diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json index 5f0ce3ef21d..432db829be0 100644 --- a/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json +++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json @@ -2,8 +2,8 @@ "id": "CVE-2021-21633", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2021-03-30T12:16:10.627", - "lastModified": "2023-10-25T18:16:47.797", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:16:38.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json index 0113a94f746..aa72874e4dc 100644 --- a/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json +++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json @@ -2,8 +2,8 @@ "id": "CVE-2021-21638", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2021-03-30T12:16:10.987", - "lastModified": "2023-10-25T18:16:48.263", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:16:32.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -104,7 +104,10 @@ }, { "url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20%282%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json index 1fd187b5700..9a137c41332 100644 --- a/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json +++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json @@ -2,8 +2,8 @@ "id": "CVE-2021-21641", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2021-04-07T14:15:17.093", - "lastModified": "2023-10-25T18:16:48.573", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:18:08.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json index f26e5167bb6..b7f84350202 100644 --- a/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json +++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json @@ -2,8 +2,8 @@ "id": "CVE-2021-21644", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2021-04-21T15:15:08.373", - "lastModified": "2023-10-25T18:16:48.910", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:18:05.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json index 0a2554de9a9..8f58cea47d5 100644 --- a/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json +++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json @@ -2,8 +2,8 @@ "id": "CVE-2021-21652", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2021-05-11T15:15:08.030", - "lastModified": "2023-10-25T18:16:49.753", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:18:01.673", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ @@ -84,7 +96,10 @@ "references": [ { "url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20%281%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-379xx/CVE-2021-37942.json b/CVE-2021/CVE-2021-379xx/CVE-2021-37942.json index 6741492dccc..a8a063a00d9 100644 --- a/CVE-2021/CVE-2021-379xx/CVE-2021-37942.json +++ b/CVE-2021/CVE-2021-379xx/CVE-2021-37942.json @@ -2,16 +2,40 @@ "id": "CVE-2021-37942", "sourceIdentifier": "bressers@elastic.co", "published": "2023-11-22T02:15:42.220", - "lastModified": "2023-11-22T03:36:37.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:33:06.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un problema de escalada de privilegios local con APM Java Agent, donde un usuario del sistema pod\u00eda adjuntar un complemento malicioso a una aplicaci\u00f3n que ejecutaba APM Java Agent. Al utilizar esta vulnerabilidad, un atacante podr\u00eda ejecutar c\u00f3digo con un nivel de permisos potencialmente m\u00e1s alto del que normalmente tiene acceso su usuario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:apm_java_agent:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.18.0", + "versionEndIncluding": "1.27.0", + "matchCriteriaId": "15C93E89-E721-4610-BB53-39D2D24F58CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/apm-java-agent-security-update/291355", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.elastic.co/community/security", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json b/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json index 1ccb4db2c96..16bff09b6fc 100644 --- a/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json +++ b/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0538", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-02-09T14:15:07.893", - "lastModified": "2023-10-25T18:16:54.167", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:15:11.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json index e90117cfeb6..6cea8523a0d 100644 --- a/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json +++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23117", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-01-12T20:15:09.757", - "lastModified": "2023-10-25T18:16:55.690", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:15:51.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-522" } ] } @@ -104,7 +104,10 @@ }, { "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json index 738df0e1945..b70a5fa2c11 100644 --- a/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json +++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23118", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-01-12T20:15:09.807", - "lastModified": "2023-10-25T18:16:55.757", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:15:28.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json index 0025c603581..eebb6375855 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25173", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-02-15T17:15:08.477", - "lastModified": "2023-10-25T18:16:55.830", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:13:14.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json index 61d896d65d5..994e810ed78 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25174", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-02-15T17:15:08.560", - "lastModified": "2023-10-25T18:16:55.910", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:13:01.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -98,7 +98,6 @@ "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463", "source": "jenkinsci-cert@googlegroups.com", "tags": [ - "Issue Tracking", "Patch", "Vendor Advisory" ] diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json index 6f5d961abb4..d558ba19e81 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25175", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-02-15T17:15:08.627", - "lastModified": "2023-10-25T18:16:55.973", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:12:13.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -98,7 +98,6 @@ "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463", "source": "jenkinsci-cert@googlegroups.com", "tags": [ - "Issue Tracking", "Patch", "Vendor Advisory" ] diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json index 4404102d6cd..d4c38809c3f 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25176", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-02-15T17:15:08.697", - "lastModified": "2023-10-25T18:16:56.037", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:12:09.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -98,7 +98,6 @@ "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613", "source": "jenkinsci-cert@googlegroups.com", "tags": [ - "Issue Tracking", "Patch", "Vendor Advisory" ] diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json index 585ddae4a4e..a6dc299c535 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25177", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-02-15T17:15:08.767", - "lastModified": "2023-10-25T18:16:56.097", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:12:05.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -98,7 +98,6 @@ "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613", "source": "jenkinsci-cert@googlegroups.com", "tags": [ - "Issue Tracking", "Patch", "Vendor Advisory" ] diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json index 6aa97178c1e..df2c51e48e8 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25190", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-02-15T17:15:10.147", - "lastModified": "2023-10-25T18:16:56.887", - "vulnStatus": "Modified", + "lastModified": "2023-11-30T19:15:32.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-440xx/CVE-2022-44011.json b/CVE-2022/CVE-2022-440xx/CVE-2022-44011.json index 478592b7a93..73f5c6ae359 100644 --- a/CVE-2022/CVE-2022-440xx/CVE-2022-44011.json +++ b/CVE-2022/CVE-2022-440xx/CVE-2022-44011.json @@ -2,8 +2,8 @@ "id": "CVE-2022-44011", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-23T16:15:07.217", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:58:28.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,95 @@ "value": "Se descubri\u00f3 un problema en ClickHouse antes del 22.9.1.2603. Un usuario autenticado (con la capacidad de cargar datos) podr\u00eda provocar un desbordamiento del b\u00fafer del heap y bloquear el servidor al insertar un objeto CapnProto con formato incorrecto. Las versiones corregidas son 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16 y 22.3.12.19." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.3.12.19", + "matchCriteriaId": "5E491243-850E-42B0-93C1-02A5006E76CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.6", + "versionEndExcluding": "22.6.6.16", + "matchCriteriaId": "8AC646C1-A2E2-4E6F-9312-2AF2B3FAED29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.7", + "versionEndExcluding": "22.7.4.16", + "matchCriteriaId": "2129D28D-F5C8-4824-819B-E27AF634C6BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.8", + "versionEndExcluding": "22.8.2.11", + "matchCriteriaId": "1B7994FF-D269-4F8A-9388-B60BC23A6EA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.9", + "versionEndExcluding": "22.9.1.2603", + "matchCriteriaId": "391AC13C-E2F6-4824-AC29-081AF879666A" + } + ] + } + ] + } + ], "references": [ { "url": "https://clickhouse.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20241.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20241.json index 155115858d6..d9c3d3997b4 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20241.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20241.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20241", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-22T17:15:18.740", - "lastModified": "2023-11-22T17:31:47.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:38:54.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.\r\n\r These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system." + }, + { + "lang": "es", + "value": "M\u00faltiples vulnerabilidades en Cisco Secure Client Software, anteriormente AnyConnect Secure Mobility Client, podr\u00edan permitir que un atacante local autenticado cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un sistema afectado. Estas vulnerabilidades se deben a una lectura de memoria fuera de los l\u00edmites de Cisco Secure Client Software. Un atacante podr\u00eda aprovechar estas vulnerabilidades iniciando sesi\u00f3n en un dispositivo afectado al mismo tiempo que otro usuario accede a Cisco Secure Client en el mismo sistema y luego enviando paquetes manipulados a un puerto en ese host local. Un exploit exitoso podr\u00eda permitir al atacante bloquear el servicio del Agente VPN, provocando que no est\u00e9 disponible para todos los usuarios del sistema. Para explotar estas vulnerabilidades, el atacante debe tener credenciales v\u00e1lidas en un sistema multiusuario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,198 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.00086:*:*:*:*:*:*:*", + "matchCriteriaId": "03B6618B-2E98-480C-AF79-2A9E9BF29CB3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.01095:*:*:*:*:*:*:*", + "matchCriteriaId": "F2CB76BE-7DD7-40D7-A7C7-DDA7079A286F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.02028:*:*:*:*:*:*:*", + "matchCriteriaId": "C87CEF61-99F2-4845-9FDE-4B6ED62637C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03047:*:*:*:*:*:*:*", + "matchCriteriaId": "EA80A4E4-061E-4578-B780-9540AE502E66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03049:*:*:*:*:*:*:*", + "matchCriteriaId": "804366C1-F307-4DC2-9FEA-B4EB60790A32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04043:*:*:*:*:*:*:*", + "matchCriteriaId": "5AD3244A-5CA8-496C-B189-BCD31B0E40C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04053:*:*:*:*:*:*:*", + "matchCriteriaId": "EAB00A32-8571-4685-B448-690F8EE373D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.05042:*:*:*:*:*:*:*", + "matchCriteriaId": "F97CC9FF-FDD3-46A1-9025-BAA83160A504" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.06037:*:*:*:*:*:*:*", + "matchCriteriaId": "FF8E83C4-9C5A-4D84-AB19-A4564BBB6625" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*", + "matchCriteriaId": "8FDBC52F-F851-4DC4-9DED-45F8689F2A00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*", + "matchCriteriaId": "C6D74511-0444-473C-96F7-751C2B9A6ADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*", + "matchCriteriaId": "D89BE767-38C2-4E92-83EB-09E23B48AAF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*", + "matchCriteriaId": "DC77CA23-5750-4E35-AD17-4FE0B351ECFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*", + "matchCriteriaId": "CDE66231-01C3-4807-AB7B-F2A3C2E2200D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*", + "matchCriteriaId": "B003756D-7F3D-4FB9-B3EF-CEAA68334630" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4BD8-23D2-4C32-B090-F33D50BB5805" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*", + "matchCriteriaId": "1EE93BD0-7AAD-4921-A6F1-22F1905F8870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*", + "matchCriteriaId": "222718F2-81E9-40BD-8B2D-ECD70CC423E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*", + "matchCriteriaId": "C1150AC7-8E86-471E-87DD-F4C0D0628261" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*", + "matchCriteriaId": "585A3B8E-8FD1-4B01-9F82-1038BF50A0FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*", + "matchCriteriaId": "61D0138A-EE54-420B-A11B-4580DD130FBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*", + "matchCriteriaId": "D45B8E46-AE9E-44F6-B58E-5AF7A32D499B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*", + "matchCriteriaId": "FAB896B8-535A-494F-AA21-3DA56CD7A540" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*", + "matchCriteriaId": "7B7B74D9-7D43-48B2-AE6F-4FE75DB1DF61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*", + "matchCriteriaId": "86B5EB44-F814-49AB-BAD2-3E02E9707377" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*", + "matchCriteriaId": "C33CF946-24CD-471E-8448-445E629789BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*", + "matchCriteriaId": "9E39EE52-4A48-430E-A7A5-29276EE51B03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*", + "matchCriteriaId": "781CEBDC-3A42-47BA-8509-E35AB6BB56C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*", + "matchCriteriaId": "ADF3D714-0475-4E30-8245-159C5BA68F11" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*", + "matchCriteriaId": "BA2D666F-5EBF-41B7-89C1-32BCF65DABEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25952.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25952.json index 49128ed32d6..9e3437d32e4 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25952.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25952.json @@ -2,16 +2,40 @@ "id": "CVE-2023-25952", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:20.123", - "lastModified": "2023-11-14T19:30:32.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:54:20.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en algunos controladores Intel(R) Arc(TM) e Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,71 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27102.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27102.json index 64a714f3f1f..627396ed44c 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27102.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27102.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27102", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T15:15:09.617", - "lastModified": "2023-03-20T20:25:55.293", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T19:15:10.713", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -72,6 +72,10 @@ "Issue Tracking", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27103.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27103.json index b701c503592..e303d393ce5 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27103.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27103.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27103", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T15:15:09.670", - "lastModified": "2023-03-17T19:28:38.297", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T19:15:10.800", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -72,6 +72,10 @@ "Issue Tracking", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27305.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27305.json index d0c030d0d3b..d128251c4af 100644 --- a/CVE-2023/CVE-2023-273xx/CVE-2023-27305.json +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27305.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27305", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:20.473", - "lastModified": "2023-11-14T19:30:32.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:53:45.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Los permisos predeterminados incorrectos en algunos controladores Intel(R) Arc(TM) e Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,71 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27453.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27453.json index fe140414561..a4dd5256496 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27453.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27453.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27453", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:09.150", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:46:04.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <=\u00a02.3.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LWS LWS Tools en versiones <=2.3.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lws:lws_tools:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.1", + "matchCriteriaId": "2E5B2842-C938-4E10-88F7-B4F682F1F702" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27457.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27457.json index 2df1e16044c..07fc2d67e2a 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27457.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27457.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27457", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:09.333", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:44:39.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <=\u00a02.7 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Passionate Brains Add Expires Headers & Optimized Minify en versiones <=2.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:passionatebrains:add_expires_headers_\\&_optimized_minify:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.7", + "matchCriteriaId": "884032D8-6C1C-4A54-88EF-A1002474116B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/add-expires-headers/wordpress-add-expires-headers-optimized-minify-plugin-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27458.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27458.json index 8e4fd70e115..99bd5c8eb41 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27458.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27458.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27458", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:09.520", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:41:51.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <=\u00a04.4.10 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento wpstream WpStream en versiones <=4.4.10." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpstream:wpstream:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.4.10", + "matchCriteriaId": "6E79A0BE-EE4E-4C01-9A88-E2D072D1621C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wpstream/wordpress-wpstream-live-streaming-video-on-demand-pay-per-view-plugin-4-4-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27633.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27633.json index 8f42785330b..79b1f28192b 100644 --- a/CVE-2023/CVE-2023-276xx/CVE-2023-27633.json +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27633.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27633", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:09.920", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:19:27.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify \u2013 Intuitive Website Styling plugin <=\u00a02.10.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pixelgrade Customify \u2013 Intuitive Website Styling en versiones <=2.10.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pixelgrade:customify:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.10.4", + "matchCriteriaId": "31F486B4-9293-4C09-A7A5-CC0ED9643415" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/customify/wordpress-customify-plugin-2-10-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33202.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33202.json index 8f3786e72be..a86837fb69e 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33202.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33202.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33202", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-23T16:15:07.273", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:49:49.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Bouncy Castle para Java anterior a 1.73 contiene un posible problema de denegaci\u00f3n de servicio (DoS) dentro de la clase Bouncy Castle org.bouncycastle.openssl.PEMParser. Esta clase analiza secuencias codificadas OpenSSL PEM que contienen certificados X.509, claves codificadas PKCS8 y objetos PKCS7. El an\u00e1lisis de un archivo que ha creado datos ASN.1 a trav\u00e9s de PEMParser provoca un OutOfMemoryError, que puede permitir un ataque de denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bouncycastle:bouncy_castle_for_java:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.73", + "matchCriteriaId": "A450303D-AF6E-4A81-BE1C-F744B728AC27" + } + ] + } + ] + } + ], "references": [ { "url": "https://bouncycastle.org", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33706.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33706.json index cf78152e540..7322ad3d30a 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33706.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33706.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33706", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-24T02:15:42.323", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:28:16.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,74 @@ "value": "SysAid anterior a 23.2.15 permite que los ataques de Indirect Object Reference (IDOR) lean datos de tickets a trav\u00e9s de un par\u00e1metro sid modificado en EmailHtmlSourceIframe.jsp o un par\u00e1metro srID modificado en ShowMessage.jsp." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*", + "versionEndExcluding": "23.2.15", + "matchCriteriaId": "97785D07-2E5D-4F37-B1FC-898B87B91A76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:cloud:*:*:*", + "versionEndExcluding": "23.2.50", + "matchCriteriaId": "F65F2B7D-04B1-4DBC-9283-FC10C428D79E" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.pridesec.com.br/en/insecure-direct-object-reference-idor-affects-helpdesk-sysaid/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36419.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36419.json index 2bfacb896b5..5e20fa1b452 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36419.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36419.json @@ -2,12 +2,12 @@ "id": "CVE-2023-36419", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:12.300", - "lastModified": "2023-10-13T18:31:30.537", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T19:15:10.983", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability" + "value": "Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3631.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3631.json index 06b82334bdf..19f6b57470e 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3631.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3631.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3631", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-11-23T10:15:07.523", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:54:58.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:medart_notification_panel_project:medart_notification_panel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-11-23", + "matchCriteriaId": "75FEE7A4-520F-4FB1-8FBA-0C3E2B0AA312" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0656", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38156.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38156.json index 7fc6ebe9e68..3e20bb34d83 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38156.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38156.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38156", "sourceIdentifier": "secure@microsoft.com", "published": "2023-09-12T17:15:21.123", - "lastModified": "2023-09-14T18:51:33.217", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T19:15:12.907", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability" + "value": "Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios de Azure HDInsight Apache Ambari" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json index 8607ea49316..0ae9b39e57d 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39978", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-08T06:15:47.790", - "lastModified": "2023-11-07T04:17:41.990", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-30T19:26:53.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -62,6 +62,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + } + ] + } + ] } ], "references": [ @@ -88,7 +103,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43887.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43887.json index 37d2cb78715..d263697e35d 100644 --- a/CVE-2023/CVE-2023-438xx/CVE-2023-43887.json +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43887", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T18:15:08.747", - "lastModified": "2023-11-30T05:43:21.497", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T19:15:13.260", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Issue Tracking", "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json index 289d1ba23d8..41dac98c428 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45328", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:11.947", - "lastModified": "2023-11-08T23:17:15.513", + "lastModified": "2023-11-30T19:26:14.930", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45336.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45336.json index a03b9029cb7..f17f1d94c81 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45336.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45336.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45336", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.543", - "lastModified": "2023-11-08T00:52:59.970", + "lastModified": "2023-11-30T19:26:19.557", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json index 24f6baa625b..43529280b7d 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45337", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.627", - "lastModified": "2023-11-08T00:53:05.587", + "lastModified": "2023-11-30T19:26:09.433", "vulnStatus": "Analyzed", "descriptions": [ { @@ -69,8 +69,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json index 38503c0f99d..40730f43d12 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45339", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.713", - "lastModified": "2023-11-08T00:53:10.663", + "lastModified": "2023-11-30T19:26:06.280", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45340.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45340.json index 25a21c18a5e..ec258472444 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45340.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45340.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45340", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.793", - "lastModified": "2023-11-08T00:53:16.033", + "lastModified": "2023-11-30T19:26:02.887", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45341.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45341.json index b2c641703a9..3add4c3dbbd 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45341.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45341.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45341", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.870", - "lastModified": "2023-11-08T00:53:21.763", + "lastModified": "2023-11-30T19:25:57.807", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45342.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45342.json index 02e9321d759..d9b585358f4 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45342.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45342.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45342", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.957", - "lastModified": "2023-11-08T00:53:30.717", + "lastModified": "2023-11-30T19:25:52.993", "vulnStatus": "Analyzed", "descriptions": [ { @@ -79,8 +79,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45343.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45343.json index ff3fce60651..e33920fb101 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45343.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45343.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45343", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:13.033", - "lastModified": "2023-11-08T00:53:35.723", + "lastModified": "2023-11-30T19:19:24.807", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2" + "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" } ] } diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46673.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46673.json index e0c130aba19..fc3711dd102 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46673.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46673.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46673", "sourceIdentifier": "bressers@elastic.co", "published": "2023-11-22T10:15:08.417", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:22:45.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -50,14 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.17.14", + "matchCriteriaId": "B5D858CC-723F-44C8-A3EF-90563359D58F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.10.3", + "matchCriteriaId": "ACB218DA-EF68-46A0-9249-7FB7286CE35F" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.elastic.co/community/security", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json index 70954346d56..43b3e232473 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47250", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T18:15:08.883", - "lastModified": "2023-11-28T17:15:08.327", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:55:39.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,27 +14,111 @@ "value": "En mprivacy-tools anterior a 2.0.406g en m-privacy TightGate-Pro Server, el control de acceso roto en los sockets del servidor X11 permite a atacantes autenticados (con acceso a una sesi\u00f3n VNC) acceder a los escritorios X11 de otros usuarios especificando su ID DE PANTALLA. Esto permite un control total de su escritorio, incluida la capacidad de inyectar pulsaciones de teclas y realizar un ataque de registro de teclas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-privacy:mprivacy-tools:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.0.406g", + "matchCriteriaId": "96183115-3343-4926-BA00-BC1918E154EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-privacy:rsbac-policy-tgpro:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.159", + "matchCriteriaId": "70C841E9-B3AC-4751-B687-20BE31B8B3FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-privacy:tightgatevnc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.2-1", + "matchCriteriaId": "E8C3B7A9-F7EA-490E-8DD4-E2D0E3F3634D" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json index 29aad92b49f..53dbce9b16f 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47251", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T18:15:08.930", - "lastModified": "2023-11-28T17:15:08.370", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:49:57.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,27 +14,105 @@ "value": "En mprivacy-tools anterior a 2.0.406g en m-privacy TightGate-Pro Server, un Directory Traversal en la funci\u00f3n de impresi\u00f3n del servicio VNC permite a atacantes autenticados (con acceso a una sesi\u00f3n de VNC) transferir autom\u00e1ticamente documentos PDF maliciosos movi\u00e9ndolos al directorio .spool y luego env\u00eda una se\u00f1al al servicio VNC, que los transfiere autom\u00e1ticamente al sistema de archivos del cliente VNC conectado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-privacy:mprivacy-tools:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.406g", + "matchCriteriaId": "3C0366BD-EE82-49FD-9EE8-120930841307" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-privacy:tightgatevnc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.2-1", + "matchCriteriaId": "E8C3B7A9-F7EA-490E-8DD4-E2D0E3F3634D" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47467.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47467.json index b0dd771c74d..cbb90b6dfae 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47467.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47467.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47467", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T18:15:08.980", - "lastModified": "2023-11-22T19:00:49.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:44:34.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "La vulnerabilidad de Directory Traversal en jeecg-boot v.3.6.0 permite a un atacante remoto con privilegios obtener informaci\u00f3n confidencial a trav\u00e9s de la estructura del directorio de archivos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecg-boot:3.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "10124934-5F0D-46B1-822E-7D47BA2C3380" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.yuque.com/u2479829/tegvu8/dvmfdl5fssfen05q", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47471.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47471.json index 45023bdd71f..c78a29f5cde 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47471.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47471", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T04:15:06.857", - "lastModified": "2023-11-29T20:27:28.787", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T19:15:13.313", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Issue Tracking", "Vendor Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48039.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48039.json index 18d5537f8ea..bc11301a8ae 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48039.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48039.json @@ -2,19 +2,80 @@ "id": "CVE-2023-48039", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T15:15:09.820", - "lastModified": "2023-11-20T19:18:51.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:33:32.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75." + }, + { + "lang": "es", + "value": "GPAC 2.3-DEV-rev617-g671976fcc-master es vulnerable a p\u00e9rdidas de memoria en gf_mpd_parse_string media_tools/mpd.c:75." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev617-g671976fcc-master:*:*:*:*:*:*:*", + "matchCriteriaId": "F540C691-D615-4A9B-8DD6-69B8488E3BA1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/gpac/gpac/issues/2679", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48042.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48042.json index a72a08c107a..d73ab137a8e 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48042.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48042.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48042", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-28T13:15:07.410", - "lastModified": "2023-11-30T07:15:07.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:36:48.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Amazzing Filter para Prestashop hasta 3.2.2 es vulnerable a Cross-Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:communitydeveloper:amazzing_filter:*:*:*:*:*:prestashop:*:*", + "versionEndIncluding": "3.2.5", + "matchCriteriaId": "52889FC2-6611-427B-8436-8DD406154AF5" + } + ] + } + ] + } + ], "references": [ { "url": "https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48090.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48090.json index d82b5d7e935..035c9537b2e 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48090.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48090.json @@ -2,19 +2,80 @@ "id": "CVE-2023-48090", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T15:15:09.863", - "lastModified": "2023-11-20T19:18:51.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:34:31.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329." + }, + { + "lang": "es", + "value": "GPAC 2.3-DEV-rev617-g671976fcc-master es vulnerable a p\u00e9rdidas de memoria en extract_attributes media_tools/m3u8.c:329." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev617-g671976fcc-master:*:*:*:*:*:*:*", + "matchCriteriaId": "F540C691-D615-4A9B-8DD6-69B8488E3BA1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/gpac/gpac/issues/2680", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48105.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48105.json index 94e602a0f00..a9d7b940ce7 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48105.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48105.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48105", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T23:15:10.617", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:33:32.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,89 @@ "value": "Se descubri\u00f3 una vulnerabilidad de desbordamiento del heap en Bytecode alliance wasm-micro-runtime v.1.2.3 que permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n wasm_loader_prepare_bytecode en core/iwasm/interpreter/wasm_loader.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:1.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "438EEBB6-205A-496A-A009-321357C86154" + } + ] + } + ] + } + ], "references": [ { "url": "http://bytecode.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "http://wasm-micro-runtime.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/bytecodealliance/wasm-micro-runtime/issues/2726", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/bytecodealliance/wasm-micro-runtime/pull/2734/commits/4785d91b16dd49c09a96835de2d9c7b077543fa4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48176.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48176.json index 67fa7a31611..3f2e3f3663d 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48176.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48176.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48176", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T22:15:07.187", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:21:54.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token)." + }, + { + "lang": "es", + "value": "Un problema de permisos inseguros en WebsiteGuide v.0.2 permite a un atacante remoto obtener privilegios escalados a trav\u00e9s de jwt (token web JSON) manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mizhexiaoxiao:websiteguide:0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3ACDB3F2-177A-4CB3-96A0-38F1B3F4B9F0" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://prairie-steed-4d7.notion.site/WebsiteGuide-vulnerability-analysis-33a701c4fbf24555bffde17da0c73d8d?pvs=4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48303.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48303.json index bb9c2c25503..8563fddc347 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48303.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48303.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48303", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-21T22:15:07.893", - "lastModified": "2023-11-22T03:36:44.963", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:02:48.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available." + }, + { + "lang": "es", + "value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y anteriores a las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server, los administradores pueden cambiar los detalles de autenticaci\u00f3n del almacenamiento externo configurado por el usuario. Las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server contienen un parche para este problema. No hay workarounds conocidos disponibles." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +80,82 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.11", + "matchCriteriaId": "CFCB9CDB-F661-496E-86B7-25B228A3C90E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.11", + "matchCriteriaId": "37949CD5-0B2D-40BE-83C8-E6A03CD0F7C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.6", + "matchCriteriaId": "9E2008E1-AFAE-40F5-8D64-A019F2222AA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.6", + "matchCriteriaId": "4C98058B-06EF-446E-A39D-F436627469C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.0", + "matchCriteriaId": "B8F5C07F-E133-4C54-B9A7-95A38086B28A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.0", + "matchCriteriaId": "E29703CE-0A92-47F3-96AE-0AC27641ECDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2448-44rp-c7hh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/server/pull/39895", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://hackerone.com/reports/2107934", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48312.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48312.json index 02cc27a1f75..08bbdbf4a7d 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48312.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48312.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48312", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-24T18:15:07.127", - "lastModified": "2023-11-27T13:52:21.813", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:21:40.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clastix:capsule-proxy:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.4.5", + "matchCriteriaId": "9337A5E5-9358-466F-9BEF-D1EE51DD5A18" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48707.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48707.json index 08a76b76fab..0e236684435 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48707.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48707.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48707", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-24T18:15:07.327", - "lastModified": "2023-11-27T13:52:21.813", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:14:16.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,67 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta:*:*:*:*:*:*", + "matchCriteriaId": "B1E3F1E0-C2D7-4EC5-AD04-AEB414A3D71C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "8DDA8B62-EE63-40C0-9F2C-23F56B225F49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "4F37B4E1-D641-4D55-9D3F-FB3B18934FE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "3361F9CD-A084-4437-BF22-08A558C326B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "AEF20FB8-F114-4B54-8CEF-739433359E21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "340EBC7C-51FC-4792-A0A4-A323219D1551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "061CA3F7-EDAD-4D04-AFBC-9ABD22470AF1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/codeigniter4/shield/commit/f77c6ae20275ac1245330a2b9a523bf7e6f6202f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-v427-c49j-8w6x", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48708.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48708.json index 22e0af9d062..44617c1b3c3 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48708.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48708", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-24T18:15:07.520", - "lastModified": "2023-11-27T13:52:21.813", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:11:33.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,75 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta:*:*:*:*:*:*", + "matchCriteriaId": "B1E3F1E0-C2D7-4EC5-AD04-AEB414A3D71C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "8DDA8B62-EE63-40C0-9F2C-23F56B225F49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "4F37B4E1-D641-4D55-9D3F-FB3B18934FE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "3361F9CD-A084-4437-BF22-08A558C326B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "AEF20FB8-F114-4B54-8CEF-739433359E21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "340EBC7C-51FC-4792-A0A4-A323219D1551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "061CA3F7-EDAD-4D04-AFBC-9ABD22470AF1" + } + ] + } + ] + } + ], "references": [ { "url": "https://codeigniter4.github.io/shield/getting_started/authenticators/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48712.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48712.json index f4a34a427b3..f2831f2502f 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48712.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48712.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48712", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-24T17:15:08.453", - "lastModified": "2023-11-27T13:52:21.813", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:26:37.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.8.1", + "matchCriteriaId": "598C2B38-2E7C-442E-8D61-5799221F6781" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49105.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49105.json index 6fbc0b42a52..69ad1ca0543 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49105.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49105.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49105", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-21T22:15:08.613", - "lastModified": "2023-11-22T03:36:37.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:28:59.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en ownCloud owncloud/core antes de la versi\u00f3n 10.13.1. Un atacante puede acceder, modificar o eliminar cualquier archivo sin autenticaci\u00f3n si conoce el nombre de usuario de la v\u00edctima y la v\u00edctima no tiene una clave de firma configurada. Esto ocurre porque las URL prefirmadas se pueden aceptar incluso cuando no se configura ninguna clave de firma para el propietario de los archivos. La primera versi\u00f3n afectada es la 10.6.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.13.1", + "matchCriteriaId": "117F6462-A2A3-46CB-B795-79C72AF275A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://owncloud.org/security", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49208.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49208.json index 01ebb13baf9..746be862cb8 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49208.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49208", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-23T18:15:07.410", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:47:45.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "esquema/webauthn.c en el servidor SSO de Glewlwyd anterior a 2.7.6 tiene un posible desbordamiento del b\u00fafer durante la validaci\u00f3n de las credenciales FIDO2 en el registro de webauthn." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glewlwyd_sso_server_project:glewlwyd_sso_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.7.6", + "matchCriteriaId": "538BFBDD-EC3D-4FD6-9121-D9D8A1213558" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/babelouest/glewlwyd/releases/tag/v2.7.6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49210.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49210.json index 37d28ec6096..0726f23e02e 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49210.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49210.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49210", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-23T20:15:07.157", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:30:16.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,82 @@ "value": "El paquete NPM openssl (tambi\u00e9n conocido como node-openssl) hasta 2.0.0 fue caracterizado por su autor como \"un contenedor sin sentido sin ning\u00fan prop\u00f3sito real\" y acepta un argumento opts que contiene un campo verbal (usado para la ejecuci\u00f3n de comandos). NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:node-openssl_project:node-openssl:*:*:*:*:*:node.js:*:*", + "versionEndIncluding": "2.0.0", + "matchCriteriaId": "6BC1E54D-5E58-4AAF-91F2-689D0B1897B4" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/ossf/malicious-packages/tree/main/malicious/npm", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.npmjs.com/package/openssl", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49298.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49298.json index 82b8e620bef..e6518a3b6b9 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49298.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49298.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49298", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-24T19:15:07.587", - "lastModified": "2023-11-27T13:52:21.813", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:10:45.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,27 +14,119 @@ "value": "OpenZFS hasta 2.1.13 y 2.2.x hasta 2.2.1, en ciertos escenarios que involucran aplicaciones que intentan confiar en la copia eficiente de datos de archivos, puede reemplazar el contenido del archivo con bytes de valor cero y, por lo tanto, potencialmente deshabilitar los mecanismos de seguridad. NOTA: este problema no siempre est\u00e1 relacionado con la seguridad, pero puede estar relacionado con la seguridad en situaciones realistas. Un posible ejemplo es cp, de una versi\u00f3n reciente de GNU Core Utilities (coreutils), cuando se intenta preservar un conjunto de reglas para denegar el acceso no autorizado. (Se puede usar cp al configurar el control de acceso, como con el archivo /etc/hosts.deny especificado en la referencia de soporte de IBM). NOTA: este problema ocurre con menos frecuencia en la versi\u00f3n 2.2.1 y en versiones anteriores a la 2.1.4. debido a la configuraci\u00f3n predeterminada en esas versiones." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openzfs:openzfs:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.1.13", + "matchCriteriaId": "FCB5B44F-BC91-4DBC-A67B-96D577834ACB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openzfs:openzfs:2.2.0:-:*:*:*:*:*:*", + "matchCriteriaId": "9119E75A-14D2-4C8A-9AD0-97257DE45EC9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*", + "matchCriteriaId": "FA25530A-133C-4D7C-8993-D5C42D79A0B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/openzfs/zfs/issues/15526", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/openzfs/zfs/pull/15571", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://news.ycombinator.com/item?id=38405731", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5047.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5047.json index f1b3ebe6d96..9fc86c070d7 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5047.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5047.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5047", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-11-22T12:15:22.587", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:24:29.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.This issue affects DRDrive: before 20231006.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en DRD Fleet Leasing DRDrive permite la inyecci\u00f3n SQL. Este problema afecta a DRDrive: antes de 20231006." } ], "metrics": { @@ -46,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:drd:drdrive:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.10.06", + "matchCriteriaId": "509E5AD3-E090-4E8B-B04A-1C97BCC78853" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0651", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5325.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5325.json index ed66880769e..656072bbeff 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5325.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5325.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5325", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-27T17:15:08.833", - "lastModified": "2023-11-27T19:03:35.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:14:11.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS" + }, + { + "lang": "es", + "value": "El complemento Woocommerce Vietnam Checkout de WordPress anterior a 2.0.6 no escapa del campo de tel\u00e9fono de env\u00edo personalizado ni del formulario de pago que conduce a XSS" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:levantoan:woocommerce_vietnam_checkout:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.6", + "matchCriteriaId": "F796D8AE-E643-4668-BB9A-5268E128923D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/e93841ef-e113-41d3-9fa1-b21af85bd812", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5525.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5525.json index eb43f1de7b1..ab753648ea3 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5525.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5525.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5525", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-27T17:15:08.880", - "lastModified": "2023-11-27T19:03:35.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:15:18.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin." + }, + { + "lang": "es", + "value": "El complemento Limit Login Attempts Reloaded de WordPress anterior al 2.25.26 le falta autorizaci\u00f3n en la acci\u00f3n AJAX `toggle_auto_update`, lo que permite a cualquier usuario con un nonce v\u00e1lido alternar el estado de actualizaci\u00f3n autom\u00e1tica del complemento." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.25.26", + "matchCriteriaId": "F17FBCF8-878C-42FF-A129-03D1BC380483" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/654bad15-1c88-446a-b28b-5a412cc0399d", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5559.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5559.json index 93b4fbcee1c..24fbe29d780 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5559.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5559.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5559", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-27T17:15:08.927", - "lastModified": "2023-11-27T19:03:35.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:19:30.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service." + }, + { + "lang": "es", + "value": "El complemento 10Web Booster de WordPress anterior al 24.2.18 no valida el nombre de opci\u00f3n dado a algunas acciones AJAX, lo que permite a usuarios no autenticados eliminar opciones arbitrarias de la base de datos, lo que lleva a la denegaci\u00f3n de servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:10web:10web_booster:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.24.18", + "matchCriteriaId": "3DAA777F-5807-4D4F-8A86-E904B2A70665" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5560.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5560.json index f4b33fd9dbb..4ea224e3b99 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5560.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5560.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5560", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-27T17:15:08.980", - "lastModified": "2023-11-27T19:03:35.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:19:52.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento WP-UserOnline de WordPress anterior a 2.88.3 no sanitiza ni escapa del encabezado X-Forwarded-For antes de mostrar su contenido en la p\u00e1gina, lo que permite a usuarios no autenticados realizar ataques de Cross Site Scripting." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lesterchan:wp-useronline:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.88.3", + "matchCriteriaId": "B5A0CE27-B2BE-4A49-9A77-D7E6A2148BAD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/55d23184-fc5a-4090-b079-142407b59b05", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5921.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5921.json index 147f4304900..7adb4ddbe1d 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5921.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5921.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5921", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-11-22T09:15:07.690", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:38:44.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "iletisim@usom.gov.tr", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:decesoftware:geodi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.0.0.27396", + "matchCriteriaId": "67D33BAA-FCF4-412B-A8FF-7E62F7D5A13A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0650", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5972.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5972.json index c326e4b46e2..0be1014388b 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5972.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5972.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5972", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-23T18:15:07.470", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:31:31.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,22 +80,169 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.1", + "versionEndIncluding": "6.5.10", + "matchCriteriaId": "C209B2AA-EBB7-4A9E-9B86-4DF1632B47B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", + "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", + "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", + "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", + "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*", + "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*", + "matchCriteriaId": "C64BDD9D-C663-4E75-AE06-356EDC392B82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*", + "matchCriteriaId": "26544390-88E4-41CA-98BF-7BB1E9D4E243" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "5283F553-3742-412C-8FBF-5C48E60E7F73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "BDDE77B0-4959-484D-B7B5-815682FA0EA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "7AA287BA-AA71-4071-814E-FDBA6EAA3B8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc4:*:*:*:*:*:*", + "matchCriteriaId": "8939DBFF-1DFD-4F1D-B01F-75E0F10493A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc5:*:*:*:*:*:*", + "matchCriteriaId": "410F4BA6-C7AA-4235-BDF2-D9DDC3C155D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc6:*:*:*:*:*:*", + "matchCriteriaId": "5403B74F-D6F6-4B8E-8F5A-4468D15A47CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", + "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*", + "matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-5972", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248189", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5983.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5983.json index dfc0291779f..c974b00de43 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5983.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5983.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5983", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-11-22T12:15:22.777", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:28:56.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.\n\n" + }, + { + "lang": "es", + "value": "La exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Botanik Software Pharmacy Automation permite recuperar datos confidenciales incrustados. Este problema afecta a Pharmacy Automation: antes de 2.1.133.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "iletisim@usom.gov.tr", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:botanikyazilim:pharmacy_automation:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.1.133.0", + "matchCriteriaId": "CFA2AD8F-0F17-492E-A498-61E996ABE56F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0652", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6251.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6251.json index a943f47f6f2..3917964d9a0 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6251.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6251.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6251", "sourceIdentifier": "security@checkmk.com", "published": "2023-11-24T09:15:09.903", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:26:53.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -50,10 +80,620 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "25E96088-0FA2-49FD-B93D-5AFC9605289E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "EDB60B12-F724-40C7-8EB2-1270484E88F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "F646D243-433E-46F9-9E8E-E4F734F9E648" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "D1C14080-79C9-4620-AD1F-6CB46F0F74D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p32:*:*:*:*:*:*", + "matchCriteriaId": "4AECE1FE-F3D1-4FF0-BDF9-F39FFCBF52E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p33:*:*:*:*:*:*", + "matchCriteriaId": "C2F79F99-5F46-48A7-BEE7-1551CD56C2F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p34:*:*:*:*:*:*", + "matchCriteriaId": "2EB6F9D4-13D2-4218-96EF-64C2126369DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p35:*:*:*:*:*:*", + "matchCriteriaId": "62841559-BDA0-4B67-932A-007D91BFBD14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p36:*:*:*:*:*:*", + "matchCriteriaId": "F6F22F4E-4A8A-4A7B-A01A-50E9BEA019DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p37:*:*:*:*:*:*", + "matchCriteriaId": "C1467012-F4CD-4547-A761-50B5F478A055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p38:*:*:*:*:*:*", + "matchCriteriaId": "200EE0FA-D641-4612-8048-3B00997CBB42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p39:*:*:*:*:*:*", + "matchCriteriaId": "62ACFC37-4F2A-4C2F-B960-D7AEEADBDDBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*", + "matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "B8E358A9-0430-4EF1-8557-7F1C088FFF48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "4B0AF395-FDC7-4321-9E00-C935641C138B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "59B9CCED-806F-47EF-B5B6-441AADCB4B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "FAED2CD5-A2CE-438C-8ED7-338D9D61FBD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "F08A96EF-FD2E-4D45-884B-349869649C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "E80D718E-66B6-4FC6-911D-C264F2C891C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "174BF76A-00C5-4ECD-937D-FE66851D3979" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "F43DBAE4-FEF9-431E-AE82-31C7944CA830" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "7AF612FF-7441-41C4-96C2-36A15E45FF93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "5FFBF793-48E0-48DB-9C12-1C4A5805009E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "B6A2F0DB-CA73-4F14-8099-7A29BADC1F4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "5D23ECB8-9C2C-4BA5-ADD6-248FD2CFF37A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "9958D126-EF50-4ED7-85A3-6E5120EFB931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "5D9B3F5F-158A-4C43-A894-1A55D1D758FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "17729C6D-3DD1-4082-B3AF-B53770304F7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "2E34014C-90A0-4ABB-A15F-73E83F312246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "C0DCB95E-CC14-40BF-A7E4-1CD9075E2785" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "E1AA25FE-FA1B-4525-99B8-1098E75BDC5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "073ED1BF-B3FE-4CC4-A279-15981DBC0BE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "BA067A60-3B6A-4C3B-8934-E2725199EE39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "DD42912A-092C-4FD9-9874-5B04989164C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p32:*:*:*:*:*:*", + "matchCriteriaId": "E26E5640-8396-4B9C-890F-E9598CEB08FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p33:*:*:*:*:*:*", + "matchCriteriaId": "82CBA4CB-FCEE-4D33-8127-944D914A8F5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p34:*:*:*:*:*:*", + "matchCriteriaId": "DE6414DD-DA34-4FE7-B976-A6898B454E60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p35:*:*:*:*:*:*", + "matchCriteriaId": "0CB08010-2416-469D-8B27-212F28BF62EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p36:*:*:*:*:*:*", + "matchCriteriaId": "8F66346B-4A8A-4323-B197-B5D4D949FCEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:-:*:*:*:*:*:*", + "matchCriteriaId": "8EC2C076-C4C6-4C9A-84FE-B47E835AA0E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "A954DDB4-ACF5-4D74-B735-0BB14762457C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "F4E9D8E0-ECFF-4987-8189-F6A5917D39B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "7CDF16A7-E9BC-488B-A0DF-91B7F79C2D7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "EF3C4AB5-966A-46CD-8774-7BD4115FC80B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "580C70A7-387E-4650-9DBA-D7AA0BFDB1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "343C5CD6-48ED-4693-BC2A-549A43F02931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "18F1E6EC-5866-4338-9772-92EB01E0A184" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "57C08697-674F-4924-A5A2-40F1E2BF2059" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "AB444D23-88E8-4AFE-9F1E-56AE4ADF7644" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "050E9020-9E83-4198-B550-F554686DCC36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "5D3DFD03-89BF-433F-B14C-8B46AD5146F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "50D06254-A368-4DE1-8734-1DC49002FBB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "489B86C6-FDD3-4569-B330-86CF51B533B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "50456E0E-0597-4E90-9BFC-1384800ED073" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "0A7E61FE-E2B2-434F-8DFB-BF6AB78B8DE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "E9F4C18C-D62E-47F5-A309-D0BC9CFB990C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "DAFBA752-75C7-4514-AC75-CE7D78AE9F96" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "57BA8394-7755-45E0-8B4D-B37A8A5B5DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "D6A02DB9-71F6-429F-A084-D811AD016CBA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "AC520584-54C8-445C-8898-CEFE1E1CC59F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "DA73CA36-D5F7-4C8D-B574-7DBF29220C82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "32F5CD0B-98FD-4076-A33A-A12FA8F89F24" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "46DC1573-56A8-48E7-ABB8-45406AA252AE" + } + ] + } + ] + } + ], "references": [ { "url": "https://checkmk.com/werk/16224", - "source": "security@checkmk.com" + "source": "security@checkmk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json index 4ef2822e34f..73e786441c3 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6277", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-24T19:15:07.643", - "lastModified": "2023-11-27T13:52:21.813", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:05:33.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,22 +80,99 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FFD25C1-A304-486F-A36B-7167EEF33388" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6277", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251311", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/614", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/545", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6293.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6293.json index eb29079988f..d5d36cc582d 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6293.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6293.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6293", "sourceIdentifier": "security@huntr.dev", "published": "2023-11-24T20:15:07.293", - "lastModified": "2023-11-27T13:52:15.377", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:55:33.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -50,14 +72,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sequelizejs:sequelize-typescript:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "2.1.6", + "matchCriteriaId": "90D60CEC-FA6E-44DE-9975-731B18314733" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6298.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6298.json index 78006542105..d4870d186ac 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6298.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6298.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6298", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-26T23:15:07.657", - "lastModified": "2023-11-27T13:52:15.377", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:12:10.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:itextpdf:itext:8.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "744BE782-8089-47EC-8D71-4E8FB9576F54" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/drive/folders/1OBAeGH_rNfa1os6g6QlIt4pL-2NKHZm_?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.246124", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.246124", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6299.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6299.json index ce31568f1c0..5120e394aea 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6299.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6299.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6299", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-26T23:15:07.883", - "lastModified": "2023-11-29T17:15:07.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:09:27.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:itextpdf:itext:8.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "CAE116EF-8351-440A-BF9A-90B4A51AADAB" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-Bugfixesandmiscellaneous", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.246125", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.246125", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6302.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6302.json index 4e92577ce67..e345e3bea67 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6302.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6302.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6302", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-27T00:15:07.820", - "lastModified": "2023-11-27T13:52:15.377", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:59:45.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cskaza:cszcms:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "84E1FF54-382F-4529-BA1D-9AD4DCA94A58" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/t34t/CVE/blob/main/CSZCMS/Code-Execution-Vulnerability-in-cszcmsV1.3.0.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.246128", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.246128", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6303.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6303.json index ca1fff92709..8c264466ee8 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6303.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6303.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6303", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-27T00:15:08.040", - "lastModified": "2023-11-27T13:52:15.377", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:58:47.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cskaza:cszcms:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "84E1FF54-382F-4529-BA1D-9AD4DCA94A58" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/t34t/CVE/blob/main/CSZCMS/0-Store-XSS-Vulnerability-in-cszcmsV1.3.0.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.246129", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.246129", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6313.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6313.json index 9144d06c9c8..c6081a3251f 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6313.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6313.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6313", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-27T03:15:07.650", - "lastModified": "2023-11-27T13:52:09.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T19:57:47.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:url_shortener_project:url_shortener:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2A6B8BB2-48CE-4525-8AB9-F76C86D722BA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/url-shortener.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.246139", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.246139", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6359.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6359.json index 371e7c9b632..174119681d3 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6359.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6359.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6359", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-28T12:15:07.647", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T20:36:00.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grupoalumne:alumne_lms:4.0.0.1.08:*:*:*:*:*:*:*", + "matchCriteriaId": "AA92E833-F522-41E1-B681-ECFFE59396CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-alumne-lms", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json index a81bbb66730..ec14f6ea6c1 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6375", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2023-11-30T18:15:09.523", - "lastModified": "2023-11-30T18:18:28.713", + "lastModified": "2023-11-30T19:15:13.443", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -41,7 +41,7 @@ "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-552" } ] } diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6439.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6439.json new file mode 100644 index 00000000000..ce81138ce26 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6439.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6439", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-30T20:15:07.027", + "lastModified": "2023-11-30T20:15:07.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://1drv.ms/w/s!AgMfVZkPO1NWgR2_sUsSJF67lvbG?e=SStrt5", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.246439", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.246439", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 98aa27ffc4b..7f0b0bc21e9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-30T19:00:50.309703+00:00 +2023-11-30T21:00:17.876094+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-30T18:59:43.410000+00:00 +2023-11-30T20:58:28.853000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231896 +231897 ``` ### CVEs added in the last Commit -Recently added CVEs: `49` +Recently added CVEs: `1` -* [CVE-2023-31176](CVE-2023/CVE-2023-311xx/CVE-2023-31176.json) (`2023-11-30T17:15:08.520`) -* [CVE-2023-31177](CVE-2023/CVE-2023-311xx/CVE-2023-31177.json) (`2023-11-30T17:15:08.763`) -* [CVE-2023-34018](CVE-2023/CVE-2023-340xx/CVE-2023-34018.json) (`2023-11-30T17:15:08.940`) -* [CVE-2023-34388](CVE-2023/CVE-2023-343xx/CVE-2023-34388.json) (`2023-11-30T17:15:09.133`) -* [CVE-2023-34389](CVE-2023/CVE-2023-343xx/CVE-2023-34389.json) (`2023-11-30T17:15:09.380`) -* [CVE-2023-47870](CVE-2023/CVE-2023-478xx/CVE-2023-47870.json) (`2023-11-30T18:15:07.513`) -* [CVE-2023-48802](CVE-2023/CVE-2023-488xx/CVE-2023-48802.json) (`2023-11-30T18:15:07.727`) -* [CVE-2023-48803](CVE-2023/CVE-2023-488xx/CVE-2023-48803.json) (`2023-11-30T18:15:07.770`) -* [CVE-2023-48804](CVE-2023/CVE-2023-488xx/CVE-2023-48804.json) (`2023-11-30T18:15:07.820`) -* [CVE-2023-48805](CVE-2023/CVE-2023-488xx/CVE-2023-48805.json) (`2023-11-30T18:15:07.870`) -* [CVE-2023-48806](CVE-2023/CVE-2023-488xx/CVE-2023-48806.json) (`2023-11-30T18:15:07.917`) -* [CVE-2023-48807](CVE-2023/CVE-2023-488xx/CVE-2023-48807.json) (`2023-11-30T18:15:07.963`) -* [CVE-2023-48808](CVE-2023/CVE-2023-488xx/CVE-2023-48808.json) (`2023-11-30T18:15:08.007`) -* [CVE-2023-48810](CVE-2023/CVE-2023-488xx/CVE-2023-48810.json) (`2023-11-30T18:15:08.053`) -* [CVE-2023-48811](CVE-2023/CVE-2023-488xx/CVE-2023-48811.json) (`2023-11-30T18:15:08.097`) -* [CVE-2023-48812](CVE-2023/CVE-2023-488xx/CVE-2023-48812.json) (`2023-11-30T18:15:08.137`) -* [CVE-2023-6341](CVE-2023/CVE-2023-63xx/CVE-2023-6341.json) (`2023-11-30T18:15:08.180`) -* [CVE-2023-6342](CVE-2023/CVE-2023-63xx/CVE-2023-6342.json) (`2023-11-30T18:15:08.380`) -* [CVE-2023-6343](CVE-2023/CVE-2023-63xx/CVE-2023-6343.json) (`2023-11-30T18:15:08.573`) -* [CVE-2023-6344](CVE-2023/CVE-2023-63xx/CVE-2023-6344.json) (`2023-11-30T18:15:08.767`) -* [CVE-2023-6352](CVE-2023/CVE-2023-63xx/CVE-2023-6352.json) (`2023-11-30T18:15:08.963`) -* [CVE-2023-6353](CVE-2023/CVE-2023-63xx/CVE-2023-6353.json) (`2023-11-30T18:15:09.147`) -* [CVE-2023-6354](CVE-2023/CVE-2023-63xx/CVE-2023-6354.json) (`2023-11-30T18:15:09.333`) -* [CVE-2023-6375](CVE-2023/CVE-2023-63xx/CVE-2023-6375.json) (`2023-11-30T18:15:09.523`) -* [CVE-2023-6376](CVE-2023/CVE-2023-63xx/CVE-2023-6376.json) (`2023-11-30T18:15:09.720`) +* [CVE-2023-6439](CVE-2023/CVE-2023-64xx/CVE-2023-6439.json) (`2023-11-30T20:15:07.027`) ### CVEs modified in the last Commit -Recently modified CVEs: `51` +Recently modified CVEs: `77` -* [CVE-2023-41812](CVE-2023/CVE-2023-418xx/CVE-2023-41812.json) (`2023-11-30T17:04:44.713`) -* [CVE-2023-4677](CVE-2023/CVE-2023-46xx/CVE-2023-4677.json) (`2023-11-30T17:06:24.530`) -* [CVE-2023-41786](CVE-2023/CVE-2023-417xx/CVE-2023-41786.json) (`2023-11-30T17:06:53.820`) -* [CVE-2023-48700](CVE-2023/CVE-2023-487xx/CVE-2023-48700.json) (`2023-11-30T17:07:35.870`) -* [CVE-2023-25756](CVE-2023/CVE-2023-257xx/CVE-2023-25756.json) (`2023-11-30T17:08:47.230`) -* [CVE-2023-25057](CVE-2023/CVE-2023-250xx/CVE-2023-25057.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-26533](CVE-2023/CVE-2023-265xx/CVE-2023-26533.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-36507](CVE-2023/CVE-2023-365xx/CVE-2023-36507.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-36523](CVE-2023/CVE-2023-365xx/CVE-2023-36523.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-37868](CVE-2023/CVE-2023-378xx/CVE-2023-37868.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-37890](CVE-2023/CVE-2023-378xx/CVE-2023-37890.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-39921](CVE-2023/CVE-2023-399xx/CVE-2023-39921.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-44143](CVE-2023/CVE-2023-441xx/CVE-2023-44143.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-45609](CVE-2023/CVE-2023-456xx/CVE-2023-45609.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-46086](CVE-2023/CVE-2023-460xx/CVE-2023-46086.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-48328](CVE-2023/CVE-2023-483xx/CVE-2023-48328.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-48754](CVE-2023/CVE-2023-487xx/CVE-2023-48754.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-5803](CVE-2023/CVE-2023-58xx/CVE-2023-5803.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-6360](CVE-2023/CVE-2023-63xx/CVE-2023-6360.json) (`2023-11-30T17:12:39.840`) -* [CVE-2023-27306](CVE-2023/CVE-2023-273xx/CVE-2023-27306.json) (`2023-11-30T17:12:52.813`) -* [CVE-2023-35127](CVE-2023/CVE-2023-351xx/CVE-2023-35127.json) (`2023-11-30T17:24:26.147`) -* [CVE-2023-40152](CVE-2023/CVE-2023-401xx/CVE-2023-40152.json) (`2023-11-30T17:28:53.117`) -* [CVE-2023-5299](CVE-2023/CVE-2023-52xx/CVE-2023-5299.json) (`2023-11-30T17:37:48.917`) -* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-11-30T18:15:07.370`) -* [CVE-2023-28378](CVE-2023/CVE-2023-283xx/CVE-2023-28378.json) (`2023-11-30T18:37:10.197`) +* [CVE-2023-48707](CVE-2023/CVE-2023-487xx/CVE-2023-48707.json) (`2023-11-30T20:14:16.270`) +* [CVE-2023-5525](CVE-2023/CVE-2023-55xx/CVE-2023-5525.json) (`2023-11-30T20:15:18.223`) +* [CVE-2023-5559](CVE-2023/CVE-2023-55xx/CVE-2023-5559.json) (`2023-11-30T20:19:30.347`) +* [CVE-2023-5560](CVE-2023/CVE-2023-55xx/CVE-2023-5560.json) (`2023-11-30T20:19:52.993`) +* [CVE-2023-48312](CVE-2023/CVE-2023-483xx/CVE-2023-48312.json) (`2023-11-30T20:21:40.073`) +* [CVE-2023-48176](CVE-2023/CVE-2023-481xx/CVE-2023-48176.json) (`2023-11-30T20:21:54.850`) +* [CVE-2023-46673](CVE-2023/CVE-2023-466xx/CVE-2023-46673.json) (`2023-11-30T20:22:45.863`) +* [CVE-2023-5047](CVE-2023/CVE-2023-50xx/CVE-2023-5047.json) (`2023-11-30T20:24:29.170`) +* [CVE-2023-48712](CVE-2023/CVE-2023-487xx/CVE-2023-48712.json) (`2023-11-30T20:26:37.460`) +* [CVE-2023-6251](CVE-2023/CVE-2023-62xx/CVE-2023-6251.json) (`2023-11-30T20:26:53.117`) +* [CVE-2023-33706](CVE-2023/CVE-2023-337xx/CVE-2023-33706.json) (`2023-11-30T20:28:16.377`) +* [CVE-2023-5983](CVE-2023/CVE-2023-59xx/CVE-2023-5983.json) (`2023-11-30T20:28:56.663`) +* [CVE-2023-49210](CVE-2023/CVE-2023-492xx/CVE-2023-49210.json) (`2023-11-30T20:30:16.380`) +* [CVE-2023-5972](CVE-2023/CVE-2023-59xx/CVE-2023-5972.json) (`2023-11-30T20:31:31.227`) +* [CVE-2023-48039](CVE-2023/CVE-2023-480xx/CVE-2023-48039.json) (`2023-11-30T20:33:32.313`) +* [CVE-2023-48105](CVE-2023/CVE-2023-481xx/CVE-2023-48105.json) (`2023-11-30T20:33:32.983`) +* [CVE-2023-48090](CVE-2023/CVE-2023-480xx/CVE-2023-48090.json) (`2023-11-30T20:34:31.470`) +* [CVE-2023-6359](CVE-2023/CVE-2023-63xx/CVE-2023-6359.json) (`2023-11-30T20:36:00.537`) +* [CVE-2023-48042](CVE-2023/CVE-2023-480xx/CVE-2023-48042.json) (`2023-11-30T20:36:48.927`) +* [CVE-2023-20241](CVE-2023/CVE-2023-202xx/CVE-2023-20241.json) (`2023-11-30T20:38:54.273`) +* [CVE-2023-47467](CVE-2023/CVE-2023-474xx/CVE-2023-47467.json) (`2023-11-30T20:44:34.303`) +* [CVE-2023-49208](CVE-2023/CVE-2023-492xx/CVE-2023-49208.json) (`2023-11-30T20:47:45.190`) +* [CVE-2023-33202](CVE-2023/CVE-2023-332xx/CVE-2023-33202.json) (`2023-11-30T20:49:49.457`) +* [CVE-2023-47251](CVE-2023/CVE-2023-472xx/CVE-2023-47251.json) (`2023-11-30T20:49:57.593`) +* [CVE-2023-47250](CVE-2023/CVE-2023-472xx/CVE-2023-47250.json) (`2023-11-30T20:55:39.480`) ## Download and Usage