admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-30T21:00:17.876094+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-30 21:00:21 +00:00
parent 0182331f25
commit 09ab74fc01
79 changed files with 4167 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2021/CVE-2021-216xx/CVE-2021-21633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21633",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.627",
"lastModified": "2023-10-25T18:16:47.797",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:16:38.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

9
CVE-2021/CVE-2021-216xx/CVE-2021-21638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21638",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.987",
"lastModified": "2023-10-25T18:16:48.263",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:16:32.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,7 +104,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2021/CVE-2021-216xx/CVE-2021-21641.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21641",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-07T14:15:17.093",
"lastModified": "2023-10-25T18:16:48.573",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:18:08.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2021/CVE-2021-216xx/CVE-2021-21644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21644",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-21T15:15:08.373",
"lastModified": "2023-10-25T18:16:48.910",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:18:05.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

21
CVE-2021/CVE-2021-216xx/CVE-2021-21652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21652",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:08.030",
"lastModified": "2023-10-25T18:16:49.753",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:18:01.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
@ -84,7 +96,10 @@
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-379xx/CVE-2021-37942.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-37942",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T02:15:42.220",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:33:06.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema de escalada de privilegios local con APM Java Agent, donde un usuario del sistema pod\u00eda adjuntar un complemento malicioso a una aplicaci\u00f3n que ejecutaba APM Java Agent. Al utilizar esta vulnerabilidad, un atacante podr\u00eda ejecutar c\u00f3digo con un nivel de permisos potencialmente m\u00e1s alto del que normalmente tiene acceso su usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:apm_java_agent:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.18.0",
"versionEndIncluding": "1.27.0",
"matchCriteriaId": "15C93E89-E721-4610-BB53-39D2D24F58CB"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/apm-java-agent-security-update/291355",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Product"
]
}
]
}

4
CVE-2022/CVE-2022-05xx/CVE-2022-0538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-0538",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-09T14:15:07.893",
"lastModified": "2023-10-25T18:16:54.167",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:15:11.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

11
CVE-2022/CVE-2022-231xx/CVE-2022-23117.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23117",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.757",
"lastModified": "2023-10-25T18:16:55.690",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:15:51.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-522"
}
]
}
@ -104,7 +104,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-231xx/CVE-2022-23118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23118",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.807",
"lastModified": "2023-10-25T18:16:55.757",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:15:28.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-251xx/CVE-2022-25173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25173",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.477",
"lastModified": "2023-10-25T18:16:55.830",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:13:14.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

5
CVE-2022/CVE-2022-251xx/CVE-2022-25174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25174",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.560",
"lastModified": "2023-10-25T18:16:55.910",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:13:01.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

5
CVE-2022/CVE-2022-251xx/CVE-2022-25175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25175",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.627",
"lastModified": "2023-10-25T18:16:55.973",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:12:13.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

5
CVE-2022/CVE-2022-251xx/CVE-2022-25176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25176",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.697",
"lastModified": "2023-10-25T18:16:56.037",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:12:09.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

5
CVE-2022/CVE-2022-251xx/CVE-2022-25177.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25177",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.767",
"lastModified": "2023-10-25T18:16:56.097",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:12:05.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -98,7 +98,6 @@
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]

4
CVE-2022/CVE-2022-251xx/CVE-2022-25190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25190",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.147",
"lastModified": "2023-10-25T18:16:56.887",
"vulnStatus": "Modified",
"lastModified": "2023-11-30T19:15:32.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

92
CVE-2022/CVE-2022-440xx/CVE-2022-44011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-44011",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T16:15:07.217",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:58:28.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,95 @@
"value": "Se descubri\u00f3 un problema en ClickHouse antes del 22.9.1.2603. Un usuario autenticado (con la capacidad de cargar datos) podr\u00eda provocar un desbordamiento del b\u00fafer del heap y bloquear el servidor al insertar un objeto CapnProto con formato incorrecto. Las versiones corregidas son 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16 y 22.3.12.19."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.3.12.19",
"matchCriteriaId": "5E491243-850E-42B0-93C1-02A5006E76CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.6",
"versionEndExcluding": "22.6.6.16",
"matchCriteriaId": "8AC646C1-A2E2-4E6F-9312-2AF2B3FAED29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.7",
"versionEndExcluding": "22.7.4.16",
"matchCriteriaId": "2129D28D-F5C8-4824-819B-E27AF634C6BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.8",
"versionEndExcluding": "22.8.2.11",
"matchCriteriaId": "1B7994FF-D269-4F8A-9388-B60BC23A6EA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.9",
"versionEndExcluding": "22.9.1.2603",
"matchCriteriaId": "391AC13C-E2F6-4824-AC29-081AF879666A"
}
]
}
]
}
],
"references": [
{
"url": "https://clickhouse.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

218
CVE-2023/CVE-2023-202xx/CVE-2023-20241.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20241",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-22T17:15:18.740",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:38:54.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.\r\n\r These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en Cisco Secure Client Software, anteriormente AnyConnect Secure Mobility Client, podr\u00edan permitir que un atacante local autenticado cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un sistema afectado. Estas vulnerabilidades se deben a una lectura de memoria fuera de los l\u00edmites de Cisco Secure Client Software. Un atacante podr\u00eda aprovechar estas vulnerabilidades iniciando sesi\u00f3n en un dispositivo afectado al mismo tiempo que otro usuario accede a Cisco Secure Client en el mismo sistema y luego enviando paquetes manipulados a un puerto en ese host local. Un exploit exitoso podr\u00eda permitir al atacante bloquear el servicio del Agente VPN, provocando que no est\u00e9 disponible para todos los usuarios del sistema. Para explotar estas vulnerabilidades, el atacante debe tener credenciales v\u00e1lidas en un sistema multiusuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,198 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.00086:*:*:*:*:*:*:*",
"matchCriteriaId": "03B6618B-2E98-480C-AF79-2A9E9BF29CB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.01095:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CB76BE-7DD7-40D7-A7C7-DDA7079A286F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.02028:*:*:*:*:*:*:*",
"matchCriteriaId": "C87CEF61-99F2-4845-9FDE-4B6ED62637C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03047:*:*:*:*:*:*:*",
"matchCriteriaId": "EA80A4E4-061E-4578-B780-9540AE502E66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03049:*:*:*:*:*:*:*",
"matchCriteriaId": "804366C1-F307-4DC2-9FEA-B4EB60790A32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04043:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD3244A-5CA8-496C-B189-BCD31B0E40C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04053:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB00A32-8571-4685-B448-690F8EE373D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.05042:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CC9FF-FDD3-46A1-9025-BAA83160A504"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.06037:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8E83C4-9C5A-4D84-AB19-A4564BBB6625"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDBC52F-F851-4DC4-9DED-45F8689F2A00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D74511-0444-473C-96F7-751C2B9A6ADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*",
"matchCriteriaId": "D89BE767-38C2-4E92-83EB-09E23B48AAF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*",
"matchCriteriaId": "DC77CA23-5750-4E35-AD17-4FE0B351ECFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE66231-01C3-4807-AB7B-F2A3C2E2200D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*",
"matchCriteriaId": "B003756D-7F3D-4FB9-B3EF-CEAA68334630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4BD8-23D2-4C32-B090-F33D50BB5805"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE93BD0-7AAD-4921-A6F1-22F1905F8870"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*",
"matchCriteriaId": "222718F2-81E9-40BD-8B2D-ECD70CC423E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*",
"matchCriteriaId": "C1150AC7-8E86-471E-87DD-F4C0D0628261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*",
"matchCriteriaId": "585A3B8E-8FD1-4B01-9F82-1038BF50A0FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*",
"matchCriteriaId": "61D0138A-EE54-420B-A11B-4580DD130FBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B8E46-AE9E-44F6-B58E-5AF7A32D499B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB896B8-535A-494F-AA21-3DA56CD7A540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7B74D9-7D43-48B2-AE6F-4FE75DB1DF61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*",
"matchCriteriaId": "86B5EB44-F814-49AB-BAD2-3E02E9707377"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*",
"matchCriteriaId": "C33CF946-24CD-471E-8448-445E629789BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*",
"matchCriteriaId": "9E39EE52-4A48-430E-A7A5-29276EE51B03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*",
"matchCriteriaId": "781CEBDC-3A42-47BA-8509-E35AB6BB56C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF3D714-0475-4E30-8245-159C5BA68F11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2D666F-5EBF-41B7-89C1-32BCF65DABEC"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-259xx/CVE-2023-25952.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25952",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:20.123",
"lastModified": "2023-11-14T19:30:32.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:54:20.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en algunos controladores Intel(R) Arc(TM) e Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,71 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-271xx/CVE-2023-27102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-15T15:15:09.617",
"lastModified": "2023-03-20T20:25:55.293",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T19:15:10.713",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -72,6 +72,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-271xx/CVE-2023-27103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-15T15:15:09.670",
"lastModified": "2023-03-17T19:28:38.297",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T19:15:10.800",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -72,6 +72,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html",
"source": "cve@mitre.org"
}
]
}

101
CVE-2023/CVE-2023-273xx/CVE-2023-27305.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27305",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:20.473",
"lastModified": "2023-11-14T19:30:32.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:53:45.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos en algunos controladores Intel(R) Arc(TM) e Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,71 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27453.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27453",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.150",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:46:04.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <=\u00a02.3.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LWS LWS Tools en versiones &lt;=2.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lws:lws_tools:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.1",
"matchCriteriaId": "2E5B2842-C938-4E10-88F7-B4F682F1F702"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27457.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27457",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.333",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:44:39.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <=\u00a02.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Passionate Brains Add Expires Headers &amp; Optimized Minify en versiones &lt;=2.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:passionatebrains:add_expires_headers_\\&_optimized_minify:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.7",
"matchCriteriaId": "884032D8-6C1C-4A54-88EF-A1002474116B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-expires-headers/wordpress-add-expires-headers-optimized-minify-plugin-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-274xx/CVE-2023-27458.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27458",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.520",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:41:51.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <=\u00a04.4.10 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento wpstream WpStream en versiones &lt;=4.4.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpstream:wpstream:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.4.10",
"matchCriteriaId": "6E79A0BE-EE4E-4C01-9A88-E2D072D1621C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpstream/wordpress-wpstream-live-streaming-video-on-demand-pay-per-view-plugin-4-4-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-276xx/CVE-2023-27633.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27633",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.920",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:19:27.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify \u2013 Intuitive Website Styling plugin <=\u00a02.10.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pixelgrade Customify \u2013 Intuitive Website Styling en versiones &lt;=2.10.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pixelgrade:customify:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.10.4",
"matchCriteriaId": "31F486B4-9293-4C09-A7A5-CC0ED9643415"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/customify/wordpress-customify-plugin-2-10-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-332xx/CVE-2023-33202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33202",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T16:15:07.273",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:49:49.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Bouncy Castle para Java anterior a 1.73 contiene un posible problema de denegaci\u00f3n de servicio (DoS) dentro de la clase Bouncy Castle org.bouncycastle.openssl.PEMParser. Esta clase analiza secuencias codificadas OpenSSL PEM que contienen certificados X.509, claves codificadas PKCS8 y objetos PKCS7. El an\u00e1lisis de un archivo que ha creado datos ASN.1 a trav\u00e9s de PEMParser provoca un OutOfMemoryError, que puede permitir un ataque de denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bouncycastle:bouncy_castle_for_java:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.73",
"matchCriteriaId": "A450303D-AF6E-4A81-BE1C-F744B728AC27"
}
]
}
]
}
],
"references": [
{
"url": "https://bouncycastle.org",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-337xx/CVE-2023-33706.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33706",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-24T02:15:42.323",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:28:16.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,74 @@
"value": "SysAid anterior a 23.2.15 permite que los ataques de Indirect Object Reference (IDOR) lean datos de tickets a trav\u00e9s de un par\u00e1metro sid modificado en EmailHtmlSourceIframe.jsp o un par\u00e1metro srID modificado en ShowMessage.jsp."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*",
"versionEndExcluding": "23.2.15",
"matchCriteriaId": "97785D07-2E5D-4F37-B1FC-898B87B91A76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:cloud:*:*:*",
"versionEndExcluding": "23.2.50",
"matchCriteriaId": "F65F2B7D-04B1-4DBC-9283-FC10C428D79E"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.pridesec.com.br/en/insecure-direct-object-reference-idor-affects-helpdesk-sysaid/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-364xx/CVE-2023-36419.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-36419",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:12.300",
"lastModified": "2023-10-13T18:31:30.537",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T19:15:10.983",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability"
"value": "Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability"
},
{
"lang": "es",

27
CVE-2023/CVE-2023-36xx/CVE-2023-3631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3631",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-23T10:15:07.523",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:54:58.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:medart_notification_panel_project:medart_notification_panel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-11-23",
"matchCriteriaId": "75FEE7A4-520F-4FB1-8FBA-0C3E2B0AA312"
}
]
}
]
}
],
"references": [
{
"url": "https://https://www.usom.gov.tr/bildirim/tr-23-0656",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Broken Link"
]
}
]
}

10
CVE-2023/CVE-2023-381xx/CVE-2023-38156.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38156",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:21.123",
"lastModified": "2023-09-14T18:51:33.217",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T19:15:12.907",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability"
"value": "Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios de Azure HDInsight Apache Ambari"
}
],
"metrics": {

24
CVE-2023/CVE-2023-399xx/CVE-2023-39978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39978",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-08T06:15:47.790",
"lastModified": "2023-11-07T04:17:41.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-30T19:26:53.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -62,6 +62,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
@ -88,7 +103,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}
]
}

8
CVE-2023/CVE-2023-438xx/CVE-2023-43887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.747",
"lastModified": "2023-11-30T05:43:21.497",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T19:15:13.260",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -83,6 +83,10 @@
"Issue Tracking",
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45328.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45328",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:11.947",
"lastModified": "2023-11-08T23:17:15.513",
"lastModified": "2023-11-30T19:26:14.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45336.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45336",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:12.543",
"lastModified": "2023-11-08T00:52:59.970",
"lastModified": "2023-11-30T19:26:19.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45337.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45337",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:12.627",
"lastModified": "2023-11-08T00:53:05.587",
"lastModified": "2023-11-30T19:26:09.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -69,8 +69,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45339.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45339",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:12.713",
"lastModified": "2023-11-08T00:53:10.663",
"lastModified": "2023-11-30T19:26:06.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45340.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45340",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:12.793",
"lastModified": "2023-11-08T00:53:16.033",
"lastModified": "2023-11-30T19:26:02.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45341.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45341",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:12.870",
"lastModified": "2023-11-08T00:53:21.763",
"lastModified": "2023-11-30T19:25:57.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45342.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45342",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:12.957",
"lastModified": "2023-11-08T00:53:30.717",
"lastModified": "2023-11-30T19:25:52.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

6
CVE-2023/CVE-2023-453xx/CVE-2023-45343.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45343",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:13.033",
"lastModified": "2023-11-08T00:53:35.723",
"lastModified": "2023-11-30T19:19:24.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64A1FC-FDA0-46E7-A27E-1E718E55FAA2"
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}

70
CVE-2023/CVE-2023-466xx/CVE-2023-46673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46673",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T10:15:08.417",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:22:45.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,14 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.17.14",
"matchCriteriaId": "B5D858CC-723F-44C8-A3EF-90563359D58F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.10.3",
"matchCriteriaId": "ACB218DA-EF68-46A0-9249-7FB7286CE35F"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-472xx/CVE-2023-47250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47250",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.883",
"lastModified": "2023-11-28T17:15:08.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:55:39.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,111 @@
"value": "En mprivacy-tools anterior a 2.0.406g en m-privacy TightGate-Pro Server, el control de acceso roto en los sockets del servidor X11 permite a atacantes autenticados (con acceso a una sesi\u00f3n VNC) acceder a los escritorios X11 de otros usuarios especificando su ID DE PANTALLA. Esto permite un control total de su escritorio, incluida la capacidad de inyectar pulsaciones de teclas y realizar un ataque de registro de teclas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-privacy:mprivacy-tools:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.406g",
"matchCriteriaId": "96183115-3343-4926-BA00-BC1918E154EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-privacy:rsbac-policy-tgpro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.159",
"matchCriteriaId": "70C841E9-B3AC-4751-B687-20BE31B8B3FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-privacy:tightgatevnc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.2-1",
"matchCriteriaId": "E8C3B7A9-F7EA-490E-8DD4-E2D0E3F3634D"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

94
CVE-2023/CVE-2023-472xx/CVE-2023-47251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47251",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.930",
"lastModified": "2023-11-28T17:15:08.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:49:57.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,105 @@
"value": "En mprivacy-tools anterior a 2.0.406g en m-privacy TightGate-Pro Server, un Directory Traversal en la funci\u00f3n de impresi\u00f3n del servicio VNC permite a atacantes autenticados (con acceso a una sesi\u00f3n de VNC) transferir autom\u00e1ticamente documentos PDF maliciosos movi\u00e9ndolos al directorio .spool y luego env\u00eda una se\u00f1al al servicio VNC, que los transfiere autom\u00e1ticamente al sistema de archivos del cliente VNC conectado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-privacy:mprivacy-tools:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.406g",
"matchCriteriaId": "3C0366BD-EE82-49FD-9EE8-120930841307"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-privacy:tightgatevnc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.2-1",
"matchCriteriaId": "E8C3B7A9-F7EA-490E-8DD4-E2D0E3F3634D"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-474xx/CVE-2023-47467.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47467",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.980",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:44:34.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "La vulnerabilidad de Directory Traversal en jeecg-boot v.3.6.0 permite a un atacante remoto con privilegios obtener informaci\u00f3n confidencial a trav\u00e9s de la estructura del directorio de archivos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg:jeecg-boot:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10124934-5F0D-46B1-822E-7D47BA2C3380"
}
]
}
]
}
],
"references": [
{
"url": "https://www.yuque.com/u2479829/tegvu8/dvmfdl5fssfen05q",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

8
CVE-2023/CVE-2023-474xx/CVE-2023-47471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T04:15:06.857",
"lastModified": "2023-11-29T20:27:28.787",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T19:15:13.313",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -83,6 +83,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-480xx/CVE-2023-48039.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-48039",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T15:15:09.820",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:33:32.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75."
},
{
"lang": "es",
"value": "GPAC 2.3-DEV-rev617-g671976fcc-master es vulnerable a p\u00e9rdidas de memoria en gf_mpd_parse_string media_tools/mpd.c:75."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev617-g671976fcc-master:*:*:*:*:*:*:*",
"matchCriteriaId": "F540C691-D615-4A9B-8DD6-69B8488E3BA1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/issues/2679",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-480xx/CVE-2023-48042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48042",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T13:15:07.410",
"lastModified": "2023-11-30T07:15:07.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:36:48.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Amazzing Filter para Prestashop hasta 3.2.2 es vulnerable a Cross-Site Scripting (XSS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:communitydeveloper:amazzing_filter:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "3.2.5",
"matchCriteriaId": "52889FC2-6611-427B-8436-8DD406154AF5"
}
]
}
]
}
],
"references": [
{
"url": "https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-480xx/CVE-2023-48090.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-48090",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T15:15:09.863",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:34:31.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329."
},
{
"lang": "es",
"value": "GPAC 2.3-DEV-rev617-g671976fcc-master es vulnerable a p\u00e9rdidas de memoria en extract_attributes media_tools/m3u8.c:329."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev617-g671976fcc-master:*:*:*:*:*:*:*",
"matchCriteriaId": "F540C691-D615-4A9B-8DD6-69B8488E3BA1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/issues/2680",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-481xx/CVE-2023-48105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48105",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T23:15:10.617",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:33:32.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,89 @@
"value": "Se descubri\u00f3 una vulnerabilidad de desbordamiento del heap en Bytecode alliance wasm-micro-runtime v.1.2.3 que permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n wasm_loader_prepare_bytecode en core/iwasm/interpreter/wasm_loader.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "438EEBB6-205A-496A-A009-321357C86154"
}
]
}
]
}
],
"references": [
{
"url": "http://bytecode.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "http://wasm-micro-runtime.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/issues/2726",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/pull/2734/commits/4785d91b16dd49c09a96835de2d9c7b077543fa4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

67
CVE-2023/CVE-2023-481xx/CVE-2023-48176.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48176",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T22:15:07.187",
"lastModified": "2023-11-21T01:38:10.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:21:54.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token)."
},
{
"lang": "es",
"value": "Un problema de permisos inseguros en WebsiteGuide v.0.2 permite a un atacante remoto obtener privilegios escalados a trav\u00e9s de jwt (token web JSON) manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mizhexiaoxiao:websiteguide:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACDB3F2-177A-4CB3-96A0-38F1B3F4B9F0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://prairie-steed-4d7.notion.site/WebsiteGuide-vulnerability-analysis-33a701c4fbf24555bffde17da0c73d8d?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

108
CVE-2023/CVE-2023-483xx/CVE-2023-48303.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48303",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T22:15:07.893",
"lastModified": "2023-11-22T03:36:44.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:02:48.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y anteriores a las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server, los administradores pueden cambiar los detalles de autenticaci\u00f3n del almacenamiento externo configurado por el usuario. Las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server contienen un parche para este problema. No hay workarounds conocidos disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "CFCB9CDB-F661-496E-86B7-25B228A3C90E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "37949CD5-0B2D-40BE-83C8-E6A03CD0F7C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "9E2008E1-AFAE-40F5-8D64-A019F2222AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "4C98058B-06EF-446E-A39D-F436627469C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "B8F5C07F-E133-4C54-B9A7-95A38086B28A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "E29703CE-0A92-47F3-96AE-0AC27641ECDF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2448-44rp-c7hh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/39895",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2107934",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

53
CVE-2023/CVE-2023-483xx/CVE-2023-48312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48312",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-24T18:15:07.127",
"lastModified": "2023-11-27T13:52:21.813",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:21:40.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clastix:capsule-proxy:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.4.5",
"matchCriteriaId": "9337A5E5-9358-466F-9BEF-D1EE51DD5A18"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-487xx/CVE-2023-48707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48707",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-24T18:15:07.327",
"lastModified": "2023-11-27T13:52:21.813",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:14:16.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B1E3F1E0-C2D7-4EC5-AD04-AEB414A3D71C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8DDA8B62-EE63-40C0-9F2C-23F56B225F49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4F37B4E1-D641-4D55-9D3F-FB3B18934FE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3361F9CD-A084-4437-BF22-08A558C326B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "AEF20FB8-F114-4B54-8CEF-739433359E21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "340EBC7C-51FC-4792-A0A4-A323219D1551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "061CA3F7-EDAD-4D04-AFBC-9ABD22470AF1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/codeigniter4/shield/commit/f77c6ae20275ac1245330a2b9a523bf7e6f6202f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-v427-c49j-8w6x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-487xx/CVE-2023-48708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48708",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-24T18:15:07.520",
"lastModified": "2023-11-27T13:52:21.813",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:11:33.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B1E3F1E0-C2D7-4EC5-AD04-AEB414A3D71C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8DDA8B62-EE63-40C0-9F2C-23F56B225F49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4F37B4E1-D641-4D55-9D3F-FB3B18934FE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3361F9CD-A084-4437-BF22-08A558C326B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "AEF20FB8-F114-4B54-8CEF-739433359E21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "340EBC7C-51FC-4792-A0A4-A323219D1551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "061CA3F7-EDAD-4D04-AFBC-9ABD22470AF1"
}
]
}
]
}
],
"references": [
{
"url": "https://codeigniter4.github.io/shield/getting_started/authenticators/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-487xx/CVE-2023-48712.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48712",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-24T17:15:08.453",
"lastModified": "2023-11-27T13:52:21.813",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:26:37.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.8.1",
"matchCriteriaId": "598C2B38-2E7C-442E-8D61-5799221F6781"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-491xx/CVE-2023-49105.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49105",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-21T22:15:08.613",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:28:59.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ownCloud owncloud/core antes de la versi\u00f3n 10.13.1. Un atacante puede acceder, modificar o eliminar cualquier archivo sin autenticaci\u00f3n si conoce el nombre de usuario de la v\u00edctima y la v\u00edctima no tiene una clave de firma configurada. Esto ocurre porque las URL prefirmadas se pueden aceptar incluso cuando no se configura ninguna clave de firma para el propietario de los archivos. La primera versi\u00f3n afectada es la 10.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.13.1",
"matchCriteriaId": "117F6462-A2A3-46CB-B795-79C72AF275A8"
}
]
}
]
}
],
"references": [
{
"url": "https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://owncloud.org/security",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-492xx/CVE-2023-49208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49208",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T18:15:07.410",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:47:45.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "esquema/webauthn.c en el servidor SSO de Glewlwyd anterior a 2.7.6 tiene un posible desbordamiento del b\u00fafer durante la validaci\u00f3n de las credenciales FIDO2 en el registro de webauthn."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glewlwyd_sso_server_project:glewlwyd_sso_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.6",
"matchCriteriaId": "538BFBDD-EC3D-4FD6-9121-D9D8A1213558"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/babelouest/glewlwyd/releases/tag/v2.7.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
]
}
]
}

75
CVE-2023/CVE-2023-492xx/CVE-2023-49210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49210",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T20:15:07.157",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:30:16.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "El paquete NPM openssl (tambi\u00e9n conocido como node-openssl) hasta 2.0.0 fue caracterizado por su autor como \"un contenedor sin sentido sin ning\u00fan prop\u00f3sito real\" y acepta un argumento opts que contiene un campo verbal (usado para la ejecuci\u00f3n de comandos). NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:node-openssl_project:node-openssl:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "6BC1E54D-5E58-4AAF-91F2-689D0B1897B4"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ossf/malicious-packages/tree/main/malicious/npm",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.npmjs.com/package/openssl",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

108
CVE-2023/CVE-2023-492xx/CVE-2023-49298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49298",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-24T19:15:07.587",
"lastModified": "2023-11-27T13:52:21.813",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:10:45.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,119 @@
"value": "OpenZFS hasta 2.1.13 y 2.2.x hasta 2.2.1, en ciertos escenarios que involucran aplicaciones que intentan confiar en la copia eficiente de datos de archivos, puede reemplazar el contenido del archivo con bytes de valor cero y, por lo tanto, potencialmente deshabilitar los mecanismos de seguridad. NOTA: este problema no siempre est\u00e1 relacionado con la seguridad, pero puede estar relacionado con la seguridad en situaciones realistas. Un posible ejemplo es cp, de una versi\u00f3n reciente de GNU Core Utilities (coreutils), cuando se intenta preservar un conjunto de reglas para denegar el acceso no autorizado. (Se puede usar cp al configurar el control de acceso, como con el archivo /etc/hosts.deny especificado en la referencia de soporte de IBM). NOTA: este problema ocurre con menos frecuencia en la versi\u00f3n 2.2.1 y en versiones anteriores a la 2.1.4. debido a la configuraci\u00f3n predeterminada en esas versiones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openzfs:openzfs:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.13",
"matchCriteriaId": "FCB5B44F-BC91-4DBC-A67B-96D577834ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openzfs:openzfs:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9119E75A-14D2-4C8A-9AD0-97257DE45EC9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FA25530A-133C-4D7C-8993-D5C42D79A0B5"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/openzfs/zfs/issues/15526",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/openzfs/zfs/pull/15571",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://news.ycombinator.com/item?id=38405731",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-50xx/CVE-2023-5047.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5047",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T12:15:22.587",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:24:29.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.This issue affects DRDrive: before 20231006.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en DRD Fleet Leasing DRDrive permite la inyecci\u00f3n SQL. Este problema afecta a DRDrive: antes de 20231006."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drd:drdrive:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.10.06",
"matchCriteriaId": "509E5AD3-E090-4E8B-B04A-1C97BCC78853"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0651",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-53xx/CVE-2023-5325.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5325",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:08.833",
"lastModified": "2023-11-27T19:03:35.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:14:11.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS"
},
{
"lang": "es",
"value": "El complemento Woocommerce Vietnam Checkout de WordPress anterior a 2.0.6 no escapa del campo de tel\u00e9fono de env\u00edo personalizado ni del formulario de pago que conduce a XSS"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:levantoan:woocommerce_vietnam_checkout:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.6",
"matchCriteriaId": "F796D8AE-E643-4668-BB9A-5268E128923D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e93841ef-e113-41d3-9fa1-b21af85bd812",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-55xx/CVE-2023-5525.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5525",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:08.880",
"lastModified": "2023-11-27T19:03:35.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:15:18.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin."
},
{
"lang": "es",
"value": "El complemento Limit Login Attempts Reloaded de WordPress anterior al 2.25.26 le falta autorizaci\u00f3n en la acci\u00f3n AJAX `toggle_auto_update`, lo que permite a cualquier usuario con un nonce v\u00e1lido alternar el estado de actualizaci\u00f3n autom\u00e1tica del complemento."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.25.26",
"matchCriteriaId": "F17FBCF8-878C-42FF-A129-03D1BC380483"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/654bad15-1c88-446a-b28b-5a412cc0399d",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-55xx/CVE-2023-5559.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5559",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:08.927",
"lastModified": "2023-11-27T19:03:35.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:19:30.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service."
},
{
"lang": "es",
"value": "El complemento 10Web Booster de WordPress anterior al 24.2.18 no valida el nombre de opci\u00f3n dado a algunas acciones AJAX, lo que permite a usuarios no autenticados eliminar opciones arbitrarias de la base de datos, lo que lleva a la denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:10web:10web_booster:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.24.18",
"matchCriteriaId": "3DAA777F-5807-4D4F-8A86-E904B2A70665"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-55xx/CVE-2023-5560.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5560",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:08.980",
"lastModified": "2023-11-27T19:03:35.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:19:52.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento WP-UserOnline de WordPress anterior a 2.88.3 no sanitiza ni escapa del encabezado X-Forwarded-For antes de mostrar su contenido en la p\u00e1gina, lo que permite a usuarios no autenticados realizar ataques de Cross Site Scripting."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lesterchan:wp-useronline:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.88.3",
"matchCriteriaId": "B5A0CE27-B2BE-4A49-9A77-D7E6A2148BAD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/55d23184-fc5a-4090-b079-142407b59b05",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-59xx/CVE-2023-5921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5921",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T09:15:07.690",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:38:44.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decesoftware:geodi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.0.27396",
"matchCriteriaId": "67D33BAA-FCF4-412B-A8FF-7E62F7D5A13A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0650",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

189
CVE-2023/CVE-2023-59xx/CVE-2023-5972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5972",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-23T18:15:07.470",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:31:31.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,22 +80,169 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.1",
"versionEndIncluding": "6.5.10",
"matchCriteriaId": "C209B2AA-EBB7-4A9E-9B86-4DF1632B47B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "C64BDD9D-C663-4E75-AE06-356EDC392B82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*",
"matchCriteriaId": "26544390-88E4-41CA-98BF-7BB1E9D4E243"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5283F553-3742-412C-8FBF-5C48E60E7F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BDDE77B0-4959-484D-B7B5-815682FA0EA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AA287BA-AA71-4071-814E-FDBA6EAA3B8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8939DBFF-1DFD-4F1D-B01F-75E0F10493A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "410F4BA6-C7AA-4235-BDF2-D9DDC3C155D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "5403B74F-D6F6-4B8E-8F5A-4468D15A47CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5972",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248189",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

51
CVE-2023/CVE-2023-59xx/CVE-2023-5983.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5983",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T12:15:22.777",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:28:56.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.\n\n"
},
{
"lang": "es",
"value": "La exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Botanik Software Pharmacy Automation permite recuperar datos confidenciales incrustados. Este problema afecta a Pharmacy Automation: antes de 2.1.133.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:botanikyazilim:pharmacy_automation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.133.0",
"matchCriteriaId": "CFA2AD8F-0F17-492E-A498-61E996ABE56F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0652",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

646
CVE-2023/CVE-2023-62xx/CVE-2023-6251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6251",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-11-24T09:15:09.903",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:26:53.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "security@checkmk.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@checkmk.com",
"type": "Secondary",
@ -50,10 +80,620 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "25E96088-0FA2-49FD-B93D-5AFC9605289E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "EDB60B12-F724-40C7-8EB2-1270484E88F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "F646D243-433E-46F9-9E8E-E4F734F9E648"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "D1C14080-79C9-4620-AD1F-6CB46F0F74D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "4AECE1FE-F3D1-4FF0-BDF9-F39FFCBF52E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "C2F79F99-5F46-48A7-BEE7-1551CD56C2F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "2EB6F9D4-13D2-4218-96EF-64C2126369DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "62841559-BDA0-4B67-932A-007D91BFBD14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "F6F22F4E-4A8A-4A7B-A01A-50E9BEA019DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p37:*:*:*:*:*:*",
"matchCriteriaId": "C1467012-F4CD-4547-A761-50B5F478A055"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p38:*:*:*:*:*:*",
"matchCriteriaId": "200EE0FA-D641-4612-8048-3B00997CBB42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p39:*:*:*:*:*:*",
"matchCriteriaId": "62ACFC37-4F2A-4C2F-B960-D7AEEADBDDBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "B8E358A9-0430-4EF1-8557-7F1C088FFF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "4B0AF395-FDC7-4321-9E00-C935641C138B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "59B9CCED-806F-47EF-B5B6-441AADCB4B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "FAED2CD5-A2CE-438C-8ED7-338D9D61FBD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "F08A96EF-FD2E-4D45-884B-349869649C3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "E80D718E-66B6-4FC6-911D-C264F2C891C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "174BF76A-00C5-4ECD-937D-FE66851D3979"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F43DBAE4-FEF9-431E-AE82-31C7944CA830"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "7AF612FF-7441-41C4-96C2-36A15E45FF93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "5FFBF793-48E0-48DB-9C12-1C4A5805009E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "B6A2F0DB-CA73-4F14-8099-7A29BADC1F4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "5D23ECB8-9C2C-4BA5-ADD6-248FD2CFF37A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "9958D126-EF50-4ED7-85A3-6E5120EFB931"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "5D9B3F5F-158A-4C43-A894-1A55D1D758FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "17729C6D-3DD1-4082-B3AF-B53770304F7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "2E34014C-90A0-4ABB-A15F-73E83F312246"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "C0DCB95E-CC14-40BF-A7E4-1CD9075E2785"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "E1AA25FE-FA1B-4525-99B8-1098E75BDC5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "073ED1BF-B3FE-4CC4-A279-15981DBC0BE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "BA067A60-3B6A-4C3B-8934-E2725199EE39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "DD42912A-092C-4FD9-9874-5B04989164C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "E26E5640-8396-4B9C-890F-E9598CEB08FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "82CBA4CB-FCEE-4D33-8127-944D914A8F5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "DE6414DD-DA34-4FE7-B976-A6898B454E60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "0CB08010-2416-469D-8B27-212F28BF62EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "8F66346B-4A8A-4323-B197-B5D4D949FCEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8EC2C076-C4C6-4C9A-84FE-B47E835AA0E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "A954DDB4-ACF5-4D74-B735-0BB14762457C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F4E9D8E0-ECFF-4987-8189-F6A5917D39B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "7CDF16A7-E9BC-488B-A0DF-91B7F79C2D7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "EF3C4AB5-966A-46CD-8774-7BD4115FC80B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "580C70A7-387E-4650-9DBA-D7AA0BFDB1BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "343C5CD6-48ED-4693-BC2A-549A43F02931"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "18F1E6EC-5866-4338-9772-92EB01E0A184"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "57C08697-674F-4924-A5A2-40F1E2BF2059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "AB444D23-88E8-4AFE-9F1E-56AE4ADF7644"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "050E9020-9E83-4198-B550-F554686DCC36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "5D3DFD03-89BF-433F-B14C-8B46AD5146F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "50D06254-A368-4DE1-8734-1DC49002FBB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "489B86C6-FDD3-4569-B330-86CF51B533B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "50456E0E-0597-4E90-9BFC-1384800ED073"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "0A7E61FE-E2B2-434F-8DFB-BF6AB78B8DE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "E9F4C18C-D62E-47F5-A309-D0BC9CFB990C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "DAFBA752-75C7-4514-AC75-CE7D78AE9F96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "57BA8394-7755-45E0-8B4D-B37A8A5B5DB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "D6A02DB9-71F6-429F-A084-D811AD016CBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "AC520584-54C8-445C-8898-CEFE1E1CC59F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "DA73CA36-D5F7-4C8D-B574-7DBF29220C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "32F5CD0B-98FD-4076-A33A-A12FA8F89F24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "46DC1573-56A8-48E7-ABB8-45406AA252AE"
}
]
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/16224",
"source": "security@checkmk.com"
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

119
CVE-2023/CVE-2023-62xx/CVE-2023-6277.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6277",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-24T19:15:07.643",
"lastModified": "2023-11-27T13:52:21.813",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:05:33.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,22 +80,99 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFD25C1-A304-486F-A36B-7167EEF33388"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6277",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251311",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/614",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/545",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-62xx/CVE-2023-6293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6293",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-24T20:15:07.293",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:55:33.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sequelizejs:sequelize-typescript:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2.1.6",
"matchCriteriaId": "90D60CEC-FA6E-44DE-9975-731B18314733"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-62xx/CVE-2023-6298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6298",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-26T23:15:07.657",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:12:10.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:itextpdf:itext:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "744BE782-8089-47EC-8D71-4E8FB9576F54"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1OBAeGH_rNfa1os6g6QlIt4pL-2NKHZm_?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246124",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246124",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-62xx/CVE-2023-6299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6299",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-26T23:15:07.883",
"lastModified": "2023-11-29T17:15:07.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:09:27.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:itextpdf:itext:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE116EF-8351-440A-BF9A-90B4A51AADAB"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-Bugfixesandmiscellaneous",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.246125",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246125",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6302",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T00:15:07.820",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:59:45.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cskaza:cszcms:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E1FF54-382F-4529-BA1D-9AD4DCA94A58"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/t34t/CVE/blob/main/CSZCMS/Code-Execution-Vulnerability-in-cszcmsV1.3.0.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246128",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246128",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6303",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T00:15:08.040",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:58:47.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cskaza:cszcms:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E1FF54-382F-4529-BA1D-9AD4DCA94A58"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/t34t/CVE/blob/main/CSZCMS/0-Store-XSS-Vulnerability-in-cszcmsV1.3.0.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246129",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246129",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6313.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6313",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T03:15:07.650",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T19:57:47.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:url_shortener_project:url_shortener:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6B8BB2-48CE-4525-8AB9-F76C86D722BA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/url-shortener.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246139",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246139",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-63xx/CVE-2023-6359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6359",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-28T12:15:07.647",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T20:36:00.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grupoalumne:alumne_lms:4.0.0.1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "AA92E833-F522-41E1-B681-ECFFE59396CC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-alumne-lms",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-63xx/CVE-2023-6375.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6375",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.523",
"lastModified": "2023-11-30T18:18:28.713",
"lastModified": "2023-11-30T19:15:13.443",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-552"
}
]
}

88
CVE-2023/CVE-2023-64xx/CVE-2023-6439.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6439",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-30T20:15:07.027",
"lastModified": "2023-11-30T20:15:07.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://1drv.ms/w/s!AgMfVZkPO1NWgR2_sUsSJF67lvbG?e=SStrt5",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.246439",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.246439",
"source": "cna@vuldb.com"
}
]
}

86
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-30T19:00:50.309703+00:00
2023-11-30T21:00:17.876094+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-30T18:59:43.410000+00:00
2023-11-30T20:58:28.853000+00:00
```
### Last Data Feed Release
@ -29,69 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231896
231897
```
### CVEs added in the last Commit
Recently added CVEs: `49`
Recently added CVEs: `1`
* [CVE-2023-31176](CVE-2023/CVE-2023-311xx/CVE-2023-31176.json) (`2023-11-30T17:15:08.520`)
* [CVE-2023-31177](CVE-2023/CVE-2023-311xx/CVE-2023-31177.json) (`2023-11-30T17:15:08.763`)
* [CVE-2023-34018](CVE-2023/CVE-2023-340xx/CVE-2023-34018.json) (`2023-11-30T17:15:08.940`)
* [CVE-2023-34388](CVE-2023/CVE-2023-343xx/CVE-2023-34388.json) (`2023-11-30T17:15:09.133`)
* [CVE-2023-34389](CVE-2023/CVE-2023-343xx/CVE-2023-34389.json) (`2023-11-30T17:15:09.380`)
* [CVE-2023-47870](CVE-2023/CVE-2023-478xx/CVE-2023-47870.json) (`2023-11-30T18:15:07.513`)
* [CVE-2023-48802](CVE-2023/CVE-2023-488xx/CVE-2023-48802.json) (`2023-11-30T18:15:07.727`)
* [CVE-2023-48803](CVE-2023/CVE-2023-488xx/CVE-2023-48803.json) (`2023-11-30T18:15:07.770`)
* [CVE-2023-48804](CVE-2023/CVE-2023-488xx/CVE-2023-48804.json) (`2023-11-30T18:15:07.820`)
* [CVE-2023-48805](CVE-2023/CVE-2023-488xx/CVE-2023-48805.json) (`2023-11-30T18:15:07.870`)
* [CVE-2023-48806](CVE-2023/CVE-2023-488xx/CVE-2023-48806.json) (`2023-11-30T18:15:07.917`)
* [CVE-2023-48807](CVE-2023/CVE-2023-488xx/CVE-2023-48807.json) (`2023-11-30T18:15:07.963`)
* [CVE-2023-48808](CVE-2023/CVE-2023-488xx/CVE-2023-48808.json) (`2023-11-30T18:15:08.007`)
* [CVE-2023-48810](CVE-2023/CVE-2023-488xx/CVE-2023-48810.json) (`2023-11-30T18:15:08.053`)
* [CVE-2023-48811](CVE-2023/CVE-2023-488xx/CVE-2023-48811.json) (`2023-11-30T18:15:08.097`)
* [CVE-2023-48812](CVE-2023/CVE-2023-488xx/CVE-2023-48812.json) (`2023-11-30T18:15:08.137`)
* [CVE-2023-6341](CVE-2023/CVE-2023-63xx/CVE-2023-6341.json) (`2023-11-30T18:15:08.180`)
* [CVE-2023-6342](CVE-2023/CVE-2023-63xx/CVE-2023-6342.json) (`2023-11-30T18:15:08.380`)
* [CVE-2023-6343](CVE-2023/CVE-2023-63xx/CVE-2023-6343.json) (`2023-11-30T18:15:08.573`)
* [CVE-2023-6344](CVE-2023/CVE-2023-63xx/CVE-2023-6344.json) (`2023-11-30T18:15:08.767`)
* [CVE-2023-6352](CVE-2023/CVE-2023-63xx/CVE-2023-6352.json) (`2023-11-30T18:15:08.963`)
* [CVE-2023-6353](CVE-2023/CVE-2023-63xx/CVE-2023-6353.json) (`2023-11-30T18:15:09.147`)
* [CVE-2023-6354](CVE-2023/CVE-2023-63xx/CVE-2023-6354.json) (`2023-11-30T18:15:09.333`)
* [CVE-2023-6375](CVE-2023/CVE-2023-63xx/CVE-2023-6375.json) (`2023-11-30T18:15:09.523`)
* [CVE-2023-6376](CVE-2023/CVE-2023-63xx/CVE-2023-6376.json) (`2023-11-30T18:15:09.720`)
* [CVE-2023-6439](CVE-2023/CVE-2023-64xx/CVE-2023-6439.json) (`2023-11-30T20:15:07.027`)
### CVEs modified in the last Commit
Recently modified CVEs: `51`
Recently modified CVEs: `77`
* [CVE-2023-41812](CVE-2023/CVE-2023-418xx/CVE-2023-41812.json) (`2023-11-30T17:04:44.713`)
* [CVE-2023-4677](CVE-2023/CVE-2023-46xx/CVE-2023-4677.json) (`2023-11-30T17:06:24.530`)
* [CVE-2023-41786](CVE-2023/CVE-2023-417xx/CVE-2023-41786.json) (`2023-11-30T17:06:53.820`)
* [CVE-2023-48700](CVE-2023/CVE-2023-487xx/CVE-2023-48700.json) (`2023-11-30T17:07:35.870`)
* [CVE-2023-25756](CVE-2023/CVE-2023-257xx/CVE-2023-25756.json) (`2023-11-30T17:08:47.230`)
* [CVE-2023-25057](CVE-2023/CVE-2023-250xx/CVE-2023-25057.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-26533](CVE-2023/CVE-2023-265xx/CVE-2023-26533.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-36507](CVE-2023/CVE-2023-365xx/CVE-2023-36507.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-36523](CVE-2023/CVE-2023-365xx/CVE-2023-36523.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-37868](CVE-2023/CVE-2023-378xx/CVE-2023-37868.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-37890](CVE-2023/CVE-2023-378xx/CVE-2023-37890.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-39921](CVE-2023/CVE-2023-399xx/CVE-2023-39921.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-44143](CVE-2023/CVE-2023-441xx/CVE-2023-44143.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-45609](CVE-2023/CVE-2023-456xx/CVE-2023-45609.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-46086](CVE-2023/CVE-2023-460xx/CVE-2023-46086.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-48328](CVE-2023/CVE-2023-483xx/CVE-2023-48328.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-48754](CVE-2023/CVE-2023-487xx/CVE-2023-48754.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-5803](CVE-2023/CVE-2023-58xx/CVE-2023-5803.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-6360](CVE-2023/CVE-2023-63xx/CVE-2023-6360.json) (`2023-11-30T17:12:39.840`)
* [CVE-2023-27306](CVE-2023/CVE-2023-273xx/CVE-2023-27306.json) (`2023-11-30T17:12:52.813`)
* [CVE-2023-35127](CVE-2023/CVE-2023-351xx/CVE-2023-35127.json) (`2023-11-30T17:24:26.147`)
* [CVE-2023-40152](CVE-2023/CVE-2023-401xx/CVE-2023-40152.json) (`2023-11-30T17:28:53.117`)
* [CVE-2023-5299](CVE-2023/CVE-2023-52xx/CVE-2023-5299.json) (`2023-11-30T17:37:48.917`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-11-30T18:15:07.370`)
* [CVE-2023-28378](CVE-2023/CVE-2023-283xx/CVE-2023-28378.json) (`2023-11-30T18:37:10.197`)
* [CVE-2023-48707](CVE-2023/CVE-2023-487xx/CVE-2023-48707.json) (`2023-11-30T20:14:16.270`)
* [CVE-2023-5525](CVE-2023/CVE-2023-55xx/CVE-2023-5525.json) (`2023-11-30T20:15:18.223`)
* [CVE-2023-5559](CVE-2023/CVE-2023-55xx/CVE-2023-5559.json) (`2023-11-30T20:19:30.347`)
* [CVE-2023-5560](CVE-2023/CVE-2023-55xx/CVE-2023-5560.json) (`2023-11-30T20:19:52.993`)
* [CVE-2023-48312](CVE-2023/CVE-2023-483xx/CVE-2023-48312.json) (`2023-11-30T20:21:40.073`)
* [CVE-2023-48176](CVE-2023/CVE-2023-481xx/CVE-2023-48176.json) (`2023-11-30T20:21:54.850`)
* [CVE-2023-46673](CVE-2023/CVE-2023-466xx/CVE-2023-46673.json) (`2023-11-30T20:22:45.863`)
* [CVE-2023-5047](CVE-2023/CVE-2023-50xx/CVE-2023-5047.json) (`2023-11-30T20:24:29.170`)
* [CVE-2023-48712](CVE-2023/CVE-2023-487xx/CVE-2023-48712.json) (`2023-11-30T20:26:37.460`)
* [CVE-2023-6251](CVE-2023/CVE-2023-62xx/CVE-2023-6251.json) (`2023-11-30T20:26:53.117`)
* [CVE-2023-33706](CVE-2023/CVE-2023-337xx/CVE-2023-33706.json) (`2023-11-30T20:28:16.377`)
* [CVE-2023-5983](CVE-2023/CVE-2023-59xx/CVE-2023-5983.json) (`2023-11-30T20:28:56.663`)
* [CVE-2023-49210](CVE-2023/CVE-2023-492xx/CVE-2023-49210.json) (`2023-11-30T20:30:16.380`)
* [CVE-2023-5972](CVE-2023/CVE-2023-59xx/CVE-2023-5972.json) (`2023-11-30T20:31:31.227`)
* [CVE-2023-48039](CVE-2023/CVE-2023-480xx/CVE-2023-48039.json) (`2023-11-30T20:33:32.313`)
* [CVE-2023-48105](CVE-2023/CVE-2023-481xx/CVE-2023-48105.json) (`2023-11-30T20:33:32.983`)
* [CVE-2023-48090](CVE-2023/CVE-2023-480xx/CVE-2023-48090.json) (`2023-11-30T20:34:31.470`)
* [CVE-2023-6359](CVE-2023/CVE-2023-63xx/CVE-2023-6359.json) (`2023-11-30T20:36:00.537`)
* [CVE-2023-48042](CVE-2023/CVE-2023-480xx/CVE-2023-48042.json) (`2023-11-30T20:36:48.927`)
* [CVE-2023-20241](CVE-2023/CVE-2023-202xx/CVE-2023-20241.json) (`2023-11-30T20:38:54.273`)
* [CVE-2023-47467](CVE-2023/CVE-2023-474xx/CVE-2023-47467.json) (`2023-11-30T20:44:34.303`)
* [CVE-2023-49208](CVE-2023/CVE-2023-492xx/CVE-2023-49208.json) (`2023-11-30T20:47:45.190`)
* [CVE-2023-33202](CVE-2023/CVE-2023-332xx/CVE-2023-33202.json) (`2023-11-30T20:49:49.457`)
* [CVE-2023-47251](CVE-2023/CVE-2023-472xx/CVE-2023-47251.json) (`2023-11-30T20:49:57.593`)
* [CVE-2023-47250](CVE-2023/CVE-2023-472xx/CVE-2023-47250.json) (`2023-11-30T20:55:39.480`)
## Download and Usage