16DF59298" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/f4a7937c-6f4b-49dd-b88a-67ebe718ad19", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json index e070d0f3ab5..d97bbe4cd63 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5952", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.117", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:13:20.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 deserializa la entrada del usuario a trav\u00e9s de cookies, lo que podr\u00eda permitir a usuarios no autenticados realizar inyecci\u00f3n de objetos PHP cuando hay un gadget adecuado presente en el blog." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.9.5", + "matchCriteriaId": "6D77F5A6-A6AB-4943-8702-4475CB1CA7E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json index 32c04f549be..2bc0363c2bb 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5953", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.170", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:14:24.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no valida los archivos que se van a cargar, adem\u00e1s de que no tiene autorizaci\u00f3n ni CSRF en una acci\u00f3n AJAX que maneje dicha carga. Como resultado, cualquier usuario autenticado, como un suscriptor, podr\u00eda cargar archivos arbitrarios, como PHP, en el servidor." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.9.5", + "matchCriteriaId": "62DCBB7B-A579-499A-B300-87D4F88A44C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/6d29ba12-f14a-4cee-baae-a6049d83bce6", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json index 22c84ca07e2..ee319b3765a 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5979", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.220", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:20:45.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "El complemento eCommerce Product Catalog para WordPress anterior a la versi\u00f3n 3.3.26 no tiene comprobaciones CSRF en algunas de sus p\u00e1ginas de administraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas mediante ataques CSRF, como eliminar todos los productos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.3.26", + "matchCriteriaId": "0968A7D1-5344-48EF-9FA4-368F477B6E6E" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json index beb73d8445a..a0becb7c3ff 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5990", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.293", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:32:27.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor de WordPress anteriores a 3.4.2 no tienen controles CSRF en algunas de las acciones de su formulario, como la eliminaci\u00f3n y la duplicaci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que el administrador conectado realice tales acciones a trav\u00e9s de Ataques CSRF" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:funnelforms:funnelforms_free:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.4.2", + "matchCriteriaId": "71A40CFB-64C4-40B1-AB84-881C7C095898" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/0a615ce3-93da-459d-a33f-a2a6e74a2f94", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6061.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6061.json index a38cb3f58ba..4ef61aa1a32 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6061.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6061.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6061", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2023-12-08T00:15:07.853", - "lastModified": "2023-12-08T00:15:07.853", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json index 47b397f26a5..5a00663ef70 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6063", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.337", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:39:22.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "El complemento WP Fastest Cache de WordPress anterior a 1.2.2 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios no autenticados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.2", + "matchCriteriaId": "65E05E20-552A-411D-B2F8-8B8E3AD79C17" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6460.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6460.json index ec81a7f64f6..913cf6c7528 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6460.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6460.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6460", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-12-04T13:15:07.800", - "lastModified": "2023-12-04T13:48:34.723", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T14:03:08.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue" + }, + { + "lang": "es", + "value": "Existe un posible registro de la clave de Firestore a trav\u00e9s del registro dentro de nodejs-firestore: los desarrolladores que registraran objetos a trav\u00e9s de this._settings registrar\u00edan la clave de Firestore y potencialmente la expondr\u00edan a cualquier persona con acceso de lectura de registros. Recomendamos actualizar a la versi\u00f3n 6.1.0 para evitar este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:cloud_firestore:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "6.1.0", + "matchCriteriaId": "78F1EFF8-1061-46D1-A756-72B080F6F17A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/googleapis/nodejs-firestore/pull/1742", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6576.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6576.json index 819eebe0d61..23d88962da2 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6576.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6576.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6576", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-07T21:15:08.387", - "lastModified": "2023-12-07T21:15:08.387", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6577.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6577.json index 04fa349367b..08d98b43186 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6577.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6577.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6577", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-07T21:15:08.620", - "lastModified": "2023-12-07T21:15:08.620", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6578.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6578.json index 3ea68d5748a..06a71758602 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6578.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6578.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6578", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-07T21:15:08.863", - "lastModified": "2023-12-07T21:15:08.863", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json index 81364f6a005..82badbadb86 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6579", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-07T22:15:08.300", - "lastModified": "2023-12-07T22:15:08.300", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:14.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6580.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6580.json index 28ce02e6d49..be74d536963 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6580.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6580.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6580", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-07T22:15:08.533", - "lastModified": "2023-12-07T22:15:08.533", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6581.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6581.json index 51c2fa449c1..9a38eed8a59 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6581.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6581.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6581", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-07T22:15:08.770", - "lastModified": "2023-12-07T22:15:08.770", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6599.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6599.json index 8f1b966ca51..09289eaef2d 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6599.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6599.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6599", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-08T00:15:08.113", - "lastModified": "2023-12-08T00:15:08.113", - "vulnStatus": "Received", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6607.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6607.json new file mode 100644 index 00000000000..bf427826618 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6607.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6607", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-08T14:15:07.203", + "lastModified": "2023-12-08T14:23:10.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/willchen0011/cve/blob/main/sql.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.247243", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247243", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3414e7c49e8..6fcd366bb97 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-08T13:00:58.286860+00:00 +2023-12-08T15:00:18.428530+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-08T12:15:44.307000+00:00 +2023-12-08T14:57:57.133000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232578 +232581 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `3` +* [CVE-2023-46157](CVE-2023/CVE-2023-461xx/CVE-2023-46157.json) (`2023-12-08T13:15:07.193`) +* [CVE-2023-49007](CVE-2023/CVE-2023-490xx/CVE-2023-49007.json) (`2023-12-08T14:15:07.153`) +* [CVE-2023-6607](CVE-2023/CVE-2023-66xx/CVE-2023-6607.json) (`2023-12-08T14:15:07.203`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `33` -* [CVE-2023-3164](CVE-2023/CVE-2023-31xx/CVE-2023-3164.json) (`2023-12-08T12:15:44.307`) +* [CVE-2023-5008](CVE-2023/CVE-2023-50xx/CVE-2023-5008.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-6061](CVE-2023/CVE-2023-60xx/CVE-2023-6061.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-6599](CVE-2023/CVE-2023-65xx/CVE-2023-6599.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-43742](CVE-2023/CVE-2023-437xx/CVE-2023-43742.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-43743](CVE-2023/CVE-2023-437xx/CVE-2023-43743.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-43744](CVE-2023/CVE-2023-437xx/CVE-2023-43744.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-43305](CVE-2023/CVE-2023-433xx/CVE-2023-43305.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-48122](CVE-2023/CVE-2023-481xx/CVE-2023-48122.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-26158](CVE-2023/CVE-2023-261xx/CVE-2023-26158.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-48928](CVE-2023/CVE-2023-489xx/CVE-2023-48928.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-48929](CVE-2023/CVE-2023-489xx/CVE-2023-48929.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-32460](CVE-2023/CVE-2023-324xx/CVE-2023-32460.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-45866](CVE-2023/CVE-2023-458xx/CVE-2023-45866.json) (`2023-12-08T14:23:10.393`) +* [CVE-2023-35618](CVE-2023/CVE-2023-356xx/CVE-2023-35618.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-36880](CVE-2023/CVE-2023-368xx/CVE-2023-36880.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-38174](CVE-2023/CVE-2023-381xx/CVE-2023-38174.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-6576](CVE-2023/CVE-2023-65xx/CVE-2023-6576.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-6577](CVE-2023/CVE-2023-65xx/CVE-2023-6577.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-6578](CVE-2023/CVE-2023-65xx/CVE-2023-6578.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-46693](CVE-2023/CVE-2023-466xx/CVE-2023-46693.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-6579](CVE-2023/CVE-2023-65xx/CVE-2023-6579.json) (`2023-12-08T14:23:14.473`) +* [CVE-2023-5990](CVE-2023/CVE-2023-59xx/CVE-2023-5990.json) (`2023-12-08T14:32:27.447`) +* [CVE-2023-6063](CVE-2023/CVE-2023-60xx/CVE-2023-6063.json) (`2023-12-08T14:39:22.200`) +* [CVE-2023-5884](CVE-2023/CVE-2023-58xx/CVE-2023-5884.json) (`2023-12-08T14:49:31.140`) +* [CVE-2023-24048](CVE-2023/CVE-2023-240xx/CVE-2023-24048.json) (`2023-12-08T14:57:57.133`) ## Download and Usage