admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-29T21:00:18.287459+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-29 21:00:22 +00:00
parent 5bb79d2ea3
commit 0936bedbb7
57 changed files with 7613 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-258xx/CVE-2023-25837.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-25837",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-07-21T04:15:12.377",
"lastModified": "2023-08-07T17:15:10.777",
"lastModified": "2023-11-29T20:15:07.393",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a Cross-site Scripting vulnerability\u00a0in Esri Portal Sites in versions 10.8.1 \u2013 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\u00a0 No security boundary can be crossed scope is unchanged, If an admin account fell victim to this attack Confidentiality, Integrity and Availability are all High.\u00a0\n\n"
"value": "\nThere is a Cross-site Scripting vulnerability\u00a0in Esri ArcGIS Enterprise Sites versions 10.8.1 \u2013 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. \u00a0The privileges required to execute this attack are high.\u00a0 \u00a0\n\n"
}
],
"metrics": {

74
CVE-2023/CVE-2023-291xx/CVE-2023-29155.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29155",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-20T17:15:13.143",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:52:57.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nVersions of INEA ME RTU firmware 3.36b and prior do not require authentication to the \"root\" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones del firmware INEA ME RTU 3.36b y anteriores no requieren autenticaci\u00f3n en la cuenta \"ra\u00edz\" en el sistema host del dispositivo. Esto podr\u00eda permitir a un atacante obtener acceso de nivel de administrador al sistema host."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:inea:me_rtu_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.37",
"matchCriteriaId": "0B126A5A-58B5-47F5-BE20-33ACBEDBF3B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:inea:me_rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E14440-C423-4D41-9834-E33564A4B70D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

125
CVE-2023/CVE-2023-324xx/CVE-2023-32469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32469",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T09:15:07.077",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:49:42.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,99 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:precision_5820_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.32.0",
"matchCriteriaId": "9D9FE138-FF30-4105-94D6-80E1EA7D7B3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:precision_5820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E12F96DC-54C7-4891-8723-D1B240165CBC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:precision_7820_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.36.0",
"matchCriteriaId": "2D5945F9-7C84-4CB7-82B8-1706AAF683FF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:precision_7820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0FD696-4C1F-416C-95EB-36FEA77BEB6F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:precision_7920_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.36.0",
"matchCriteriaId": "C0B22610-AFC8-40EA-AB4D-179038E0D1D6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCCF11B-05BD-4E70-AD26-6B26A7E701FA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-357xx/CVE-2023-35762.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35762",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-20T17:15:13.357",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:52:44.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nVersions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones del firmware INEA ME RTU 3.36b y anteriores son vulnerables a la inyecci\u00f3n de comandos del sistema operativo (SO), lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:inea:me_rtu_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.37",
"matchCriteriaId": "0B126A5A-58B5-47F5-BE20-33ACBEDBF3B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:inea:me_rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E14440-C423-4D41-9834-E33564A4B70D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

69
CVE-2023/CVE-2023-383xx/CVE-2023-38361.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38361",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-18T18:15:07.370",
"lastModified": "2023-11-20T00:02:59.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:52:28.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770."
},
{
"lang": "es",
"value": "IBM CICS TX Advanced 10.1 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 260770."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260770",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7066431",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-392xx/CVE-2023-39246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39246",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T09:15:07.283",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:33:13.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:endpoint_security_suite_enterprise:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.8.1",
"matchCriteriaId": "3A55CCB3-5834-4873-8BCB-EB55DF42D0DF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:encryption:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "11.8.1",
"matchCriteriaId": "8D0ECE4F-6192-4C8B-9BF6-365DCC6DB743"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:security_management_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.8.1",
"matchCriteriaId": "871170A7-EA99-4839-912C-60E2C6AC0DE9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000217572/dsa-2023-271",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-403xx/CVE-2023-40363.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40363",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-18T18:15:08.197",
"lastModified": "2023-11-20T00:02:59.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:52:14.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir a un usuario autenticado cambiar los archivos de instalaci\u00f3n debido a una configuraci\u00f3n incorrecta de permisos de archivos. ID de IBM X-Force: 263332."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -34,14 +58,72 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263332",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7070742",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
]
}
]
}

58
CVE-2023/CVE-2023-417xx/CVE-2023-41790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41790",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.757",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:59:23.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-417xx/CVE-2023-41791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41791",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.930",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:58:51.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-417xx/CVE-2023-41792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41792",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.113",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:58:31.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-418xx/CVE-2023-41806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41806",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.287",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:57:54.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-418xx/CVE-2023-41807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41807",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.470",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:56:44.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-418xx/CVE-2023-41808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41808",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.650",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:56:06.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-418xx/CVE-2023-41810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41810",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.827",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:15:03.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-418xx/CVE-2023-41811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41811",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:10.000",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:14:42.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@pandorafms.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "700",
"versionEndIncluding": "773",
"matchCriteriaId": "E05376BB-16AE-4232-A35A-E733A286E625"
}
]
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-431xx/CVE-2023-43177.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-43177",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T00:15:07.073",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:52:51.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes."
},
{
"lang": "es",
"value": "CrushFTP anterior a 10.5.1 es vulnerable a modificaciones controladas incorrectamente de atributos de objetos determinados din\u00e1micamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-913"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.2",
"matchCriteriaId": "531E55E7-8536-4BD4-BE16-38C91C69052C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/the-emmons/CVE-Disclosures/blob/main/Pending/CrushFTP-2023-1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

137
CVE-2023/CVE-2023-437xx/CVE-2023-43752.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43752",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-16T07:15:07.203",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:51:00.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,142 @@
"value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en WRC-X3000GS2-W v1.05 y anteriores, WRC-X3000GS2-B v1.05 y anteriores, y WRC-X3000GS2A-B v1.05 y anteriores permite que un usuario autenticado adyacente a la red ejecute un sistema operativo arbitrario comando enviando una solicitud especialmente manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-x3000gs2-w_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.05",
"matchCriteriaId": "21390E4B-D326-4E5E-B172-96F0BA0892B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-x3000gs2-w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A7409C-3E07-4A7B-8248-F2090A74448B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-x3000gs2-b_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.05",
"matchCriteriaId": "10F9ECA1-A641-48C0-9E1A-F9735C89B829"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-x3000gs2-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D748C9E-0B14-404C-A0D7-4DD1DDF35C11"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-x3000gs2a-b_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.05",
"matchCriteriaId": "F6167B6D-10FB-4717-9A45-57C3FC71403D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-x3000gs2a-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DC2AA9-297E-4FAC-B64D-64A06ED4ED1F"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU94119876/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20231114-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-443xx/CVE-2023-44383.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44383",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T20:15:07.573",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p",
"source": "security-advisories@github.com"
}
]
}

75
CVE-2023/CVE-2023-473xx/CVE-2023-47335.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47335",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T06:15:31.923",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:26:13.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Permisos inseguros en la funci\u00f3n setNFZEnable del dron Autel Robotics EVO Nano v1.6.5 permite a los atacantes traspasar la geocerca y volar a zonas de exclusi\u00f3n a\u00e9rea."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:autelrobotics:evo_nano_drone_firmware:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "91BAABA5-17FA-4FA7-A788-6B9AE411517C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:autelrobotics:evo_nano_drone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD21CF8-41CB-4B63-B33C-F55DA30809E0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/czbxzm/AUTEL-smart-drones-have-a-vulnerability-to-unauthorised-breaches-of-no-fly-zone",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-474xx/CVE-2023-47470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T03:15:07.400",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:32:05.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en Ffmpeg anterior al commit de github 4565747056a11356210ed8edcecb920105e40b60 permite a un atacante remoto lograr una escritura fuera de matriz, ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n ref_pic_list_struct en libavcodec/evc_ps.c"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"matchCriteriaId": "54E3D89D-E427-413B-A8E1-C9ED6D2409F3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/goldds96/Report/tree/main/FFmpeg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-474xx/CVE-2023-47471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T04:15:06.857",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:27:28.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en strukturag libde265 v1.10.12 permite que un atacante local provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n slice_segment_header en el componente slice.cc."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libde265:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A736D1CB-9F33-4561-B10C-4074DF6C02F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/strukturag/libde265/issues/426",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-482xx/CVE-2023-48218.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48218",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-20T17:15:13.543",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:52:27.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has been patched in version 1.3.4. There are no known workarounds."
},
{
"lang": "es",
"value": "El complemento Strapi Protected Populate protege los endpoints \"get\" para que no revelen demasiada informaci\u00f3n. Antes de la versi\u00f3n 1.3.4, los usuarios pod\u00edan omitir la seguridad a nivel de campo. Los usuarios que intentaron completar algo a lo que no ten\u00edan acceso pod\u00edan completar esos campos de todos modos. Este problema se solucion\u00f3 en la versi\u00f3n 1.3.4. No se conocen workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strapi:protected_populate:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.4",
"matchCriteriaId": "7E302923-4968-48AB-BA63-4F0EFA16885B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strapi-community/strapi-plugin-protected-populate/commit/05441066d64e09dd55937d9f089962e9ebe2fb39",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/strapi-community/strapi-plugin-protected-populate/releases/tag/v1.3.4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/strapi-community/strapi-plugin-protected-populate/security/advisories/GHSA-6h67-934r-82g7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-482xx/CVE-2023-48221.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48221",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-20T18:15:06.850",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:51:57.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available."
},
{
"lang": "es",
"value": "wire-avs proporciona funcionalidad de Audio, Visual, and Signaling (AVS) en el software de mensajer\u00eda segura Wire. Antes de las versiones 9.2.22 y 9.3.5, una vulnerabilidad de cadena de formato remoto podr\u00eda permitir a un atacante provocar una Denegaci\u00f3n de Servicio o posiblemente ejecutar c\u00f3digo arbitrario. El problema se solucion\u00f3 en wire-avs 9.2.22 y 9.3.5 y ya est\u00e1 incluido en todos los productos Wire. No hay workarounds conocidos disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wire:audio\\,_video\\,_and_signaling:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.22",
"matchCriteriaId": "0824D9AA-1F5B-4F7E-BB83-5472539AE5E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wire:audio\\,_video\\,_and_signaling:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndIncluding": "9.3.5",
"matchCriteriaId": "30DFE66C-5656-4EDF-95C5-9405B080A6AB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-482xx/CVE-2023-48223.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48223",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-20T18:15:07.047",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:51:09.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header. Applications using the RS256 algorithm, a public key with a `BEGIN RSA PUBLIC KEY` header, and calling the verify function without explicitly providing an algorithm, are vulnerable to this algorithm confusion attack which allows attackers to sign arbitrary payloads which will be accepted by the verifier. Version 3.3.2 contains a patch for this issue. As a workaround, change line 29 of `blob/master/src/crypto.js` to include a regular expression."
},
{
"lang": "es",
"value": "fast-jwt proporciona una implementaci\u00f3n r\u00e1pida de JSON Web Token (JWT). Antes de la versi\u00f3n 3.3.2, la librer\u00eda fast-jwt no evita adecuadamente la confusi\u00f3n del algoritmo JWT para todos los tipos de claves p\u00fablicas. El 'publicKeyPemMatcher' en 'fast-jwt/src/crypto.js' no coincide correctamente con todos los formatos PEM comunes para claves p\u00fablicas. Para explotar esta vulnerabilidad, un atacante necesita crear un token JWT malicioso que contenga el algoritmo HS256, firmado con la clave RSA p\u00fablica de la aplicaci\u00f3n v\u00edctima. Este ataque solo funcionar\u00e1 si la aplicaci\u00f3n v\u00edctima utiliza una clave p\u00fablica que contenga el encabezado \"BEGIN RSA PUBLIC KEY\". Las aplicaciones que utilizan el algoritmo RS256, una clave p\u00fablica con un encabezado \"BEGIN RSA PUBLIC KEY\", y que llaman a la funci\u00f3n de verificaci\u00f3n sin proporcionar expl\u00edcitamente un algoritmo, son vulnerables a este ataque de confusi\u00f3n de algoritmo que permite a los atacantes firmar payloads arbitrarios que ser\u00e1n aceptadas por el verificador. La versi\u00f3n 3.3.2 contiene un parche para este problema. Como workaround, cambie la l\u00ednea 29 de `blob/master/src/crypto.js` para incluir una expresi\u00f3n regular."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nearform:fast-jwt:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "3.3.2",
"matchCriteriaId": "04216FDF-08CB-4312-9068-BE70476DD1C4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nearform/fast-jwt/blob/master/src/crypto.js#L29",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/nearform/fast-jwt/releases/tag/v3.3.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/nearform/fast-jwt/security/advisories/GHSA-c2ff-88x2-x9pg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-482xx/CVE-2023-48238.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48238",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-17T22:15:07.817",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:53:34.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm."
},
{
"lang": "es",
"value": "joaquimserafim/json-web-token es una librer\u00eda de JavaScript que se utiliza para interactuar con JSON Web Tokens (JWT), que son un medio compacto seguro para URL para representar reclamaciones que se transferir\u00e1n entre dos partes. Las versiones afectadas de la librer\u00eda json-web-token son vulnerables a un ataque de confusi\u00f3n del algoritmo JWT. En la l\u00ednea 86 del archivo 'index.js', el algoritmo que se utilizar\u00e1 para verificar la firma del token JWT se toma del token JWT, que en ese momento a\u00fan no est\u00e1 verificado y, por lo tanto, no se debe confiar en \u00e9l. Para explotar esta vulnerabilidad, un atacante necesita crear un token JWT malicioso que contenga el algoritmo HS256, firmado con la clave RSA p\u00fablica de la aplicaci\u00f3n v\u00edctima. Este ataque solo funcionar\u00e1 contra esta librer\u00eda si el algoritmo RS256 est\u00e1 en uso; sin embargo, es una buena pr\u00e1ctica utilizar ese algoritmo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joaquimserafim:json_web_token:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "3.1.1",
"matchCriteriaId": "DEA4CF7A-3784-41E7-A801-2283EEEDBF69"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/joaquimserafim/json-web-token/security/advisories/GHSA-4xw9-cx39-r355",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-482xx/CVE-2023-48240.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48240",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-20T18:15:07.233",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:50:43.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. The attack can be triggered with an image that references the rendered diff, thus making it easy to trigger. Apart from stealing login cookies, this also allows server-side request forgery (the result of any successful request is returned in the image's source) and viewing protected content as once a resource is cached, it is returned for all users. As only successful requests are cached, the cache will be filled by the first user who is allowed to access the resource. This has been patched in XWiki 14.10.15, 15.5.1 and 15.6. The rendered diff now only downloads images from trusted domains. Further, cookies are only sent when the image's domain is the same the requested domain. The cache has been changed to be specific for each user. As a workaround, the image embedding feature can be disabled by deleting `xwiki-platform-diff-xml-<version>.jar` in `WEB-INF/lib/`."
},
{
"lang": "es",
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica. La diferencia renderizada en XWiki incorpora im\u00e1genes para poder comparar los contenidos y no mostrar una diferencia para una imagen realmente sin cambios. Para ello, XWiki solicita todas las im\u00e1genes incrustadas en el lado del servidor. Estas solicitudes tambi\u00e9n se env\u00edan para im\u00e1genes de otros dominios e incluyen todas las cookies que se enviaron en la solicitud original para garantizar que se puedan comparar las im\u00e1genes con derecho de visualizaci\u00f3n restringido. A partir de la versi\u00f3n 11.10.1 y anteriores a las versiones 14.10.15, 15.5.1 y 15.6, esto permite a un atacante robar cookies de inicio de sesi\u00f3n y sesi\u00f3n que permiten hacerse pasar por el usuario actual que ve la diferencia. El ataque se puede activar con una imagen que haga referencia a la diferencia renderizada, lo que facilita su activaci\u00f3n. Adem\u00e1s de robar cookies de inicio de sesi\u00f3n, esto tambi\u00e9n permite server-side request forgery (el resultado de cualquier solicitud exitosa se devuelve en la fuente de la imagen) y ver contenido protegido, ya que una vez que un recurso se almacena en cach\u00e9, se devuelve para todos los usuarios. Como solo se almacenan en cach\u00e9 las solicitudes exitosas, el primer usuario al que se le permita acceder al recurso completar\u00e1 la cach\u00e9. Esto ha sido parcheado en XWiki 14.10.15, 15.5.1 y 15.6. La diferencia renderizada ahora solo descarga im\u00e1genes de dominios confiables. Adem\u00e1s, las cookies s\u00f3lo se env\u00edan cuando el dominio de la imagen es el mismo que el dominio solicitado. El cach\u00e9 se ha cambiado para que sea espec\u00edfico para cada usuario. Como workaround, la funci\u00f3n de incrustaci\u00f3n de im\u00e1genes se puede desactivar eliminando `xwiki-platform-diff-xml-.jar` en `WEB-INF/lib/`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,18 +88,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.10.1",
"versionEndExcluding": "14.10.15",
"matchCriteriaId": "B7C1E2D0-444F-42C8-87A4-4F9A2A8C75A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.1",
"matchCriteriaId": "C6697094-C3B7-4746-AC50-1C99C9DECAC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96F8B723-5227-4590-8626-C9CF0D3BC2B8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20818",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-482xx/CVE-2023-48241.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48241",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-20T18:15:07.440",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:49:19.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available."
},
{
"lang": "es",
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica. A partir de la versi\u00f3n 6.3-milestone-2 y antes de las versiones 14.10.15, 15.5.1 y 15.6RC1, el proveedor de sugerencias de b\u00fasqueda basado en Solr que tambi\u00e9n se duplica como API JavaScript gen\u00e9rica para los resultados de b\u00fasqueda en XWiki expone el contenido de todos los documentos de todos los wikis a cualquiera que tenga acceso a ellos, por defecto es p\u00fablico. Esto expone toda la informaci\u00f3n almacenada en el wiki (pero no parte de la informaci\u00f3n protegida como los hashes de contrase\u00f1as). Si bien normalmente existe una verificaci\u00f3n correcta, esta se puede eludir solicitando expl\u00edcitamente campos de Solr que no incluyan los datos para la verificaci\u00f3n correcta. Esto se solucion\u00f3 en XWiki 15.6RC1, 15.5.1 y 14.10.15 al no enumerar los documentos cuyos derechos no se pueden verificar. No hay workarounds conocidos disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "14.10.5",
"matchCriteriaId": "51077DBC-644F-4A90-97F4-7DD7E8059C98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.1",
"matchCriteriaId": "C6697094-C3B7-4746-AC50-1C99C9DECAC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:6.3:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "6387A0C9-03A5-43B5-81CB-034A745FF4A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E603D197-FC4B-42C1-97EB-634021BB9C61"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21138",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-482xx/CVE-2023-48292.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48292",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-20T18:15:07.630",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:44:39.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the attacker can leave a comment on any page in the wiki it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. When an admin views the comment, the file `/tmp/attacked` will be created on the server. The output of the command is also vulnerable to XWiki syntax injection which offers a simple way to execute Groovy in the context of the XWiki installation and thus an even easier way to compromise the integrity and confidentiality of the whole XWiki installation. This has been patched by adding a form token check in version 4.5.1 of the admin tools. Some workarounds are available. The patch can be applied manually to the affected wiki pages. Alternatively, the document `Admin.RunShellCommand` can also be deleted if the possibility to run shell commands isn't needed."
},
{
"lang": "es",
"value": "XWiki Admin Tools Application proporciona herramientas para ayudar en la administraci\u00f3n de XWiki. A partir de la versi\u00f3n 4.4 y antes de la versi\u00f3n 4.5.1, una vulnerabilidad de Cross-Site Request Forgery en la herramienta de administraci\u00f3n para ejecutar comandos de shell en el servidor permite a un atacante ejecutar comandos de shell arbitrarios enga\u00f1ando a un administrador para que cargue la URL con el comando de shell. Una posibilidad muy simple de ataque son los comentarios. Cuando el atacante puede dejar un comentario en cualquier p\u00e1gina de la wiki, basta con incluir una imagen con una URL como `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` en el comentario. Cuando un administrador vea el comentario, se crear\u00e1 el archivo `/tmp/attacked` en el servidor. La salida del comando tambi\u00e9n es vulnerable a la inyecci\u00f3n de sintaxis de XWiki, lo que ofrece una manera sencilla de ejecutar Groovy en el contexto de la instalaci\u00f3n de XWiki y, por lo tanto, una manera a\u00fan m\u00e1s f\u00e1cil de comprometer la integridad y confidencialidad de toda la instalaci\u00f3n de XWiki. Esto se solucion\u00f3 agregando una verificaci\u00f3n de token de formulario en la versi\u00f3n 4.5.1 de las herramientas de administraci\u00f3n. Algunos workarounds est\u00e1n disponibles. El parche se puede aplicar manualmente a las p\u00e1ginas wiki afectadas. Alternativamente, el documento `Admin.RunShellCommand` tambi\u00e9n se puede eliminar si no se necesita la posibilidad de ejecutar comandos de shell."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:admin_tools:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4",
"versionEndExcluding": "4.5.1",
"matchCriteriaId": "F4079268-32DF-4EDB-825E-B8788E6A670A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki-contrib/application-admintools/commit/03815c505c9f37006a0c56495e862dc549a39da8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-8jpr-ff92-hpf9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/ADMINTOOL-91",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-482xx/CVE-2023-48294.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-17T22:15:08.010",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:53:09.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "LibreNMS es un monitor de red basado en PHP/MySQL/SNMP con descubrimiento autom\u00e1tico que incluye soporte para una amplia gama de hardware de red y sistemas operativos. En las versiones afectadas de LibreNMS, cuando un usuario accede al panel de su dispositivo, se env\u00eda una solicitud a `graph.php` para acceder a los gr\u00e1ficos generados en el dispositivo en particular. Un usuario con privilegios bajos puede acceder a esta solicitud y puede enumerar dispositivos en librenms con su identificaci\u00f3n o nombre de host. Aprovechando esta vulnerabilidad, un usuario con privilegios bajos puede ver todos los dispositivos registrados por los usuarios administradores. Esta vulnerabilidad se solucion\u00f3 en el commit `489978a923` que se incluy\u00f3 en la versi\u00f3n 23.11.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.11.0",
"matchCriteriaId": "24B09F58-7CE2-470F-8F5B-6771753682A6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

517
CVE-2023/CVE-2023-483xx/CVE-2023-48365.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48365",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T22:15:28.027",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T20:43:54.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265."
},
{
"lang": "es",
"value": "Qlik Sense Enterprise para Windows antes de agosto de 2023 El parche 2 permite la ejecuci\u00f3n remota de c\u00f3digo no autenticado, tambi\u00e9n conocido como QB-21683. Debido a una validaci\u00f3n inadecuada de los encabezados HTTP, un atacante remoto puede elevar su privilegio al canalizar las solicitudes HTTP, lo que le permite ejecutar solicitudes HTTP en el servidor backend que aloja la aplicaci\u00f3n del repositorio. Las versiones corregidas son el parche 2 de agosto de 2023, el parche 6 de mayo de 2023, el parche 10 de febrero de 2023, el parche 12 de noviembre de 2022, el parche 14 de agosto de 2022, el parche 16 de mayo de 2022, el parche 15 de febrero de 2022 y el parche 17 de noviembre de 2021. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2023-41265."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +58,497 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "41AEA1CA-D344-48DB-92D8-05D0EDC8487D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "FC12BB7A-366F-4EE2-AABF-19E83B5B9EC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_10:*:*:enterprise:windows:*:*",
"matchCriteriaId": "5F601CFC-70D0-450B-AE49-058E6B887E15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_11:*:*:enterprise:windows:*:*",
"matchCriteriaId": "17E7F947-3322-46BB-9B89-689F1B792D89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_12:*:*:enterprise:windows:*:*",
"matchCriteriaId": "37AF6E89-73F0-49E8-82F4-08084A5EBE2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_13:*:*:enterprise:windows:*:*",
"matchCriteriaId": "B633BE26-057C-403F-A4BB-270E1D709ADF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_2:*:*:enterprise:windows:*:*",
"matchCriteriaId": "E4C7CBBB-C6A0-460E-95DC-C1855826C7F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_3:*:*:enterprise:windows:*:*",
"matchCriteriaId": "BD491E32-270C-452B-AC1E-FB8F509B916E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_4:*:*:enterprise:windows:*:*",
"matchCriteriaId": "EDE2809B-4234-443E-9E6A-6B402D258617"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "155F0D6F-2E4A-40E7-9145-7D130334466B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_6:*:*:enterprise:windows:*:*",
"matchCriteriaId": "D733F495-E0EF-4F25-8532-2773415EFB8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_7:*:*:enterprise:windows:*:*",
"matchCriteriaId": "578092D7-0F52-45C1-B7E2-FC5AF86AB8ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_8:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1B3164BA-0BDB-41F9-B51C-4FB0489A125A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_9:*:*:enterprise:windows:*:*",
"matchCriteriaId": "E0D31C35-50DC-4CDF-AFD4-311EAF5BBBD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2023:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "34047E2B-26A8-46F4-A9FA-24E4C997AF58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2023:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "3310512E-BDAA-46E4-925E-6BEF1E25417F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "24422FCB-D58E-4E00-A541-7557CFD9D30A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "050A35DF-46A5-4327-8A13-07D1DD3E4F49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_10:*:*:enterprise:windows:*:*",
"matchCriteriaId": "8E1D08FE-49DA-41B2-B562-4CC50BF6C361"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_11:*:*:enterprise:windows:*:*",
"matchCriteriaId": "2ED9A41B-9E76-4B6E-BDB5-FEE969DEAFDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_12:*:*:enterprise:windows:*:*",
"matchCriteriaId": "96E3A247-C5AD-4A84-855B-118386424087"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_13:*:*:enterprise:windows:*:*",
"matchCriteriaId": "DDA98915-B4BA-4044-8404-2AFAB25EAA06"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_14:*:*:enterprise:windows:*:*",
"matchCriteriaId": "F9DA8A45-9FEF-486E-AD6A-C5A9D15D0246"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_2:*:*:enterprise:windows:*:*",
"matchCriteriaId": "AFCDA4AC-758E-4999-94B6-D3BA24F03BB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_3:*:*:enterprise:windows:*:*",
"matchCriteriaId": "83547AC9-E4E6-4FF9-94CE-DDB32BF1D41F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_4:*:*:enterprise:windows:*:*",
"matchCriteriaId": "35881EDA-560B-4C5C-9388-EC44F4B89F83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "C090D35D-6ED8-406A-AC58-6A79280F52A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_6:*:*:enterprise:windows:*:*",
"matchCriteriaId": "39DF7548-666A-4903-8785-7CD7295DA6E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_7:*:*:enterprise:windows:*:*",
"matchCriteriaId": "F8467611-FF63-4154-AC76-ED7A876A46CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_8:*:*:enterprise:windows:*:*",
"matchCriteriaId": "B6D680D9-1049-4CA5-9AFD-1EC5C6B0DC5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_9:*:*:enterprise:windows:*:*",
"matchCriteriaId": "E721B224-0A35-4A9B-BD44-5B127FF1E6E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "95BBBA68-269F-4385-9D14-A736F2CD707E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "E6E1046C-35F4-451A-BFF1-2FC6EB01B547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_2:*:*:enterprise:windows:*:*",
"matchCriteriaId": "D9AB037B-EE88-47CD-B387-42651CBAAFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_3:*:*:enterprise:windows:*:*",
"matchCriteriaId": "3D28B87A-B36A-428E-A93B-255CFD62036F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_4:*:*:enterprise:windows:*:*",
"matchCriteriaId": "9AD961D6-A315-493C-926F-1441E51C1742"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1EFEBD77-7968-4649-8E9B-DAB24DC36E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_6:*:*:enterprise:windows:*:*",
"matchCriteriaId": "E6D033E6-C022-4C6B-9EAC-95ABF6CA9BA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_7:*:*:enterprise:windows:*:*",
"matchCriteriaId": "761B402F-4E98-46A4-A8E3-87F167CF01D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_8:*:*:enterprise:windows:*:*",
"matchCriteriaId": "5523F0D6-0017-4A1B-9A02-8108731DE05C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_9:*:*:enterprise:windows:*:*",
"matchCriteriaId": "5B1B9FCD-3499-4F0B-97FC-C693942FF0EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "12C6F742-F9E3-4F02-9610-B187E8DF9B61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "9EE55EBA-35E6-4538-BA42-AB0AF18FBC78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_10:*:*:enterprise:windows:*:*",
"matchCriteriaId": "A32668D9-297C-443A-94BA-5EE404B56286"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_11:*:*:enterprise:windows:*:*",
"matchCriteriaId": "4345AFA4-785C-4723-B7C5-0B1C74AFEB64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_12:*:*:enterprise:windows:*:*",
"matchCriteriaId": "778E7986-3F4E-4AA0-BBBD-FB2C454B8170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_13:*:*:enterprise:windows:*:*",
"matchCriteriaId": "F8822B86-2222-47B4-AE4B-A0E43523DAAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_14:*:*:enterprise:windows:*:*",
"matchCriteriaId": "C8B23C50-2E46-4248-931F-CCFB6E96A115"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_15:*:*:enterprise:windows:*:*",
"matchCriteriaId": "9C62E965-1663-419B-9C06-98655D4B0569"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_2:*:*:enterprise:windows:*:*",
"matchCriteriaId": "E23565A3-34D2-40AA-8CB9-AB6EB4DDC776"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_3:*:*:enterprise:windows:*:*",
"matchCriteriaId": "D2BCA144-1D99-48B4-B803-14049B14632B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_4:*:*:enterprise:windows:*:*",
"matchCriteriaId": "64E043EC-C2A5-47C8-85BC-190607E7798C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "035B8F10-67E0-4A73-863E-9A8C76C1EF9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_6:*:*:enterprise:windows:*:*",
"matchCriteriaId": "4B40BC46-2A7E-4019-A0B1-6D3981ECB002"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_7:*:*:enterprise:windows:*:*",
"matchCriteriaId": "CA7C07E6-AFEB-4A9A-B9E7-D0EFE34B4DCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_8:*:*:enterprise:windows:*:*",
"matchCriteriaId": "C3DF6FC7-FB30-4A5C-A9E6-EB61DA00BB3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_9:*:*:enterprise:windows:*:*",
"matchCriteriaId": "12263319-ECAB-4AEA-B421-134A1816FF0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "9E7034FB-5E64-47AD-B4A4-8428474C48C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "29158A06-3DE9-487B-9BC5-B4A690864F4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_2:*:*:enterprise:windows:*:*",
"matchCriteriaId": "272C2CFE-0D8E-46CE-92B6-2BA8658C951B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_3:*:*:enterprise:windows:*:*",
"matchCriteriaId": "91DBE33A-C764-46E7-A86C-8F39A19A3B82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_4:*:*:enterprise:windows:*:*",
"matchCriteriaId": "BD48FE50-4825-461E-BE3F-7740B8A5EC7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "57E86313-0DDA-4FBA-89EF-CAAAD27A38CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "D8CB1637-AAF0-437A-A900-AA65D2D60299"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "0EDF6498-65CF-4569-AA9B-03D0CB79421E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_10:*:*:enterprise:windows:*:*",
"matchCriteriaId": "CB84D640-CAB6-4D91-9B24-B87F5FF07A26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_11:*:*:enterprise:windows:*:*",
"matchCriteriaId": "C96EAA46-482D-4322-A226-AB5BE8F61276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_12:*:*:enterprise:windows:*:*",
"matchCriteriaId": "A13C0501-7C14-4DFE-A3C4-941A479B5D7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_13:*:*:enterprise:windows:*:*",
"matchCriteriaId": "C687581D-C6C2-49C9-8A7D-F9BD6E7EEC77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_14:*:*:enterprise:windows:*:*",
"matchCriteriaId": "CB16E82C-5C38-4364-B445-C30FBE429DF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_15:*:*:enterprise:windows:*:*",
"matchCriteriaId": "B4B3A235-231D-4993-9FE5-51B460C4A4D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_16:*:*:enterprise:windows:*:*",
"matchCriteriaId": "DB79992D-7897-42C3-A628-BE64F3727795"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_2:*:*:enterprise:windows:*:*",
"matchCriteriaId": "4F9774E8-B376-4644-9EBA-151453142014"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_3:*:*:enterprise:windows:*:*",
"matchCriteriaId": "91B6C3BC-0492-4C1A-A790-B859EA0752FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_4:*:*:enterprise:windows:*:*",
"matchCriteriaId": "C5BEF48B-C704-4B65-92C2-5373F29073AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "D7B66038-D625-40D3-9E5A-E3076D796A47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_6:*:*:enterprise:windows:*:*",
"matchCriteriaId": "67ED13F8-B452-4F90-A492-7D4AEE36A4DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_7:*:*:enterprise:windows:*:*",
"matchCriteriaId": "FD56699E-78F3-4FC4-B6A5-8D4759B53DBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_8:*:*:enterprise:windows:*:*",
"matchCriteriaId": "235E44C4-2B84-48DE-A534-6081F3DFDE17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_9:*:*:enterprise:windows:*:*",
"matchCriteriaId": "19F7DE12-3456-4BE2-92B3-00F29C7E07F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:-:*:*:enterprise:windows:*:*",
"matchCriteriaId": "72D56C24-9CEF-486B-8E46-6111D7B1676A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_1:*:*:enterprise:windows:*:*",
"matchCriteriaId": "338E52B2-AD7D-43F3-B707-E0E5976B269E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_10:*:*:enterprise:windows:*:*",
"matchCriteriaId": "D216C67A-F124-49F0-90EA-B0C8B663D760"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_11:*:*:enterprise:windows:*:*",
"matchCriteriaId": "81D4C015-A0D2-44E8-87B1-5CF790EFDBED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_2:*:*:enterprise:windows:*:*",
"matchCriteriaId": "FA68ADC7-9E20-4BD3-9235-6D76D4519512"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_3:*:*:enterprise:windows:*:*",
"matchCriteriaId": "B41A9B8C-FAD3-46F1-8973-DF1FA408064B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_4:*:*:enterprise:windows:*:*",
"matchCriteriaId": "EE23F5BD-579C-488D-965A-AE916C32976A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "E9C90120-93D1-43B0-B541-F07EB8FD44EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_6:*:*:enterprise:windows:*:*",
"matchCriteriaId": "450F236B-4673-403C-9E23-736C0ED92F6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_7:*:*:enterprise:windows:*:*",
"matchCriteriaId": "D5E431DE-26E2-4DA2-AD0B-1479D0C95B98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_8:*:*:enterprise:windows:*:*",
"matchCriteriaId": "0D6F6570-970B-4E49-9D92-65FAFCC71360"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_9:*:*:enterprise:windows:*:*",
"matchCriteriaId": "38116465-3485-44D3-9097-F2C821D8278F"
}
]
}
]
}
],
"references": [
{
"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-488xx/CVE-2023-48880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48880",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T16:15:07.167",
"lastModified": "2023-11-29T16:15:07.167",
"vulnStatus": "Received",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-488xx/CVE-2023-48881.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48881",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T16:15:07.217",
"lastModified": "2023-11-29T16:15:07.217",
"vulnStatus": "Received",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-488xx/CVE-2023-48882.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48882",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T16:15:07.270",
"lastModified": "2023-11-29T16:15:07.270",
"vulnStatus": "Received",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-489xx/CVE-2023-48945.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48945",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:07.797",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1172",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48946.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48946",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:07.850",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1178",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48947.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48947",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:07.897",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1179",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48948.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48948",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:07.940",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1176",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48949.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48949",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:07.990",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1173",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48950.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48950",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:08.033",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1174",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48951.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48951",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:08.087",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1177",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48952.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48952",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T20:15:08.133",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1175",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-490xx/CVE-2023-49079.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49079",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T19:15:07.713",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-3f39-6537-3cgc",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-490xx/CVE-2023-49082.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-49082",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T20:15:08.180",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-93"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-490xx/CVE-2023-49083.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-49083",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T19:15:07.967",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pyca/cryptography/pull/9926",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-490xx/CVE-2023-49090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49090",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T15:15:08.900",
"lastModified": "2023-11-29T15:15:08.900",
"vulnStatus": "Received",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-490xx/CVE-2023-49091.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49091",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T20:15:08.390",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x",
"source": "security-advisories@github.com"
}
]
}

142
CVE-2023/CVE-2023-54xx/CVE-2023-5444.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5444",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-17T10:15:07.723",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:31:17.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -50,10 +70,126 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:service_pack_1_update:*:*:*:*:*:*",
"matchCriteriaId": "3E6BB53A-ECF6-4FBF-ADB0-D07BBD14225C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:service_pack_1_update_1:*:*:*:*:*:*",
"matchCriteriaId": "E4C5D7EC-84F4-4B82-B8A2-82048C188578"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
"matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*",
"matchCriteriaId": "C879487A-3378-4C5D-9DA6-308D06B786A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "01D8BF05-C02C-432A-AA3A-2FA20E6FD859"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "66235835-40DC-4F35-B5E2-C673059ADCF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*",
"matchCriteriaId": "523E143F-E8B3-4B24-AD64-65BF5A8677A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_13:*:*:*:*:*:*",
"matchCriteriaId": "3AF53482-AE68-40F8-8FA6-0A2DAC019A34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_14:*:*:*:*:*:*",
"matchCriteriaId": "62995EC0-0A00-4140-8C76-1D7648A9FB46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_15:*:*:*:*:*:*",
"matchCriteriaId": "7E5A7025-BC7B-43F4-BC66-902A10A0A200"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
"matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
"matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451"
}
]
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/agent/index?page=content&id=SB10410",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Permissions Required"
]
}
]
}

142
CVE-2023/CVE-2023-54xx/CVE-2023-5445.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5445",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-17T10:15:08.167",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:30:32.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -50,10 +70,126 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:service_pack_1_update:*:*:*:*:*:*",
"matchCriteriaId": "3E6BB53A-ECF6-4FBF-ADB0-D07BBD14225C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:service_pack_1_update_1:*:*:*:*:*:*",
"matchCriteriaId": "E4C5D7EC-84F4-4B82-B8A2-82048C188578"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
"matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*",
"matchCriteriaId": "C879487A-3378-4C5D-9DA6-308D06B786A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "01D8BF05-C02C-432A-AA3A-2FA20E6FD859"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "66235835-40DC-4F35-B5E2-C673059ADCF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*",
"matchCriteriaId": "523E143F-E8B3-4B24-AD64-65BF5A8677A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_13:*:*:*:*:*:*",
"matchCriteriaId": "3AF53482-AE68-40F8-8FA6-0A2DAC019A34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_14:*:*:*:*:*:*",
"matchCriteriaId": "62995EC0-0A00-4140-8C76-1D7648A9FB46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_15:*:*:*:*:*:*",
"matchCriteriaId": "7E5A7025-BC7B-43F4-BC66-902A10A0A200"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
"matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
"matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451"
}
]
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10410",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-57xx/CVE-2023-5715.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5715",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:14.550",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:50:49.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Website Optimization \u2013 Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "Optimizaci\u00f3n del sitio web: el complemento Plerdy para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n del c\u00f3digo de seguimiento del complemento en todas las versiones hasta la 1.3.2 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plerdy:heatmap:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "CF57C6CA-6304-434B-A767-925F8ADF86F3"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/plerdy-heatmap/trunk/plerdy_heatmap_tracking.php#L132",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2989840%40plerdy-heatmap&new=2989840%40plerdy-heatmap&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db18ac07-2e7a-466d-b00c-a598401f8633?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-58xx/CVE-2023-5815.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5815",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:14.877",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:15:40.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE."
},
{
"lang": "es",
"value": "El complemento News &amp; Blog Designer Pack \u2013 WordPress Blog Plugin (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo mediante la inclusi\u00f3n de archivos locales en todas las versiones hasta 3.4.1 incluida, a trav\u00e9s de la funci\u00f3n bdp_get_more_post enlazada a trav\u00e9s de un AJAX nopriv. Esto se debe a que la funci\u00f3n utiliza un m\u00e9todo extract() inseguro para extraer valores de la variable POST y pasar esa entrada a la funci\u00f3n include(). Esto hace posible que atacantes no autenticados incluyan archivos PHP arbitrarios y logren la ejecuci\u00f3n remota de c\u00f3digo. En configuraciones de Docker vulnerables, es posible que un atacante cree un archivo PHP y luego lo incluya para lograr RCE."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:infornweb:news_\\&_blog_designer_pack:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.4.1",
"matchCriteriaId": "BCA1317B-86B2-4944-A4D8-500740365079"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984052%40blog-designer-pack&new=2984052%40blog-designer-pack&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/blog-designer-pack/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.leavesongs.com/PENETRATION/docker-php-include-getshell.html#0x06-pearcmdphp",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-58xx/CVE-2023-5822.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5822",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:15.043",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:15:14.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types."
},
{
"lang": "es",
"value": "El complemento Drag and Drop Multiple File Upload - Contact Form 7 para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validaci\u00f3n insuficiente del tipo de archivo en la funci\u00f3n 'dnd_upload_cf7_upload' en versiones hasta la 1.3.7.3 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo. Esto se puede aprovechar si un usuario autorizado para editar el formulario, lo que significa privilegios de editor o superiores, ha agregado un campo de formulario de 'carga de m\u00faltiples archivos' con '*' tipos de archivos aceptables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,26 +58,72 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.7.3",
"matchCriteriaId": "DF2783C5-449B-4311-B2A2-284B48D238A6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L828",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L855",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L904",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2987252%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=2968538%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-60xx/CVE-2023-6007.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6007",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:15.210",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:01:54.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable al acceso no autorizado a datos, modificaci\u00f3n de datos, p\u00e9rdida de datos debido a una falta de verificaci\u00f3n de capacidad en m\u00faltiples funciones en todas las versiones hasta la 5.1.1 incluida. Esto hace posible que atacantes no autenticados agreguen, modifiquen o eliminen metaopciones y complementos del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "E30F7B1B-A4E6-4C8F-ACA8-0A9B16EED37B"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4094
CVE-2023/CVE-2023-61xx/CVE-2023-6105.json
View File

File diff suppressed because it is too large Load Diff

57
CVE-2023/CVE-2023-61xx/CVE-2023-6119.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6119",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-16T10:15:19.217",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-29T19:32:07.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trellix:getsusp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.0.27",
"matchCriteriaId": "AAF002A6-9A8D-4396-98C8-105E59077E70"
}
]
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10412",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-62xx/CVE-2023-6217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6217",
"sourceIdentifier": "security@progress.com",
"published": "2023-11-29T17:15:07.373",
"lastModified": "2023-11-29T17:15:07.373",
"vulnStatus": "Received",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-62xx/CVE-2023-6218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6218",
"sourceIdentifier": "security@progress.com",
"published": "2023-11-29T17:15:07.587",
"lastModified": "2023-11-29T17:15:07.587",
"vulnStatus": "Received",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-29T19:01:02.672427+00:00
2023-11-29T21:00:18.287459+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-29T18:58:52.620000+00:00
2023-11-29T20:59:23.030000+00:00
```
### Last Data Feed Release
@ -29,46 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231694
231707
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `13`
* [CVE-2023-6217](CVE-2023/CVE-2023-62xx/CVE-2023-6217.json) (`2023-11-29T17:15:07.373`)
* [CVE-2023-6218](CVE-2023/CVE-2023-62xx/CVE-2023-6218.json) (`2023-11-29T17:15:07.587`)
* [CVE-2023-49079](CVE-2023/CVE-2023-490xx/CVE-2023-49079.json) (`2023-11-29T19:15:07.713`)
* [CVE-2023-49083](CVE-2023/CVE-2023-490xx/CVE-2023-49083.json) (`2023-11-29T19:15:07.967`)
* [CVE-2023-44383](CVE-2023/CVE-2023-443xx/CVE-2023-44383.json) (`2023-11-29T20:15:07.573`)
* [CVE-2023-48945](CVE-2023/CVE-2023-489xx/CVE-2023-48945.json) (`2023-11-29T20:15:07.797`)
* [CVE-2023-48946](CVE-2023/CVE-2023-489xx/CVE-2023-48946.json) (`2023-11-29T20:15:07.850`)
* [CVE-2023-48947](CVE-2023/CVE-2023-489xx/CVE-2023-48947.json) (`2023-11-29T20:15:07.897`)
* [CVE-2023-48948](CVE-2023/CVE-2023-489xx/CVE-2023-48948.json) (`2023-11-29T20:15:07.940`)
* [CVE-2023-48949](CVE-2023/CVE-2023-489xx/CVE-2023-48949.json) (`2023-11-29T20:15:07.990`)
* [CVE-2023-48950](CVE-2023/CVE-2023-489xx/CVE-2023-48950.json) (`2023-11-29T20:15:08.033`)
* [CVE-2023-48951](CVE-2023/CVE-2023-489xx/CVE-2023-48951.json) (`2023-11-29T20:15:08.087`)
* [CVE-2023-48952](CVE-2023/CVE-2023-489xx/CVE-2023-48952.json) (`2023-11-29T20:15:08.133`)
* [CVE-2023-49082](CVE-2023/CVE-2023-490xx/CVE-2023-49082.json) (`2023-11-29T20:15:08.180`)
* [CVE-2023-49091](CVE-2023/CVE-2023-490xx/CVE-2023-49091.json) (`2023-11-29T20:15:08.390`)
### CVEs modified in the last Commit
Recently modified CVEs: `36`
Recently modified CVEs: `43`
* [CVE-2023-6199](CVE-2023/CVE-2023-61xx/CVE-2023-6199.json) (`2023-11-29T17:28:30.710`)
* [CVE-2023-48310](CVE-2023/CVE-2023-483xx/CVE-2023-48310.json) (`2023-11-29T18:00:23.390`)
* [CVE-2023-48051](CVE-2023/CVE-2023-480xx/CVE-2023-48051.json) (`2023-11-29T18:00:35.757`)
* [CVE-2023-48192](CVE-2023/CVE-2023-481xx/CVE-2023-48192.json) (`2023-11-29T18:00:50.257`)
* [CVE-2023-6178](CVE-2023/CVE-2023-61xx/CVE-2023-6178.json) (`2023-11-29T18:01:19.947`)
* [CVE-2023-6062](CVE-2023/CVE-2023-60xx/CVE-2023-6062.json) (`2023-11-29T18:01:56.163`)
* [CVE-2023-48293](CVE-2023/CVE-2023-482xx/CVE-2023-48293.json) (`2023-11-29T18:02:07.070`)
* [CVE-2023-47393](CVE-2023/CVE-2023-473xx/CVE-2023-47393.json) (`2023-11-29T18:02:56.760`)
* [CVE-2023-47392](CVE-2023/CVE-2023-473xx/CVE-2023-47392.json) (`2023-11-29T18:03:15.443`)
* [CVE-2023-47016](CVE-2023/CVE-2023-470xx/CVE-2023-47016.json) (`2023-11-29T18:03:48.853`)
* [CVE-2023-6015](CVE-2023/CVE-2023-60xx/CVE-2023-6015.json) (`2023-11-29T18:10:05.760`)
* [CVE-2023-6018](CVE-2023/CVE-2023-60xx/CVE-2023-6018.json) (`2023-11-29T18:10:27.767`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-11-29T18:15:07.043`)
* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-11-29T18:15:07.203`)
* [CVE-2023-6019](CVE-2023/CVE-2023-60xx/CVE-2023-6019.json) (`2023-11-29T18:15:07.390`)
* [CVE-2023-41146](CVE-2023/CVE-2023-411xx/CVE-2023-41146.json) (`2023-11-29T18:15:29.650`)
* [CVE-2023-27519](CVE-2023/CVE-2023-275xx/CVE-2023-27519.json) (`2023-11-29T18:15:41.620`)
* [CVE-2023-41145](CVE-2023/CVE-2023-411xx/CVE-2023-41145.json) (`2023-11-29T18:37:59.253`)
* [CVE-2023-29069](CVE-2023/CVE-2023-290xx/CVE-2023-29069.json) (`2023-11-29T18:38:05.767`)
* [CVE-2023-27879](CVE-2023/CVE-2023-278xx/CVE-2023-27879.json) (`2023-11-29T18:38:52.677`)
* [CVE-2023-48161](CVE-2023/CVE-2023-481xx/CVE-2023-48161.json) (`2023-11-29T18:48:53.683`)
* [CVE-2023-6009](CVE-2023/CVE-2023-60xx/CVE-2023-6009.json) (`2023-11-29T18:54:09.383`)
* [CVE-2023-46814](CVE-2023/CVE-2023-468xx/CVE-2023-46814.json) (`2023-11-29T18:54:35.827`)
* [CVE-2023-6008](CVE-2023/CVE-2023-60xx/CVE-2023-6008.json) (`2023-11-29T18:58:44.753`)
* [CVE-2023-6160](CVE-2023/CVE-2023-61xx/CVE-2023-6160.json) (`2023-11-29T18:58:52.620`)
* [CVE-2023-48292](CVE-2023/CVE-2023-482xx/CVE-2023-48292.json) (`2023-11-29T20:44:39.200`)
* [CVE-2023-48241](CVE-2023/CVE-2023-482xx/CVE-2023-48241.json) (`2023-11-29T20:49:19.453`)
* [CVE-2023-48240](CVE-2023/CVE-2023-482xx/CVE-2023-48240.json) (`2023-11-29T20:50:43.763`)
* [CVE-2023-48223](CVE-2023/CVE-2023-482xx/CVE-2023-48223.json) (`2023-11-29T20:51:09.670`)
* [CVE-2023-48221](CVE-2023/CVE-2023-482xx/CVE-2023-48221.json) (`2023-11-29T20:51:57.723`)
* [CVE-2023-40363](CVE-2023/CVE-2023-403xx/CVE-2023-40363.json) (`2023-11-29T20:52:14.260`)
* [CVE-2023-48218](CVE-2023/CVE-2023-482xx/CVE-2023-48218.json) (`2023-11-29T20:52:27.770`)
* [CVE-2023-38361](CVE-2023/CVE-2023-383xx/CVE-2023-38361.json) (`2023-11-29T20:52:28.337`)
* [CVE-2023-35762](CVE-2023/CVE-2023-357xx/CVE-2023-35762.json) (`2023-11-29T20:52:44.790`)
* [CVE-2023-43177](CVE-2023/CVE-2023-431xx/CVE-2023-43177.json) (`2023-11-29T20:52:51.427`)
* [CVE-2023-29155](CVE-2023/CVE-2023-291xx/CVE-2023-29155.json) (`2023-11-29T20:52:57.780`)
* [CVE-2023-49090](CVE-2023/CVE-2023-490xx/CVE-2023-49090.json) (`2023-11-29T20:53:05.993`)
* [CVE-2023-48880](CVE-2023/CVE-2023-488xx/CVE-2023-48880.json) (`2023-11-29T20:53:05.993`)
* [CVE-2023-48881](CVE-2023/CVE-2023-488xx/CVE-2023-48881.json) (`2023-11-29T20:53:05.993`)
* [CVE-2023-48882](CVE-2023/CVE-2023-488xx/CVE-2023-48882.json) (`2023-11-29T20:53:05.993`)
* [CVE-2023-6217](CVE-2023/CVE-2023-62xx/CVE-2023-6217.json) (`2023-11-29T20:53:05.993`)
* [CVE-2023-6218](CVE-2023/CVE-2023-62xx/CVE-2023-6218.json) (`2023-11-29T20:53:05.993`)
* [CVE-2023-48294](CVE-2023/CVE-2023-482xx/CVE-2023-48294.json) (`2023-11-29T20:53:09.650`)
* [CVE-2023-48238](CVE-2023/CVE-2023-482xx/CVE-2023-48238.json) (`2023-11-29T20:53:34.610`)
* [CVE-2023-41808](CVE-2023/CVE-2023-418xx/CVE-2023-41808.json) (`2023-11-29T20:56:06.170`)
* [CVE-2023-41807](CVE-2023/CVE-2023-418xx/CVE-2023-41807.json) (`2023-11-29T20:56:44.663`)
* [CVE-2023-41806](CVE-2023/CVE-2023-418xx/CVE-2023-41806.json) (`2023-11-29T20:57:54.670`)
* [CVE-2023-41792](CVE-2023/CVE-2023-417xx/CVE-2023-41792.json) (`2023-11-29T20:58:31.503`)
* [CVE-2023-41791](CVE-2023/CVE-2023-417xx/CVE-2023-41791.json) (`2023-11-29T20:58:51.777`)
* [CVE-2023-41790](CVE-2023/CVE-2023-417xx/CVE-2023-41790.json) (`2023-11-29T20:59:23.030`)
## Download and Usage