admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-21T05:00:24.690522+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-21 05:00:28 +00:00
parent afd242a537
commit 12869910ff
69 changed files with 2122 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2014/CVE-2014-51xx/CVE-2014-5171.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-5171",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-07-31T14:55:04.097",
"lastModified": "2018-10-09T19:49:59.507",
"lastModified": "2023-12-21T04:14:54.460",
"vulnStatus": "Modified",
"descriptions": [
{
@ -62,8 +62,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "762A125B-1CB1-4889-B147-EC49441548C5"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF40963-C288-484C-9EB0-84E3FC84127E"
}
]
}

6
CVE-2014/CVE-2014-51xx/CVE-2014-5173.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-5173",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-07-31T14:55:04.190",
"lastModified": "2018-10-09T19:50:01.053",
"lastModified": "2023-12-21T04:14:54.460",
"vulnStatus": "Modified",
"descriptions": [
{
@ -62,8 +62,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "762A125B-1CB1-4889-B147-EC49441548C5"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF40963-C288-484C-9EB0-84E3FC84127E"
}
]
}

6
CVE-2015/CVE-2015-13xx/CVE-2015-1311.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-1311",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-01-22T16:59:07.497",
"lastModified": "2018-12-10T19:29:06.843",
"lastModified": "2023-12-21T04:14:54.460",
"vulnStatus": "Modified",
"descriptions": [
{
@ -62,8 +62,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "762A125B-1CB1-4889-B147-EC49441548C5"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF40963-C288-484C-9EB0-84E3FC84127E"
}
]
}

6
CVE-2017/CVE-2017-166xx/CVE-2017-16680.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-16680",
"sourceIdentifier": "cna@sap.com",
"published": "2017-12-12T14:29:00.280",
"lastModified": "2018-01-04T18:46:33.917",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2372.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2372",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.453",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2373.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2373",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.483",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2374.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2374",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.547",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2375.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2375",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.593",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2376.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2376",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.657",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2377.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2377",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.703",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2378.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2378",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.750",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

6
CVE-2018/CVE-2018-23xx/CVE-2018-2379.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2379",
"sourceIdentifier": "cna@sap.com",
"published": "2018-02-14T12:29:00.813",
"lastModified": "2019-10-03T00:03:26.223",
"lastModified": "2023-12-21T04:21:18.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:hana_extend_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DE99A9-775B-41C3-9322-E47491AB90E0"
"criteria": "cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F314AEB2-7F5C-4CD8-8DD5-359B75FCD9C5"
}
]
}

9
CVE-2022/CVE-2022-253xx/CVE-2022-25319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25319",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T06:15:10.507",
"lastModified": "2023-10-30T22:15:09.067",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:14:46.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,7 +104,10 @@
},
{
"url": "https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/",

9
CVE-2022/CVE-2022-253xx/CVE-2022-25320.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25320",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T06:15:10.543",
"lastModified": "2023-10-30T22:15:09.133",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:15:47.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,7 +104,10 @@
},
{
"url": "https://zigrin.com/advisories/cerebrate-username-enumeration/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2022/CVE-2022-253xx/CVE-2022-25321.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25321",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T06:15:10.587",
"lastModified": "2023-10-30T22:15:09.183",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:15:42.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -112,7 +112,10 @@
},
{
"url": "https://zigrin.com/advisories/cerebrate-cross-site-scripting-xss-in-bookmarks/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/",

9
CVE-2022/CVE-2022-295xx/CVE-2022-29528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29528",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.417",
"lastModified": "2023-10-30T22:15:09.240",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:15:37.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -120,7 +120,10 @@
},
{
"url": "https://zigrin.com/advisories/misp-phar-deserialization/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-exploring-the-phar-deserialization-php-vulnerability-a-white-box-testing-example/",

9
CVE-2022/CVE-2022-295xx/CVE-2022-29530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29530",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.513",
"lastModified": "2023-10-30T22:15:09.353",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:15:33.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -112,7 +112,10 @@
},
{
"url": "https://zigrin.com/advisories/misp-stored-xss-in-the-galaxy-clusters/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",

9
CVE-2022/CVE-2022-295xx/CVE-2022-29531.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29531",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.557",
"lastModified": "2023-10-30T22:15:09.407",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:15:27.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -112,7 +112,10 @@
},
{
"url": "https://zigrin.com/advisories/misp-stored-xss-in-the-event-graph/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",

9
CVE-2022/CVE-2022-295xx/CVE-2022-29533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29533",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.643",
"lastModified": "2023-10-30T22:15:09.540",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:15:06.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -112,7 +112,10 @@
},
{
"url": "https://zigrin.com/advisories/misp-xss-in-app-controller-organisationscontroller-php/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

16
CVE-2022/CVE-2022-341xx/CVE-2022-34195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34195",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.857",
"lastModified": "2023-10-25T18:17:07.940",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:19:52.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-341xx/CVE-2022-34196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34196",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.920",
"lastModified": "2023-10-25T18:17:07.997",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:19:57.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-341xx/CVE-2022-34197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34197",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.990",
"lastModified": "2023-10-25T18:17:08.050",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:20:10.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2022/CVE-2022-341xx/CVE-2022-34198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34198",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.107",
"lastModified": "2023-10-25T18:17:08.107",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:19:28.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

16
CVE-2022/CVE-2022-347xx/CVE-2022-34777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34777",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:09.543",
"lastModified": "2023-10-25T18:17:09.027",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:19:33.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34778.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34778",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:09.747",
"lastModified": "2023-10-25T18:17:09.100",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:19:36.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34783",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.577",
"lastModified": "2023-10-25T18:17:09.400",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:18:55.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34784",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.747",
"lastModified": "2023-10-25T18:17:09.453",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:18:59.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34786",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.140",
"lastModified": "2023-10-25T18:17:09.577",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:19:05.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2022/CVE-2022-347xx/CVE-2022-34787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34787",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.333",
"lastModified": "2023-10-25T18:17:09.633",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:18:25.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

16
CVE-2022/CVE-2022-347xx/CVE-2022-34788.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34788",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.507",
"lastModified": "2023-10-25T18:17:09.690",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:18:36.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34791",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.070",
"lastModified": "2023-10-25T18:17:09.877",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:18:42.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2023/CVE-2023-19xx/CVE-2023-1909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1909",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-07T17:15:08.287",
"lastModified": "2023-11-14T21:58:08.407",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T04:01:22.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-19xx/CVE-2023-1948.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1948",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-08T08:15:07.033",
"lastModified": "2023-11-14T21:58:08.407",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T04:01:19.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-19xx/CVE-2023-1949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1949",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-08T08:15:07.237",
"lastModified": "2023-11-14T21:58:08.407",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T04:01:11.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -120,7 +120,7 @@
"url": "https://vuldb.com/?ctiid.225336",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
"Permissions Required"
]
},
{

4
CVE-2023/CVE-2023-19xx/CVE-2023-1950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1950",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-08T08:15:07.303",
"lastModified": "2023-11-14T21:58:08.407",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T04:01:16.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-19xx/CVE-2023-1963.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1963",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-09T08:15:07.623",
"lastModified": "2023-11-14T22:28:17.220",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T04:01:03.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-19xx/CVE-2023-1964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1964",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-09T09:15:07.077",
"lastModified": "2023-11-14T22:28:17.220",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T04:00:50.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

9
CVE-2023/CVE-2023-269xx/CVE-2023-26958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26958",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-27T14:15:07.947",
"lastModified": "2023-11-14T21:31:54.263",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:58:54.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,7 +66,10 @@
"references": [
{
"url": "https://medium.com/%40shiva.infocop/stored-xss-park-ticketing-management-system-phpgurukul-893583dc2e20",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-269xx/CVE-2023-26959.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26959",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-27T14:15:07.987",
"lastModified": "2023-11-14T21:31:54.263",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:58:34.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,7 +66,10 @@
"references": [
{
"url": "https://medium.com/%40shiva.infocop/authentication-bypass-park-ticketing-management-system-phpgurukul-427045159c05",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-292xx/CVE-2023-29234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29234",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-15T09:15:07.380",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:48:31.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Exist\u00eda una vulnerabilidad de deserializaci\u00f3n al decodificar un paquete malicioso. Este problema afecta a Apache Dubbo: desde 3.1.0 hasta 3.1.10, desde 3.2.0 hasta 3.2.4. Se recomienda a los usuarios que actualicen a la \u00faltima versi\u00f3n, lo que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,14 +50,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndIncluding": "3.1.10",
"matchCriteriaId": "90144295-4896-4CC2-B290-39F6830432D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "9EC0F851-B214-47EE-BCE0-20CC670C0F8C"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/wb2df2whkdnbgp54nnqn0m94rllx8f77",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

15
CVE-2023/CVE-2023-335xx/CVE-2023-33580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33580",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T16:15:09.637",
"lastModified": "2023-11-14T22:07:14.687",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:58:45.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,10 @@
},
{
"url": "https://github.com/sudovivek/CVE/blob/main/CVE-2023-33580/CVE-2023-33580.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/student-study-center-management-system-using-php-and-mysql/",
@ -86,7 +89,11 @@
},
{
"url": "https://www.exploit-db.com/exploits/51528",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

9
CVE-2023/CVE-2023-369xx/CVE-2023-36936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36936",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-10T18:15:10.897",
"lastModified": "2023-11-14T22:21:38.423",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:58:40.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,7 +66,10 @@
"references": [
{
"url": "https://medium.com/%40ridheshgohil1092/cve-2023-36936-xss-online-security-guards-hiring-system-773f394f6117",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://packetstormsecurity.com",

13
CVE-2023/CVE-2023-369xx/CVE-2023-36940.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36940",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-10T18:15:11.013",
"lastModified": "2023-11-14T21:06:31.947",
"vulnStatus": "Modified",
"lastModified": "2023-12-21T03:58:37.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,13 +66,18 @@
"references": [
{
"url": "https://medium.com/%40ridheshgohil1092/cve-2023-36940-xss-on-online-fire-reporting-system-v-1-2-1d3fa170e4d6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://packetstormsecurity.com",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
]
}
]

78
CVE-2023/CVE-2023-417xx/CVE-2023-41727.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-41727",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:08.623",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:48:25.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46216.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46216",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.170",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:46:11.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46217.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46217",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.337",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:46:51.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46220.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46220",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.497",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:46:59.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46221.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46221",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.650",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:47:10.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46222.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46222",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.797",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:47:18.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46223.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46223",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.957",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:47:26.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46224.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46224",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.113",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:47:34.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46225.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46225",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.260",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:47:42.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46257.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46257",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.413",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:47:50.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46258.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46258",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.570",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:47:58.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46259.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46259",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.720",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:48:07.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46260.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46260",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.887",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:48:14.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46261.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46261",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.043",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:48:18.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46263.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46263",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.343",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:49:33.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution."
},
{
"lang": "es",
"value": "Existe una carga sin restricciones de archivos con una vulnerabilidad de tipo peligroso en las versiones 6.4.1 e inferiores de Avalanche que podr\u00eda permitir a un atacante lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-462xx/CVE-2023-46264.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46264",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.493",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:49:27.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution."
},
{
"lang": "es",
"value": "Existe una carga sin restricciones de archivos con una vulnerabilidad de tipo peligroso en las versiones 6.4.1 e inferiores de Avalanche que podr\u00eda permitir a un atacante lograr la ejecuci\u00f3n de eliminaci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-468xx/CVE-2023-46803.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46803",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.930",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:49:22.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-468xx/CVE-2023-46804.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-46804",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:12.077",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:49:19.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda paquetes de datos especialmente manipulados a Mobile Device Server puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +60,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "024C02F7-995E-4235-8900-A9673F050E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-497xx/CVE-2023-49759.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49759",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.083",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:56:56.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gvectors:woodiscuz_-_woocommerce_comments:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.0",
"matchCriteriaId": "E26A8BBA-D74F-4083-95A9-07E758189FE6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woodiscuz-woocommerce-comments/wordpress-woodiscuz-woocommerce-comments-plugin-2-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-497xx/CVE-2023-49760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49760",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.263",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:57:19.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:giannopouloskostas:wpsoononlinepage:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9",
"matchCriteriaId": "07A31679-6720-4229-A9AE-1FCBE2AF3907"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-soononline-page/wordpress-wpsoononlinepage-plugin-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-497xx/CVE-2023-49761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49761",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.447",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:55:01.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gravitymaster:product_enquiry_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0",
"matchCriteriaId": "828EE6DF-E57B-498A-866B-DC712A4C6991"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gm-woocommerce-quote-popup/wordpress-product-enquiry-for-woocommerce-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-497xx/CVE-2023-49763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49763",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.630",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:53:23.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:creatomatic:csprite:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "C84B3544-DD88-4499-9415-21CCFB67C9FE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/csprite/wordpress-csprite-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-68xx/CVE-2023-6826.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6826",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-15T08:15:46.120",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:49:03.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.20.25",
"matchCriteriaId": "C516863C-71D7-4083-BE1E-6D4FBE2B45C6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/e2pdf/trunk/classes/controller/e2pdf-templates.php?rev=2993824#L1488",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/e2pdf/trunk/classes/controller/e2pdf-templates.php?rev=2993824#L753",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3009695/e2pdf#file0",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03faec37-2cce-4e14-92f2-d941ab1b4ce9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-68xx/CVE-2023-6827.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6827",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-15T08:15:46.370",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T04:48:37.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.3.5",
"matchCriteriaId": "2791AEA1-84F0-45EE-8350-034717579A5A"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-real-estate/tags/4.3.5/lib/smart-framework/core/fonts/fonts.class.php#L524",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3009780/essential-real-estate",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-70xx/CVE-2023-7025.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7025",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T03:15:07.857",
"lastModified": "2023-12-21T03:15:07.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/B05NqMPvEqoU",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.248578",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.248578",
"source": "cna@vuldb.com"
}
]
}

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-21T03:00:24.953207+00:00
2023-12-21T05:00:24.690522+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-21T02:52:18.850000+00:00
2023-12-21T04:57:19.577000+00:00
```
### Last Data Feed Release
@ -29,53 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233918
233919
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `1`
* [CVE-2023-28025](CVE-2023/CVE-2023-280xx/CVE-2023-28025.json) (`2023-12-21T01:15:32.450`)
* [CVE-2023-29485](CVE-2023/CVE-2023-294xx/CVE-2023-29485.json) (`2023-12-21T01:15:32.700`)
* [CVE-2023-29486](CVE-2023/CVE-2023-294xx/CVE-2023-29486.json) (`2023-12-21T01:15:32.790`)
* [CVE-2023-29487](CVE-2023/CVE-2023-294xx/CVE-2023-29487.json) (`2023-12-21T01:15:32.897`)
* [CVE-2023-45700](CVE-2023/CVE-2023-457xx/CVE-2023-45700.json) (`2023-12-21T01:15:32.997`)
* [CVE-2023-7020](CVE-2023/CVE-2023-70xx/CVE-2023-7020.json) (`2023-12-21T01:15:34.073`)
* [CVE-2023-7021](CVE-2023/CVE-2023-70xx/CVE-2023-7021.json) (`2023-12-21T01:15:34.393`)
* [CVE-2023-7022](CVE-2023/CVE-2023-70xx/CVE-2023-7022.json) (`2023-12-21T02:15:43.680`)
* [CVE-2023-7023](CVE-2023/CVE-2023-70xx/CVE-2023-7023.json) (`2023-12-21T02:15:43.960`)
* [CVE-2023-7025](CVE-2023/CVE-2023-70xx/CVE-2023-7025.json) (`2023-12-21T03:15:07.857`)
### CVEs modified in the last Commit
Recently modified CVEs: `174`
Recently modified CVEs: `67`
* [CVE-2023-50988](CVE-2023/CVE-2023-509xx/CVE-2023-50988.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-50989](CVE-2023/CVE-2023-509xx/CVE-2023-50989.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-50990](CVE-2023/CVE-2023-509xx/CVE-2023-50990.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-50992](CVE-2023/CVE-2023-509xx/CVE-2023-50992.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-50993](CVE-2023/CVE-2023-509xx/CVE-2023-50993.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-41166](CVE-2023/CVE-2023-411xx/CVE-2023-41166.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-45703](CVE-2023/CVE-2023-457xx/CVE-2023-45703.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-46131](CVE-2023/CVE-2023-461xx/CVE-2023-46131.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-47093](CVE-2023/CVE-2023-470xx/CVE-2023-47093.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-49032](CVE-2023/CVE-2023-490xx/CVE-2023-49032.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-51390](CVE-2023/CVE-2023-513xx/CVE-2023-51390.json) (`2023-12-21T02:24:16.353`)
* [CVE-2023-23970](CVE-2023/CVE-2023-239xx/CVE-2023-23970.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-25970](CVE-2023/CVE-2023-259xx/CVE-2023-25970.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-49270](CVE-2023/CVE-2023-492xx/CVE-2023-49270.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-49271](CVE-2023/CVE-2023-492xx/CVE-2023-49271.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-49272](CVE-2023/CVE-2023-492xx/CVE-2023-49272.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-48433](CVE-2023/CVE-2023-484xx/CVE-2023-48433.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-48434](CVE-2023/CVE-2023-484xx/CVE-2023-48434.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-50639](CVE-2023/CVE-2023-506xx/CVE-2023-50639.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-50983](CVE-2023/CVE-2023-509xx/CVE-2023-50983.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-50984](CVE-2023/CVE-2023-509xx/CVE-2023-50984.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-50985](CVE-2023/CVE-2023-509xx/CVE-2023-50985.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-50986](CVE-2023/CVE-2023-509xx/CVE-2023-50986.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-50987](CVE-2023/CVE-2023-509xx/CVE-2023-50987.json) (`2023-12-21T02:24:22.413`)
* [CVE-2023-4734](CVE-2023/CVE-2023-47xx/CVE-2023-4734.json) (`2023-12-21T02:52:18.850`)
* [CVE-2023-46216](CVE-2023/CVE-2023-462xx/CVE-2023-46216.json) (`2023-12-21T04:46:11.570`)
* [CVE-2023-46217](CVE-2023/CVE-2023-462xx/CVE-2023-46217.json) (`2023-12-21T04:46:51.583`)
* [CVE-2023-46220](CVE-2023/CVE-2023-462xx/CVE-2023-46220.json) (`2023-12-21T04:46:59.847`)
* [CVE-2023-46221](CVE-2023/CVE-2023-462xx/CVE-2023-46221.json) (`2023-12-21T04:47:10.487`)
* [CVE-2023-46222](CVE-2023/CVE-2023-462xx/CVE-2023-46222.json) (`2023-12-21T04:47:18.880`)
* [CVE-2023-46223](CVE-2023/CVE-2023-462xx/CVE-2023-46223.json) (`2023-12-21T04:47:26.523`)
* [CVE-2023-46224](CVE-2023/CVE-2023-462xx/CVE-2023-46224.json) (`2023-12-21T04:47:34.747`)
* [CVE-2023-46225](CVE-2023/CVE-2023-462xx/CVE-2023-46225.json) (`2023-12-21T04:47:42.900`)
* [CVE-2023-46257](CVE-2023/CVE-2023-462xx/CVE-2023-46257.json) (`2023-12-21T04:47:50.787`)
* [CVE-2023-46258](CVE-2023/CVE-2023-462xx/CVE-2023-46258.json) (`2023-12-21T04:47:58.207`)
* [CVE-2023-46259](CVE-2023/CVE-2023-462xx/CVE-2023-46259.json) (`2023-12-21T04:48:07.923`)
* [CVE-2023-46260](CVE-2023/CVE-2023-462xx/CVE-2023-46260.json) (`2023-12-21T04:48:14.087`)
* [CVE-2023-46261](CVE-2023/CVE-2023-462xx/CVE-2023-46261.json) (`2023-12-21T04:48:18.447`)
* [CVE-2023-41727](CVE-2023/CVE-2023-417xx/CVE-2023-41727.json) (`2023-12-21T04:48:25.067`)
* [CVE-2023-29234](CVE-2023/CVE-2023-292xx/CVE-2023-29234.json) (`2023-12-21T04:48:31.270`)
* [CVE-2023-6827](CVE-2023/CVE-2023-68xx/CVE-2023-6827.json) (`2023-12-21T04:48:37.823`)
* [CVE-2023-6826](CVE-2023/CVE-2023-68xx/CVE-2023-6826.json) (`2023-12-21T04:49:03.117`)
* [CVE-2023-46804](CVE-2023/CVE-2023-468xx/CVE-2023-46804.json) (`2023-12-21T04:49:19.073`)
* [CVE-2023-46803](CVE-2023/CVE-2023-468xx/CVE-2023-46803.json) (`2023-12-21T04:49:22.117`)
* [CVE-2023-46264](CVE-2023/CVE-2023-462xx/CVE-2023-46264.json) (`2023-12-21T04:49:27.650`)
* [CVE-2023-46263](CVE-2023/CVE-2023-462xx/CVE-2023-46263.json) (`2023-12-21T04:49:33.693`)
* [CVE-2023-49763](CVE-2023/CVE-2023-497xx/CVE-2023-49763.json) (`2023-12-21T04:53:23.933`)
* [CVE-2023-49761](CVE-2023/CVE-2023-497xx/CVE-2023-49761.json) (`2023-12-21T04:55:01.263`)
* [CVE-2023-49759](CVE-2023/CVE-2023-497xx/CVE-2023-49759.json) (`2023-12-21T04:56:56.160`)
* [CVE-2023-49760](CVE-2023/CVE-2023-497xx/CVE-2023-49760.json) (`2023-12-21T04:57:19.577`)
## Download and Usage