admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-21T00:55:17.801804+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-21 00:55:21 +00:00
parent 0e50de808a
commit 12d9b9f586
16 changed files with 1218 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
CVE-2023/CVE-2023-392xx/CVE-2023-39204.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39204",
"sourceIdentifier": "security@zoom.us",
"published": "2023-11-14T23:15:08.687",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T00:47:04.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +80,152 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "6542B8C0-31B4-40A0-B6F3-136C5A16EFE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "5722E765-C79A-4A21-9E03-2634D5E7F2F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "86B49D79-7C51-46BE-87C2-93717D687531"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "F6679219-E822-4E14-98CF-1661E343143E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "63776027-642A-4B76-A561-F658045ECBD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "81A22013-04BC-4F45-8295-81C5FD441FC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "B399594A-A021-4CCF-BD2D-3E43FC0BF8B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "0DACEF42-D48D-4CDD-B72C-0C1C2A63DF96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "5C73290C-5F04-40AC-BFD8-64E2E53E3EF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "C29E2E20-94A0-4516-8815-F634290D1C3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "10213F87-D42E-47F0-A0E4-3EEC68D024B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "6E3A49AF-5716-4516-8BC5-2DF788E6608C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "24D1C345-4BF0-4027-A7C1-4D2FD8106EFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "DE7C3EFB-8CDF-447F-BDFC-2914C7DF8449"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.13",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "229A05D6-27BE-46A0-ADA8-C37873A24EA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "42CDC31F-325B-43A1-8266-34317C644630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "C7B42405-380C-42AD-9B87-99EB92E433BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "351C219A-492B-4DC8-B92F-1B609A16459A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.15.10",
"matchCriteriaId": "3D834D47-BF15-461E-A908-3F7A919C2ED2"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

158
CVE-2023/CVE-2023-392xx/CVE-2023-39205.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39205",
"sourceIdentifier": "security@zoom.us",
"published": "2023-11-14T23:15:08.887",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T00:46:21.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La verificaci\u00f3n de condiciones inadecuadas en Zoom Team Chat para clientes de Zoom puede permitir que un usuario autenticado lleve a cabo una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +80,128 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "440B9710-9B66-4F17-A4EE-C1D11DF4DC76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "B3F99428-4438-47DA-BD2D-FF61BF1CC736"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "392358DF-EC53-4538-A361-F467B8DFEE8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "1E1A90A2-8B2E-481F-95D6-FB9E85B951CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "33188B54-F6E1-4556-8A90-9DD7384AF299"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.13",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

182
CVE-2023/CVE-2023-392xx/CVE-2023-39206.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39206",
"sourceIdentifier": "security@zoom.us",
"published": "2023-11-14T23:15:09.073",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T00:46:02.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +80,152 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "12D81D70-FA29-4921-9A20-BE8DC596F6AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "440B9710-9B66-4F17-A4EE-C1D11DF4DC76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "B3F99428-4438-47DA-BD2D-FF61BF1CC736"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "392358DF-EC53-4538-A361-F467B8DFEE8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "1E1A90A2-8B2E-481F-95D6-FB9E85B951CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "33188B54-F6E1-4556-8A90-9DD7384AF299"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.13",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-399xx/CVE-2023-39999.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39999",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-13T12:15:09.970",
"lastModified": "2023-11-03T22:15:10.313",
"lastModified": "2023-11-20T23:15:06.393",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -254,6 +254,10 @@
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html",
"source": "audit@patchstack.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/",
"source": "audit@patchstack.com"

59
CVE-2023/CVE-2023-401xx/CVE-2023-40151.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40151",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-21T00:15:06.953",
"lastModified": "2023-11-21T00:15:06.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

152
CVE-2023/CVE-2023-435xx/CVE-2023-43582.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43582",
"sourceIdentifier": "security@zoom.us",
"published": "2023-11-15T00:15:08.673",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T00:45:03.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.\n"
},
{
"lang": "es",
"value": "La autorizaci\u00f3n inadecuada en algunos clientes de Zoom puede permitir que un usuario autorizado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +80,122 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "12D81D70-FA29-4921-9A20-BE8DC596F6AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.13",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

104
CVE-2023/CVE-2023-435xx/CVE-2023-43588.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43588",
"sourceIdentifier": "security@zoom.us",
"published": "2023-11-15T00:15:08.860",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T00:44:17.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.\n\n"
},
{
"lang": "es",
"value": "La gesti\u00f3n insuficiente del flujo de control en algunos clientes de Zoom puede permitir que un usuario autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +80,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.13",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-475xx/CVE-2023-47517.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47517",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T23:15:11.737",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T00:45:47.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <=\u00a01.23.11.6 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento SendPress Newsletters en versiones &lt;= 1.23.11.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pressified:sendpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.23.11.6",
"matchCriteriaId": "067F2805-85F7-4309-A837-9BA03C1BDE8E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47518.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47518",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T23:15:11.923",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T00:45:18.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <=\u00a02.6.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Matthew Muro Restrict Categories en versiones &lt;= 2.6.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vfbpro:restrict_categories:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.4",
"matchCriteriaId": "5255F786-B34E-4295-A2A6-42AB90174579"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/restrict-categories/wordpress-restrict-categories-plugin-2-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-480xx/CVE-2023-48051.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48051",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T23:15:06.550",
"lastModified": "2023-11-20T23:15:06.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Carglglz/upydev/issues/38",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-483xx/CVE-2023-48310.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-48310",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-20T23:15:06.593",
"lastModified": "2023-11-20T23:15:06.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Version 2.1.1 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/NC3-LU/TestingPlatform/releases/tag/v2.1.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-55xx/CVE-2023-5561.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5561",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:18.073",
"lastModified": "2023-11-08T19:15:09.703",
"lastModified": "2023-11-20T23:15:06.797",
"vulnStatus": "Modified",
"descriptions": [
{
@ -182,6 +182,10 @@
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/",
"source": "contact@wpscan.com",

59
CVE-2023/CVE-2023-61xx/CVE-2023-6142.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6142",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-21T00:15:07.160",
"lastModified": "2023-11-21T00:15:07.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bunny/",
"source": "help@fluidattacks.com"
},
{
"url": "https://github.com/Armanidrisi/devblog/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-61xx/CVE-2023-6144.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6144",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-21T00:15:07.353",
"lastModified": "2023-11-21T00:15:07.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dev blog v1.0 allows to exploit an account takeover through the \"user\" cookie. With this, an attacker can access any user's session just by knowing their username.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/almighty/",
"source": "help@fluidattacks.com"
},
{
"url": "https://github.com/Armanidrisi/devblog/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-61xx/CVE-2023-6199.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6199",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-20T23:15:06.877",
"lastModified": "2023-11-20T23:15:06.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/imagination/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.bookstackapp.com/blog/bookstack-release-v23-10-3/",
"source": "help@fluidattacks.com"
}
]
}

40
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-20T23:00:17.974728+00:00
2023-11-21T00:55:17.801804+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-20T22:15:07.243000+00:00
2023-11-21T00:47:04.810000+00:00
```
### Last Data Feed Release
@ -29,34 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231185
231191
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `6`
* [CVE-2023-46470](CVE-2023/CVE-2023-464xx/CVE-2023-46470.json) (`2023-11-20T21:15:08.210`)
* [CVE-2023-46471](CVE-2023/CVE-2023-464xx/CVE-2023-46471.json) (`2023-11-20T21:15:08.253`)
* [CVE-2023-47172](CVE-2023/CVE-2023-471xx/CVE-2023-47172.json) (`2023-11-20T21:15:08.293`)
* [CVE-2023-47311](CVE-2023/CVE-2023-473xx/CVE-2023-47311.json) (`2023-11-20T21:15:08.337`)
* [CVE-2023-6062](CVE-2023/CVE-2023-60xx/CVE-2023-6062.json) (`2023-11-20T21:15:08.387`)
* [CVE-2023-6178](CVE-2023/CVE-2023-61xx/CVE-2023-6178.json) (`2023-11-20T21:15:08.550`)
* [CVE-2023-48176](CVE-2023/CVE-2023-481xx/CVE-2023-48176.json) (`2023-11-20T22:15:07.187`)
* [CVE-2023-48192](CVE-2023/CVE-2023-481xx/CVE-2023-48192.json) (`2023-11-20T22:15:07.243`)
* [CVE-2023-48051](CVE-2023/CVE-2023-480xx/CVE-2023-48051.json) (`2023-11-20T23:15:06.550`)
* [CVE-2023-48310](CVE-2023/CVE-2023-483xx/CVE-2023-48310.json) (`2023-11-20T23:15:06.593`)
* [CVE-2023-6199](CVE-2023/CVE-2023-61xx/CVE-2023-6199.json) (`2023-11-20T23:15:06.877`)
* [CVE-2023-40151](CVE-2023/CVE-2023-401xx/CVE-2023-40151.json) (`2023-11-21T00:15:06.953`)
* [CVE-2023-6142](CVE-2023/CVE-2023-61xx/CVE-2023-6142.json) (`2023-11-21T00:15:07.160`)
* [CVE-2023-6144](CVE-2023/CVE-2023-61xx/CVE-2023-6144.json) (`2023-11-21T00:15:07.353`)
### CVEs modified in the last Commit
Recently modified CVEs: `7`
Recently modified CVEs: `9`
* [CVE-2020-13920](CVE-2020/CVE-2020-139xx/CVE-2020-13920.json) (`2023-11-20T22:15:06.783`)
* [CVE-2021-26117](CVE-2021/CVE-2021-261xx/CVE-2021-26117.json) (`2023-11-20T22:15:06.903`)
* [CVE-2023-38177](CVE-2023/CVE-2023-381xx/CVE-2023-38177.json) (`2023-11-20T21:00:46.393`)
* [CVE-2023-36719](CVE-2023/CVE-2023-367xx/CVE-2023-36719.json) (`2023-11-20T21:02:51.473`)
* [CVE-2023-46213](CVE-2023/CVE-2023-462xx/CVE-2023-46213.json) (`2023-11-20T21:15:08.043`)
* [CVE-2023-46214](CVE-2023/CVE-2023-462xx/CVE-2023-46214.json) (`2023-11-20T21:15:08.133`)
* [CVE-2023-46604](CVE-2023/CVE-2023-466xx/CVE-2023-46604.json) (`2023-11-20T22:15:07.083`)
* [CVE-2023-39999](CVE-2023/CVE-2023-399xx/CVE-2023-39999.json) (`2023-11-20T23:15:06.393`)
* [CVE-2023-5561](CVE-2023/CVE-2023-55xx/CVE-2023-5561.json) (`2023-11-20T23:15:06.797`)
* [CVE-2023-43588](CVE-2023/CVE-2023-435xx/CVE-2023-43588.json) (`2023-11-21T00:44:17.740`)
* [CVE-2023-43582](CVE-2023/CVE-2023-435xx/CVE-2023-43582.json) (`2023-11-21T00:45:03.947`)
* [CVE-2023-47518](CVE-2023/CVE-2023-475xx/CVE-2023-47518.json) (`2023-11-21T00:45:18.103`)
* [CVE-2023-47517](CVE-2023/CVE-2023-475xx/CVE-2023-47517.json) (`2023-11-21T00:45:47.997`)
* [CVE-2023-39206](CVE-2023/CVE-2023-392xx/CVE-2023-39206.json) (`2023-11-21T00:46:02.800`)
* [CVE-2023-39205](CVE-2023/CVE-2023-392xx/CVE-2023-39205.json) (`2023-11-21T00:46:21.403`)
* [CVE-2023-39204](CVE-2023/CVE-2023-392xx/CVE-2023-39204.json) (`2023-11-21T00:47:04.810`)
## Download and Usage