admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-15T17:00:24.874064+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-15 17:00:28 +00:00
parent b14c81df4a
commit 0fb60c1b11
82 changed files with 5476 additions and 4493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1541
CVE-2013/CVE-2013-45xx/CVE-2013-4511.json
View File

File diff suppressed because it is too large Load Diff

1462
CVE-2013/CVE-2013-63xx/CVE-2013-6383.json
View File

File diff suppressed because it is too large Load Diff

1535
CVE-2013/CVE-2013-67xx/CVE-2013-6763.json
View File

File diff suppressed because it is too large Load Diff

54
CVE-2014/CVE-2014-28xx/CVE-2014-2851.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-2851",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-04-14T23:55:07.920",
"lastModified": "2020-08-26T19:43:45.683",
"lastModified": "2023-12-15T15:57:53.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -63,8 +63,42 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.14.1",
"matchCriteriaId": "BCA1B8AC-8CF2-444F-9A49-273B9BBF00BC"
"versionStartIncluding": "3.0",
"versionEndExcluding": "3.2.60",
"matchCriteriaId": "43B40873-52BD-48B6-AC1D-02722B2F628C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.4.92",
"matchCriteriaId": "AB7FAE85-A7F7-403F-B3F8-51D26A7AD5CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5",
"versionEndExcluding": "3.10.41",
"matchCriteriaId": "F679CA52-B924-4498-BD5A-6B52D03EBBAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.12.19",
"matchCriteriaId": "AB10EE4B-C72C-4D4C-AEC7-A8685137AB75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.14.5",
"matchCriteriaId": "80087996-AEE9-4831-B60E-6E022036FF11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B"
}
]
}
@ -87,6 +121,20 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/59386",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/59599",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.debian.org/security/2014/dsa-2926",
"source": "cve@mitre.org",

32
CVE-2019/CVE-2019-148xx/CVE-2019-14835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-14835",
"sourceIdentifier": "secalert@redhat.com",
"published": "2019-09-17T16:15:10.980",
"lastModified": "2023-02-12T23:35:17.573",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T15:29:09.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -109,7 +109,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -167,7 +166,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -203,7 +201,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -229,7 +226,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -250,7 +246,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -541,17 +536,11 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:_steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC7632-843E-44EF-93E8-D3485D04E393"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
@ -571,13 +560,17 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -750,7 +743,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -1038,11 +1030,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://seclists.org/bugtraq/2019/Nov/11",

78
CVE-2020/CVE-2020-126xx/CVE-2020-12612.json
View File

@ -2,23 +2,91 @@
"id": "CVE-2020-12612",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.327",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T16:24:27.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al especificar un programa para elevar, normalmente se puede encontrar dentro de la carpeta Archivos de programa (x86) y, por lo tanto, utiliza la variable de entorno %ProgramFiles(x86)%. Sin embargo, cuando esta misma pol\u00edtica se aplica a una m\u00e1quina de 32 bits, esta variable de entorno no existe. Por lo tanto, dado que el usuario est\u00e1ndar puede crear una variable de entorno a nivel de usuario, puede redirigir esta variable a cualquier carpeta sobre la que el usuario tenga control total. Luego, la estructura de carpetas se puede crear de tal manera que una regla coincida y el c\u00f3digo arbitrario se ejecute elevado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6",
"matchCriteriaId": "0F67CF10-9F8A-4161-9789-AE3C4F6F4C18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-:*:*:*:*:*:*",
"matchCriteriaId": "68575FC2-6FFA-4F05-AD98-D4CD1C1824F0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

78
CVE-2020/CVE-2020-126xx/CVE-2020-12615.json
View File

@ -2,23 +2,91 @@
"id": "CVE-2020-12615",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T13:15:06.820",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T16:04:51.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al agregar el token Agregar administrador a un proceso y especificar que se ejecute con una integridad media y que el usuario sea propietario del proceso, este token de seguridad se puede robar y aplicar a procesos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6",
"matchCriteriaId": "0F67CF10-9F8A-4161-9789-AE3C4F6F4C18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-:*:*:*:*:*:*",
"matchCriteriaId": "68575FC2-6FFA-4F05-AD98-D4CD1C1824F0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-07",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

18
CVE-2022/CVE-2022-271xx/CVE-2022-27140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27140",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-12T17:15:09.887",
"lastModified": "2023-11-07T03:45:17.047",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-15T16:27:15.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:express-fileupload_project:express-fileupload:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8689B1F0-80B3-411B-A8F4-6AF5877B4B12"
"criteria": "cpe:2.3:a:express-fileupload_project:express-fileupload:1.3.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C2BDDDE8-6D13-4146-93A1-0C5D16D85FF2"
}
]
}
@ -95,11 +95,17 @@
"references": [
{
"url": "https://github.com/richardgirges/express-fileupload/issues/312#issuecomment-1134912967",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/richardgirges/express-fileupload/issues/329#issuecomment-1387288644",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=4XpofFi84KI",

65
CVE-2022/CVE-2022-461xx/CVE-2022-46141.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2022-46141",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:10.003",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:25:08.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Portal) (todas las versiones &lt; V19). Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n podr\u00eda permitir a un atacante local obtener acceso a la contrase\u00f1a de nivel de acceso de las CPU SIMATIC S7-1200 y S7-1500, cuando la ingresa un usuario leg\u00edtimo en la configuraci\u00f3n de hardware de la aplicaci\u00f3n afectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19",
"matchCriteriaId": "F77226E4-F3B3-4D3B-B944-17CED48BD73A"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887801.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2022/CVE-2022-485xx/CVE-2022-48502.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48502",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.303",
"lastModified": "2023-07-03T16:15:09.393",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T15:47:33.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -60,8 +60,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858"
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.121",
"matchCriteriaId": "D80EAC0B-0800-4E58-A184-64A1FA7F7EB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.40",
"matchCriteriaId": "69315BCC-36D2-45CD-84F8-381EDF8E38F3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -86,7 +129,11 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0004/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72",

50
CVE-2022/CVE-2022-485xx/CVE-2022-48564.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48564",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.927",
"lastModified": "2023-10-11T23:15:10.140",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T15:56:45.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,15 +56,22 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.7",
"matchCriteriaId": "4EED37C7-A681-40B6-BC79-A47AF7D9C495"
"versionEndExcluding": "3.6.13",
"matchCriteriaId": "BB8842D9-B554-4B83-9E2E-0FAF292E448A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.10",
"matchCriteriaId": "EEB52F35-D464-4C26-A253-1B96B2A4921A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.2",
"matchCriteriaId": "368003C0-1D3C-4A3D-A998-A2406DB72ACB"
"versionEndExcluding": "3.8.7",
"matchCriteriaId": "0B3EA658-770C-4707-814A-494492D8962F"
},
{
"vulnerable": true,
@ -72,11 +79,26 @@
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.1",
"matchCriteriaId": "B6D7EFB7-52A8-4C10-B5F9-6F599F94CDC7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D3A22303-914F-4EB6-9CCE-EE0D5EDB424B"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
}
]
}
@ -96,11 +118,19 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230929-0009/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-486xx/CVE-2022-48615.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48615",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-12-12T08:15:06.937",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:02:28.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:ar617vw_firmware:v300r21c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE4F691-FB18-4844-89A3-D8618650CC8E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:ar617vw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DE91A7-9567-4086-90FC-E13214E61FA6"
}
]
}
]
}
],
"references": [
{
"url": "https://wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-486xx/CVE-2022-48616.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48616",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-12-12T08:15:07.377",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:27:11.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:ar617vw_firmware:v300r21c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE4F691-FB18-4844-89A3-D8618650CC8E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:ar617vw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DE91A7-9567-4086-90FC-E13214E61FA6"
}
]
}
]
}
],
"references": [
{
"url": "https://wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

1262
CVE-2023/CVE-2023-202xx/CVE-2023-20275.json
View File

File diff suppressed because it is too large Load Diff

47
CVE-2023/CVE-2023-21xx/CVE-2023-2163.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2163",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-20T06:15:10.233",
"lastModified": "2023-09-22T02:02:18.047",
"lastModified": "2023-12-15T15:48:16.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,44 +90,37 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "6.3",
"matchCriteriaId": "491F7279-0F8E-413F-9D46-FFEBDBF1DAEA"
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.4.242",
"matchCriteriaId": "9C1E37DC-B08A-4CB0-B689-FE26E2B39375"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.179",
"matchCriteriaId": "3567B8E6-5C31-435F-95D1-6A2BB44CB9D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.109",
"matchCriteriaId": "4C603326-394E-408E-B5E1-011979F7BD9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3583026A-27EC-4A4C-850A-83F2AF970673"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.26",
"matchCriteriaId": "23989D73-416D-4C1B-8D9D-2A43A43DA115"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DC271202-7570-4505-89A4-D602D47BFD00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D413BB6D-4F74-4C7D-9163-47786619EF53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "F4D613FB-9976-4989-8C4A-567773373CEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B1240A34-749A-49F5-B8DD-C09441AD2228"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2.13",
"matchCriteriaId": "BFF8B56C-0201-4D6A-901E-C9C643C04FF6"
}
]
}

78
CVE-2023/CVE-2023-284xx/CVE-2023-28465.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-28465",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.770",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T16:35:16.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057."
},
{
"lang": "es",
"value": "La funci\u00f3n de descompresi\u00f3n de paquetes en HL7 (Nivel de salud 7) FHIR Core Libraries anteriores a 5.6.106 permite a los atacantes copiar archivos arbitrarios a ciertos directorios a trav\u00e9s de directory traversal, si un nombre de directorio permitido es una subcadena del nombre del directorio elegido por el atacante. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2023-24057."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hapifhir:hl7_fhir_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6.106",
"matchCriteriaId": "1F3E9C93-63BA-4093-87C5-5D91722A1C50"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-9654-pr4f-gh6m",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.smilecdr.com/our-blog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

121
CVE-2023/CVE-2023-356xx/CVE-2023-35639.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35639",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.643",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:08:40.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador ODBC de Microsoft"
}
],
"metrics": {
@ -34,10 +38,121 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6529",
"matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

121
CVE-2023/CVE-2023-356xx/CVE-2023-35641.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35641",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.823",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:08:55.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Internet Connection Sharing (ICS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de conexi\u00f3n compartida a Internet (ICS)"
}
],
"metrics": {
@ -34,10 +38,121 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6529",
"matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

121
CVE-2023/CVE-2023-356xx/CVE-2023-35642.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35642",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.993",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:09:31.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Internet Connection Sharing (ICS) Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de conexi\u00f3n compartida a Internet (ICS)"
}
],
"metrics": {
@ -34,10 +38,121 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6529",
"matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35642",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-356xx/CVE-2023-35643.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35643",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:20.263",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:09:45.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del servicio del servidor DHCP"
}
],
"metrics": {
@ -34,10 +38,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-356xx/CVE-2023-35644.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35644",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:20.517",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:10:04.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Sysmain Service Elevation of Privilege"
},
{
"lang": "es",
"value": "Elevaci\u00f3n de privilegios del Servicio Windows Sysmain"
}
],
"metrics": {
@ -34,10 +38,84 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35644",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-35xx/CVE-2023-3511.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3511",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:43.053",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416961",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2046752",
"source": "cve@gitlab.com"
}
]
}

67
CVE-2023/CVE-2023-384xx/CVE-2023-38428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38428",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-18T00:15:09.577",
"lastModified": "2023-08-31T19:15:10.410",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T15:47:05.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,8 +56,63 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.113",
"matchCriteriaId": "75B3BF61-F56C-4BD7-94AF-50E17A4AA732"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.30",
"matchCriteriaId": "E9430E62-03EA-42E6-9E5E-BD1D5124D107"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.3.4",
"matchCriteriaId": "AB636222-53A9-4558-A34C-B51C1F056730"
"matchCriteriaId": "26C54BF0-3EED-46D4-92A7-5F07F658B49B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -81,7 +136,11 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0001/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

54
CVE-2023/CVE-2023-384xx/CVE-2023-38431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38431",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-18T00:15:09.707",
"lastModified": "2023-08-24T19:15:39.913",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T15:46:35.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,8 +56,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "6.1.34",
"matchCriteriaId": "4F5A5D4B-4F1F-455D-8917-7785595FACF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.3.8",
"matchCriteriaId": "733A9846-73C9-4358-B8ED-2560AEC047D2"
"matchCriteriaId": "7F3A71BC-4CD9-4F21-A84B-E615C990B4ED"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -81,7 +124,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0011/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-39xx/CVE-2023-3904.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3904",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:43.387",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418226",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2053154",
"source": "cve@gitlab.com"
}
]
}

44
CVE-2023/CVE-2023-443xx/CVE-2023-44362.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44362",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T12:15:07.363",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-15T15:02:07.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:prelude:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.6",
"matchCriteriaId": "4CAA3A29-841A-42A2-BE0A-C0422F0B4B28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/prelude/apsb23-67.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-461xx/CVE-2023-46116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46116",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T14:15:14.633",
"lastModified": "2023-12-15T14:15:14.633",
"vulnStatus": "Received",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

85
CVE-2023/CVE-2023-462xx/CVE-2023-46283.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46283",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.067",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:42:12.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones &lt; V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones "
}
],
"metrics": {
@ -46,10 +50,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1",
"matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "15",
"matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15",
"versionEndExcluding": "16",
"matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16",
"versionEndExcluding": "17",
"matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"versionEndExcluding": "18",
"matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
"matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*",
"matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-462xx/CVE-2023-46284.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46284",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.273",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:47:16.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones &lt; V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones "
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1",
"matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "15",
"matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15",
"versionEndExcluding": "16",
"matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16",
"versionEndExcluding": "17",
"matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"versionEndExcluding": "18",
"matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
"matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*",
"matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-462xx/CVE-2023-46285.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46285",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.477",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:55:59.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones &lt; V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones "
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1",
"matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "15",
"matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15",
"versionEndExcluding": "16",
"matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16",
"versionEndExcluding": "17",
"matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"versionEndExcluding": "18",
"matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
"matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*",
"matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-470xx/CVE-2023-47061.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47061",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:07.897",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-15T15:03:10.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 3.4.10 y anteriores de Adobe Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.11",
"matchCriteriaId": "1B11A01E-250A-4D61-987B-FC5E53A0F36C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-470xx/CVE-2023-47062.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47062",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:08.147",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-15T15:03:45.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 3.4.10 y anteriores de Adobe Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +70,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.11",
"matchCriteriaId": "1B11A01E-250A-4D61-987B-FC5E53A0F36C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-470xx/CVE-2023-47078.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47078",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:08.400",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-15T15:05:06.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 3.4.10 y anteriores de Adobe Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.11",
"matchCriteriaId": "1B11A01E-250A-4D61-987B-FC5E53A0F36C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-470xx/CVE-2023-47079.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47079",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:08.680",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-15T15:05:29.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 3.4.10 y anteriores de Adobe Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.11",
"matchCriteriaId": "1B11A01E-250A-4D61-987B-FC5E53A0F36C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-470xx/CVE-2023-47080.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47080",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:43.763",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:06:17.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2.1.1 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.1",
"matchCriteriaId": "B5BB288F-C779-4ABA-A2D6-46634A31BD7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-470xx/CVE-2023-47081.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47081",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:43.963",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:06:41.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2.1.1 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.1",
"matchCriteriaId": "B5BB288F-C779-4ABA-A2D6-46634A31BD7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-472xx/CVE-2023-47271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47271",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T00:15:09.317",
"lastModified": "2023-11-14T15:22:23.650",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-15T16:15:43.587",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176255/PKP-WAL-3.4.0-3-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pkp/pkp-lib/issues/9464",
"source": "cve@mitre.org",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T14:15:14.853",
"lastModified": "2023-12-15T14:15:14.853",
"vulnStatus": "Received",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-491xx/CVE-2023-49159.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49159",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:43.710",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/commentluv/wordpress-commentluv-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-491xx/CVE-2023-49160.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49160",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T14:15:15.047",
"lastModified": "2023-12-15T14:15:15.047",
"vulnStatus": "Received",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-491xx/CVE-2023-49165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49165",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T14:15:15.240",
"lastModified": "2023-12-15T14:15:15.240",
"vulnStatus": "Received",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-491xx/CVE-2023-49169.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49169",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:07.683",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ads-by-datafeedrcom/wordpress-ads-by-datafeedr-com-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49170.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49170",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:07.890",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm \u2013 Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm \u2013 Form Builder for WordPress: from n/a through 2.5.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/captainform/wordpress-forms-by-captainform-form-builder-for-wordpress-plugin-2-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49174.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49174",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.090",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/responsive-lightbox/wordpress-responsive-lightbox-plugin-2-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49175.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49175",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.287",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kp-fastest-tawk-to-chat/wordpress-kp-fastest-tawk-to-chat-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49176.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49176",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.483",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-pocket-urls/wordpress-wp-pocket-urls-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49177.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49177",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.667",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/which-template-file/wordpress-which-template-file-plugin-4-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49178.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49178",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.857",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hdw-player-video-player-video-gallery/wordpress-hdw-player-plugin-video-player-video-gallery-plugin-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49179.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49179",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.043",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/event-post/wordpress-event-post-plugin-5-8-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49180.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49180",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.240",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/automatic-youtube-video-posts/wordpress-automatic-youtube-video-posts-plugin-plugin-5-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49181.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49181",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.430",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49182.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49182",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.620",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/list-all-posts-by-authors-nested-categories-and-titles/wordpress-list-all-posts-by-authors-nested-categories-and-title-plugin-2-7-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49183.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49183",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.817",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/social-networks-auto-poster-facebook-twitter-g/wordpress-nextscripts-social-networks-auto-poster-plugin-4-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49184.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49184",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.013",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/parallax-slider-block/wordpress-parallax-slider-block-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49185.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49185",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.207",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-wp-woocommerce-search-plugin-2-0-33-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49187.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49187",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.403",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/adifier/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49188.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49188",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.600",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/track-geolocation-of-users-using-contact-form-7/wordpress-track-geolocation-of-users-using-contact-form-7-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49189.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49189",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:43.913",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: from n/a through 4.3.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-share-buttons-analytics-by-getsocial/wordpress-social-share-buttons-analytics-plugin-getsocial-io-plugin-4-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49190.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49190",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:44.120",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/site-offline/wordpress-site-offline-or-coming-soon-or-maintenance-mode-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49191.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49191",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:44.320",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gdpr-compliance-by-supsystic/wordpress-gdpr-cookie-consent-by-supsystic-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49197.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49197",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:44.510",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dofollow-case-by-case/wordpress-dofollow-case-by-case-plugin-3-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2023/CVE-2023-495xx/CVE-2023-49583.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49583",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.920",
"lastModified": "2023-12-14T19:36:00.030",
"lastModified": "2023-12-15T15:28:14.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:sap:\\@sap\\/xssec:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "3.6.0",
"matchCriteriaId": "25DBD412-2F7D-45F1-B7C4-8A4237BD602E"
"matchCriteriaId": "35C3039E-0874-46B3-9271-1BDCA439BCBB"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49744.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49744",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:44.707",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gift-up/wordpress-gift-up-gift-cards-for-wordpress-and-woocommerce-plugin-2-21-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49747.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49747",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:44.903",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/guest-author/wordpress-guest-author-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49749.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49749",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:45.090",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers \u2013 Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers \u2013 Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49767.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:45.280",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/biteship/wordpress-biteship-plugin-2-2-22-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

14
CVE-2023/CVE-2023-497xx/CVE-2023-49786.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49786",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T20:15:52.927",
"lastModified": "2023-12-14T22:44:49.057",
"lastModified": "2023-12-15T16:15:45.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anteriores a las versiones 18.20.1, 20.5.1 y 21.0.1; as\u00ed como certificado-asterisco anterior a 18.9-cert6; Asterisk es susceptible a un DoS debido a una condici\u00f3n de ejecuci\u00f3n en la fase \"hello handshake\" del protocolo DTLS cuando maneja DTLS-SRTP para la configuraci\u00f3n de medios. Este ataque se puede realizar de forma continua, negando as\u00ed nuevas llamadas cifradas DTLS-SRTP durante el ataque. El abuso de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio masiva en servidores Asterisk vulnerables para llamadas que dependen de DTLS-SRTP. El commit d7d7764cb07c8a1872804321302ef93bf62cba05 contiene una soluci\u00f3n, que forma parte de las versiones 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": {
@ -47,6 +51,14 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html",
"source": "security-advisories@github.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"source": "security-advisories@github.com"

55
CVE-2023/CVE-2023-498xx/CVE-2023-49823.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49823",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:45.547",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49829.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49829",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:45.740",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS \u2013 eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS \u2013 eLearning and online course solution: from n/a through 2.2.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

75
CVE-2023/CVE-2023-49xx/CVE-2023-4932.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4932",
"sourceIdentifier": "cvd@cert.pl",
"published": "2023-12-12T10:15:10.483",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:11:06.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions\u00a09.4_M7 and\u00a09.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. \n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n SAS es vulnerable a Cross-Site Scripting (XSS) Reflejado. La validaci\u00f3n de entrada incorrecta en el par\u00e1metro `_program` del endpoint `/SASStoredProcess/do` permite que se ejecute JavaScript arbitrario cuando un usuario autenticado abre una URL especialmente manipulada. El ataque es posible por parte de un usuario con pocos privilegios. Solo se probaron las versiones 9.4_M7 y 9.4_M8 y se confirm\u00f3 que eran vulnerables; se desconoce el estado de las dem\u00e1s. Para las versiones mencionadas anteriormente se publicaron revisiones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -46,18 +80,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sas:integration_technologies:9.4:m7:*:*:*:*:*:*",
"matchCriteriaId": "34C561C2-B769-4F21-9D30-057F96599F5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sas:integration_technologies:9.4:m8:*:*:*:*:*:*",
"matchCriteriaId": "8A55599A-5822-4EF7-981A-9EF637B316D7"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-4932/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2023/12/CVE-2023-4932/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.sas.com/kb/70/265.html",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-49xx/CVE-2023-4958.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4958",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-12T10:15:10.853",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T15:24:03.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions."
},
{
"lang": "es",
"value": "En Red Hat Advanced Cluster Security (RHACS), se descubri\u00f3 que faltaban algunos encabezados HTTP relacionados con la seguridad, lo que permit\u00eda a un atacante explotar esto con un ataque de clickjacking. Un atacante podr\u00eda aprovechar esto convenciendo a un usuario v\u00e1lido de RHACS para que visite una p\u00e1gina web controlada por el atacante, que apunta enga\u00f1osamente a endpoints de RHACS v\u00e1lidos, secuestrando los permisos de la cuenta del usuario para realizar otras acciones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD736A-8730-446A-BA3A-7B608DB62B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:kubernates:*:*",
"matchCriteriaId": "0FB56EBE-BCC0-4833-82B3-D5EFC50A7E65"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:5206",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4958",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

10
CVE-2023/CVE-2023-504xx/CVE-2023-50422.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50422",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.587",
"lastModified": "2023-12-14T19:04:59.677",
"lastModified": "2023-12-15T16:53:13.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,16 +79,16 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:sap:cloud-security-services-integration-library:*:*:*:*:*:java:*:*",
"versionEndExcluding": "2.17.0",
"matchCriteriaId": "C15B0C1E-C64B-4F01-8465-24BD6DB6A0BA"
"matchCriteriaId": "EA00D38E-621A-4114-8F4F-F0AA3C41E88F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:sap:cloud-security-services-integration-library:*:*:*:*:*:java:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.3.0",
"matchCriteriaId": "9B846878-8BDA-4364-B1FC-928B6F92C869"
"matchCriteriaId": "4C7EE7BE-CA31-4B97-B455-41F66AEE85E9"
}
]
}

6
CVE-2023/CVE-2023-504xx/CVE-2023-50423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50423",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.797",
"lastModified": "2023-12-14T17:48:27.037",
"lastModified": "2023-12-15T16:53:22.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:sap:sap-xssec:*:*:*:*:*:python:*:*",
"versionEndExcluding": "4.1.0",
"matchCriteriaId": "16F8EF4D-E500-4F8D-8F74-549EB05A8BB4"
"matchCriteriaId": "3C039268-10BB-42CF-90A5-7E88DAA2193A"
}
]
}

6
CVE-2023/CVE-2023-504xx/CVE-2023-50424.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50424",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T03:15:07.100",
"lastModified": "2023-12-14T17:44:34.810",
"lastModified": "2023-12-15T16:53:04.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:sap:cloud-security-client-go:*:*:*:*:*:go:*:*",
"versionEndExcluding": "0.17.0",
"matchCriteriaId": "9C630555-6CC1-475D-A296-8C39B59C4AF1"
"matchCriteriaId": "9E58812A-D3A2-472D-83CB-845CF37A37AF"
}
]
}

4
CVE-2023/CVE-2023-508xx/CVE-2023-50870.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50870",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2023-12-15T14:15:15.453",
"lastModified": "2023-12-15T14:15:15.453",
"vulnStatus": "Received",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-508xx/CVE-2023-50871.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50871",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2023-12-15T14:15:15.713",
"lastModified": "2023-12-15T14:15:15.713",
"vulnStatus": "Received",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-50xx/CVE-2023-5061.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5061",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:45.930",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425521",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2125189",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-53xx/CVE-2023-5310.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5310",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-12-15T16:15:46.117",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases",
"source": "product-security@silabs.com"
},
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1",
"source": "product-security@silabs.com"
}
]
}

59
CVE-2023/CVE-2023-55xx/CVE-2023-5512.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5512",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:46.300",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427827",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2194607",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-60xx/CVE-2023-6051.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6051",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:46.490",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431345",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2237165",
"source": "cve@gitlab.com"
}
]
}

55
CVE-2023/CVE-2023-66xx/CVE-2023-6680.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6680",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:46.737",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421607",
"source": "cve@gitlab.com"
}
]
}

93
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-15T15:00:26.247685+00:00
2023-12-15T17:00:24.874064+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-15T14:49:29.267000+00:00
2023-12-15T16:53:57.570000+00:00
```
### Last Data Feed Release
@ -29,52 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233475
233509
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `34`
* [CVE-2023-30867](CVE-2023/CVE-2023-308xx/CVE-2023-30867.json) (`2023-12-15T13:15:07.223`)
* [CVE-2023-49898](CVE-2023/CVE-2023-498xx/CVE-2023-49898.json) (`2023-12-15T13:15:07.330`)
* [CVE-2023-46116](CVE-2023/CVE-2023-461xx/CVE-2023-46116.json) (`2023-12-15T14:15:14.633`)
* [CVE-2023-48765](CVE-2023/CVE-2023-487xx/CVE-2023-48765.json) (`2023-12-15T14:15:14.853`)
* [CVE-2023-49160](CVE-2023/CVE-2023-491xx/CVE-2023-49160.json) (`2023-12-15T14:15:15.047`)
* [CVE-2023-49165](CVE-2023/CVE-2023-491xx/CVE-2023-49165.json) (`2023-12-15T14:15:15.240`)
* [CVE-2023-50870](CVE-2023/CVE-2023-508xx/CVE-2023-50870.json) (`2023-12-15T14:15:15.453`)
* [CVE-2023-50871](CVE-2023/CVE-2023-508xx/CVE-2023-50871.json) (`2023-12-15T14:15:15.713`)
* [CVE-2023-49181](CVE-2023/CVE-2023-491xx/CVE-2023-49181.json) (`2023-12-15T15:15:09.430`)
* [CVE-2023-49182](CVE-2023/CVE-2023-491xx/CVE-2023-49182.json) (`2023-12-15T15:15:09.620`)
* [CVE-2023-49183](CVE-2023/CVE-2023-491xx/CVE-2023-49183.json) (`2023-12-15T15:15:09.817`)
* [CVE-2023-49184](CVE-2023/CVE-2023-491xx/CVE-2023-49184.json) (`2023-12-15T15:15:10.013`)
* [CVE-2023-49185](CVE-2023/CVE-2023-491xx/CVE-2023-49185.json) (`2023-12-15T15:15:10.207`)
* [CVE-2023-49187](CVE-2023/CVE-2023-491xx/CVE-2023-49187.json) (`2023-12-15T15:15:10.403`)
* [CVE-2023-49188](CVE-2023/CVE-2023-491xx/CVE-2023-49188.json) (`2023-12-15T15:15:10.600`)
* [CVE-2023-3511](CVE-2023/CVE-2023-35xx/CVE-2023-3511.json) (`2023-12-15T16:15:43.053`)
* [CVE-2023-3904](CVE-2023/CVE-2023-39xx/CVE-2023-3904.json) (`2023-12-15T16:15:43.387`)
* [CVE-2023-49159](CVE-2023/CVE-2023-491xx/CVE-2023-49159.json) (`2023-12-15T16:15:43.710`)
* [CVE-2023-49189](CVE-2023/CVE-2023-491xx/CVE-2023-49189.json) (`2023-12-15T16:15:43.913`)
* [CVE-2023-49190](CVE-2023/CVE-2023-491xx/CVE-2023-49190.json) (`2023-12-15T16:15:44.120`)
* [CVE-2023-49191](CVE-2023/CVE-2023-491xx/CVE-2023-49191.json) (`2023-12-15T16:15:44.320`)
* [CVE-2023-49197](CVE-2023/CVE-2023-491xx/CVE-2023-49197.json) (`2023-12-15T16:15:44.510`)
* [CVE-2023-49744](CVE-2023/CVE-2023-497xx/CVE-2023-49744.json) (`2023-12-15T16:15:44.707`)
* [CVE-2023-49747](CVE-2023/CVE-2023-497xx/CVE-2023-49747.json) (`2023-12-15T16:15:44.903`)
* [CVE-2023-49749](CVE-2023/CVE-2023-497xx/CVE-2023-49749.json) (`2023-12-15T16:15:45.090`)
* [CVE-2023-49767](CVE-2023/CVE-2023-497xx/CVE-2023-49767.json) (`2023-12-15T16:15:45.280`)
* [CVE-2023-49823](CVE-2023/CVE-2023-498xx/CVE-2023-49823.json) (`2023-12-15T16:15:45.547`)
* [CVE-2023-49829](CVE-2023/CVE-2023-498xx/CVE-2023-49829.json) (`2023-12-15T16:15:45.740`)
* [CVE-2023-5061](CVE-2023/CVE-2023-50xx/CVE-2023-5061.json) (`2023-12-15T16:15:45.930`)
* [CVE-2023-5310](CVE-2023/CVE-2023-53xx/CVE-2023-5310.json) (`2023-12-15T16:15:46.117`)
* [CVE-2023-5512](CVE-2023/CVE-2023-55xx/CVE-2023-5512.json) (`2023-12-15T16:15:46.300`)
* [CVE-2023-6051](CVE-2023/CVE-2023-60xx/CVE-2023-6051.json) (`2023-12-15T16:15:46.490`)
* [CVE-2023-6680](CVE-2023/CVE-2023-66xx/CVE-2023-6680.json) (`2023-12-15T16:15:46.737`)
### CVEs modified in the last Commit
Recently modified CVEs: `245`
Recently modified CVEs: `47`
* [CVE-2023-48381](CVE-2023/CVE-2023-483xx/CVE-2023-48381.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48382](CVE-2023/CVE-2023-483xx/CVE-2023-48382.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48384](CVE-2023/CVE-2023-483xx/CVE-2023-48384.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48387](CVE-2023/CVE-2023-483xx/CVE-2023-48387.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48388](CVE-2023/CVE-2023-483xx/CVE-2023-48388.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48389](CVE-2023/CVE-2023-483xx/CVE-2023-48389.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48390](CVE-2023/CVE-2023-483xx/CVE-2023-48390.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48392](CVE-2023/CVE-2023-483xx/CVE-2023-48392.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48393](CVE-2023/CVE-2023-483xx/CVE-2023-48393.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48394](CVE-2023/CVE-2023-483xx/CVE-2023-48394.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-48395](CVE-2023/CVE-2023-483xx/CVE-2023-48395.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-6835](CVE-2023/CVE-2023-68xx/CVE-2023-6835.json) (`2023-12-15T13:42:13.817`)
* [CVE-2023-49143](CVE-2023/CVE-2023-491xx/CVE-2023-49143.json) (`2023-12-15T13:46:23.807`)
* [CVE-2023-49713](CVE-2023/CVE-2023-497xx/CVE-2023-49713.json) (`2023-12-15T13:55:11.097`)
* [CVE-2023-48227](CVE-2023/CVE-2023-482xx/CVE-2023-48227.json) (`2023-12-15T14:07:29.693`)
* [CVE-2023-6756](CVE-2023/CVE-2023-67xx/CVE-2023-6756.json) (`2023-12-15T14:07:50.217`)
* [CVE-2023-6757](CVE-2023/CVE-2023-67xx/CVE-2023-6757.json) (`2023-12-15T14:08:46.667`)
* [CVE-2023-49695](CVE-2023/CVE-2023-496xx/CVE-2023-49695.json) (`2023-12-15T14:17:40.347`)
* [CVE-2023-49584](CVE-2023/CVE-2023-495xx/CVE-2023-49584.json) (`2023-12-15T14:26:47.663`)
* [CVE-2023-48641](CVE-2023/CVE-2023-486xx/CVE-2023-48641.json) (`2023-12-15T14:28:15.560`)
* [CVE-2023-49578](CVE-2023/CVE-2023-495xx/CVE-2023-49578.json) (`2023-12-15T14:32:38.473`)
* [CVE-2023-6593](CVE-2023/CVE-2023-65xx/CVE-2023-6593.json) (`2023-12-15T14:38:03.057`)
* [CVE-2023-6727](CVE-2023/CVE-2023-67xx/CVE-2023-6727.json) (`2023-12-15T14:43:08.920`)
* [CVE-2023-46219](CVE-2023/CVE-2023-462xx/CVE-2023-46219.json) (`2023-12-15T14:49:07.260`)
* [CVE-2023-42479](CVE-2023/CVE-2023-424xx/CVE-2023-42479.json) (`2023-12-15T14:49:29.267`)
* [CVE-2023-35642](CVE-2023/CVE-2023-356xx/CVE-2023-35642.json) (`2023-12-15T15:09:31.000`)
* [CVE-2023-35643](CVE-2023/CVE-2023-356xx/CVE-2023-35643.json) (`2023-12-15T15:09:45.080`)
* [CVE-2023-35644](CVE-2023/CVE-2023-356xx/CVE-2023-35644.json) (`2023-12-15T15:10:04.680`)
* [CVE-2023-4932](CVE-2023/CVE-2023-49xx/CVE-2023-4932.json) (`2023-12-15T15:11:06.570`)
* [CVE-2023-4958](CVE-2023/CVE-2023-49xx/CVE-2023-4958.json) (`2023-12-15T15:24:03.380`)
* [CVE-2023-46116](CVE-2023/CVE-2023-461xx/CVE-2023-46116.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-48765](CVE-2023/CVE-2023-487xx/CVE-2023-48765.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-49160](CVE-2023/CVE-2023-491xx/CVE-2023-49160.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-49165](CVE-2023/CVE-2023-491xx/CVE-2023-49165.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-50870](CVE-2023/CVE-2023-508xx/CVE-2023-50870.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-50871](CVE-2023/CVE-2023-508xx/CVE-2023-50871.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-49583](CVE-2023/CVE-2023-495xx/CVE-2023-49583.json) (`2023-12-15T15:28:14.160`)
* [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2023-12-15T15:42:12.763`)
* [CVE-2023-38431](CVE-2023/CVE-2023-384xx/CVE-2023-38431.json) (`2023-12-15T15:46:35.903`)
* [CVE-2023-38428](CVE-2023/CVE-2023-384xx/CVE-2023-38428.json) (`2023-12-15T15:47:05.687`)
* [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2023-12-15T15:47:16.727`)
* [CVE-2023-2163](CVE-2023/CVE-2023-21xx/CVE-2023-2163.json) (`2023-12-15T15:48:16.843`)
* [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2023-12-15T15:55:59.337`)
* [CVE-2023-47271](CVE-2023/CVE-2023-472xx/CVE-2023-47271.json) (`2023-12-15T16:15:43.587`)
* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-15T16:15:45.467`)
* [CVE-2023-28465](CVE-2023/CVE-2023-284xx/CVE-2023-28465.json) (`2023-12-15T16:35:16.623`)
* [CVE-2023-50424](CVE-2023/CVE-2023-504xx/CVE-2023-50424.json) (`2023-12-15T16:53:04.417`)
* [CVE-2023-50422](CVE-2023/CVE-2023-504xx/CVE-2023-50422.json) (`2023-12-15T16:53:13.697`)
* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-15T16:53:22.867`)
* [CVE-2023-20275](CVE-2023/CVE-2023-202xx/CVE-2023-20275.json) (`2023-12-15T16:53:57.570`)
## Download and Usage