admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-30T17:00:24.800205+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-30 17:00:28 +00:00
parent c4b0e34842
commit 13853b6c96
39 changed files with 2110 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
CVE-2021/CVE-2021-468xx/CVE-2021-46897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46897",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-22T19:15:08.240",
"lastModified": "2023-10-23T11:35:01.280",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:25:02.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "views.py en Wagtail CRX CodeRed Extensions (anteriormente CodeRed CMS o coderedcms) anterior a 0.22.3 permite el path traversal hacia arriba protected/..%2f..%2f al servir medios protegidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wagtailcrx:codered_extensions:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.22.3",
"matchCriteriaId": "4195633E-6F79-4228-AB78-DB844B8FA484"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/coderedcorp/coderedcms/issues/448",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/coderedcorp/coderedcms/pull/450",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2021/CVE-2021-468xx/CVE-2021-46898.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46898",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-22T19:15:08.297",
"lastModified": "2023-10-23T11:35:01.280",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:56:43.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,89 @@
"value": "views/switch.py en django-grappelli (tambi\u00e9n conocido como Django Grappelli) anterior a 2.15.2 intenta evitar la redirecci\u00f3n externa con startwith(\"/\") pero esto no considera un ataque de URL relativo al protocolo (por ejemplo, //example.com) ."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vonautomatisch:django_grappelli:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.15.2",
"matchCriteriaId": "01233523-51DB-4BA3-8508-64ED220ACB74"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sehmaschine/django-grappelli/commit/4ca94bcda0fa2720594506853d85e00c8212968f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sehmaschine/django-grappelli/compare/2.15.1...2.15.2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/sehmaschine/django-grappelli/issues/975",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/sehmaschine/django-grappelli/pull/976",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

24
CVE-2022/CVE-2022-386xx/CVE-2022-38648.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38648",
"sourceIdentifier": "security@apache.org",
"published": "2022-09-22T15:15:09.350",
"lastModified": "2023-10-15T00:15:10.010",
"vulnStatus": "Modified",
"lastModified": "2023-10-30T16:18:09.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -75,6 +75,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -88,7 +103,10 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

24
CVE-2022/CVE-2022-401xx/CVE-2022-40146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40146",
"sourceIdentifier": "security@apache.org",
"published": "2022-09-22T15:15:09.407",
"lastModified": "2023-10-15T00:15:10.087",
"vulnStatus": "Modified",
"lastModified": "2023-10-30T16:17:53.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -75,6 +75,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -88,7 +103,10 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

55
CVE-2022/CVE-2022-45xx/CVE-2022-4573.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4573",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-30T15:15:39.653",
"lastModified": "2023-10-30T15:28:31.260",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2022/CVE-2022-45xx/CVE-2022-4574.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4574",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-30T15:15:40.080",
"lastModified": "2023-10-30T15:28:31.260",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. \u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2022/CVE-2022-45xx/CVE-2022-4575.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4575",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-30T15:15:40.493",
"lastModified": "2023-10-30T15:28:31.260",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2022/CVE-2022-481xx/CVE-2022-48189.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48189",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-30T15:15:39.203",
"lastModified": "2023-10-30T15:28:31.260",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
}
]
}

47
CVE-2023/CVE-2023-304xx/CVE-2023-30492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30492",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T12:15:08.513",
"lastModified": "2023-10-26T12:58:59.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T15:56:56.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varktech:minimum_purchase_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0.1",
"matchCriteriaId": "4F53356D-573A-4061-A90B-F8EF252FD4F8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/minimum-purchase-for-woocommerce/wordpress-minimum-purchase-for-woocommerce-plugin-2-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-321xx/CVE-2023-32116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32116",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T13:15:09.413",
"lastModified": "2023-10-26T15:32:27.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:27:32.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:totalpress:custom_post_types:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0.12",
"matchCriteriaId": "0589DF0D-267E-44ED-85A9-7B7FBBC95633"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-post-types/wordpress-custom-post-types-plugin-4-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-340xx/CVE-2023-34051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34051",
"sourceIdentifier": "security@vmware.com",
"published": "2023-10-20T05:15:07.943",
"lastModified": "2023-10-20T11:27:23.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:28:40.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,97 @@
"value": "VMware Aria Operations for Logs contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un actor malicioso no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F207E7F7-B239-46F4-90FC-D8CC090B72FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E25A8E-8FDD-4B2E-AC3A-5D70C0DEE483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA88D24-B7A6-4A4E-A9FF-826FC04578BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "66B2704F-ECEE-4BCD-B7E4-702A87EA3AF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D400E0C-561C-4A87-B047-271DA10288EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FEEA71-A044-41E4-99A3-80095746C997"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "255AB7A4-C8AB-4010-9CE2-F5743CF3C327"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0021.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-340xx/CVE-2023-34052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34052",
"sourceIdentifier": "security@vmware.com",
"published": "2023-10-20T05:15:08.420",
"lastModified": "2023-10-20T11:27:23.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:27:41.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,82 @@
"value": "VMware Aria Operations for Logs contiene una vulnerabilidad de deserializaci\u00f3n. Un actor malintencionado con acceso no administrativo al sistema local puede desencadenar la deserializaci\u00f3n de datos, lo que podr\u00eda provocar una omisi\u00f3n de autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F207E7F7-B239-46F4-90FC-D8CC090B72FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E25A8E-8FDD-4B2E-AC3A-5D70C0DEE483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FEEA71-A044-41E4-99A3-80095746C997"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "255AB7A4-C8AB-4010-9CE2-F5743CF3C327"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0021.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-433xx/CVE-2023-43341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43341",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-19T22:15:09.123",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:34:20.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en Evolution evo v.3.2.3 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro uid inyectado en un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:evo:evolution_cms:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5470FF1E-D2D9-45CD-8321-69BA847BC81A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43341-Evolution-Reflected-XSS---Installation-Connection-",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Connection-",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-433xx/CVE-2023-43342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43342",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-19T22:15:09.557",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:33:39.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en opensolution Quick CMS v.6.7 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para el componente Men\u00fa de Idiomas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensolution:quick_cms:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B571ABB-F2E3-4C39-9560-74C3E9E98593"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43342-Quick-CMS-Stored-XSS---Languages-Frontend",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sromanhu/Quick-CMS-Stored-XSS---Languages-Frontend",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-433xx/CVE-2023-43344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43344",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-19T22:15:09.673",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:33:21.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en opensolution Quick CMS v.6.7 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para el par\u00e1metro SEO - Meta descripci\u00f3n en el componente Men\u00fa de P\u00e1ginas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensolution:quick_cms:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B571ABB-F2E3-4C39-9560-74C3E9E98593"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43344-Quick-CMS-Stored-XSS---SEO-Meta-description",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-433xx/CVE-2023-43359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43359",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-19T22:15:09.720",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:33:04.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "La vulnerabilidad de Cross-Site Scripting (XSS) en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para los par\u00e1metros de datos Smarty y metadatos espec\u00edficos de la p\u00e1gina en el componente del Men\u00fa del Administrador de Contenido."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF989DA-0199-49AE-A793-1CE18C1E045A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43359-CMSmadesimple-Stored-XSS----Content-Manager",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-433xx/CVE-2023-43360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43360",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-25T18:17:31.757",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:31:41.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro Top Directory en el componente File Picker Menu."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF989DA-0199-49AE-A793-1CE18C1E045A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sromanhu/CMSmadesimple-Stored-XSS---File-Picker-extension",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-438xx/CVE-2023-43875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43875",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-19T22:15:09.777",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:32:49.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) en la instalaci\u00f3n de Subrion CMS v.4.2.1 permiten a un atacante local ejecutar scripts web arbitrarios a trav\u00e9s de un payload manipulado inyectado en bhost, dbname, dbuser, adminusername y adminemail. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intelliants:subrion_cms:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1964CC54-4FD5-44DF-A183-0538C48EA988"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44323.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44323",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-30T15:15:40.980",
"lastModified": "2023-10-30T15:28:31.260",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44323",
"source": "psirt@adobe.com"
}
]
}

64
CVE-2023/CVE-2023-453xx/CVE-2023-45394.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45394",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-20T04:15:10.237",
"lastModified": "2023-10-20T11:27:23.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:29:24.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el campo Company en la secci\u00f3n \"Solicitar una cotizaci\u00f3n\" de Small CRM v3.0 permite a un atacante almacenar y ejecutar c\u00f3digo javascript malicioso en el panel de administraci\u00f3n, lo que conduce a la apropiaci\u00f3n de la cuenta de Administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:small_crm_project:small_crm:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51675DD-9B72-44A9-AE72-24AF1B6BA813"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kartik753/CVE/blob/main/CVE-2023-45394",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-454xx/CVE-2023-45471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-20T04:15:10.720",
"lastModified": "2023-10-20T11:27:23.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:29:13.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El QAD Search Server es vulnerable a Cross-Site Scripting (XSS) Almacenado en versiones hasta la 1.0.0.315 incluida debido a comprobaciones insuficientes de los \u00edndices. Esto hace posible que atacantes no autenticados creen un nuevo \u00edndice e inyecten un script web malicioso en su nombre, que se ejecutar\u00e1 cada vez que un usuario acceda a la p\u00e1gina de b\u00fasqueda."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qad:search_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.0.315",
"matchCriteriaId": "64E47609-956F-4E0B-BC52-48BB4293DA27"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/itsAptx/CVE-2023-45471",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-454xx/CVE-2023-45498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45498",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T04:15:10.487",
"lastModified": "2023-10-27T19:15:41.303",
"lastModified": "2023-10-30T15:15:41.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/31",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-454xx/CVE-2023-45499.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45499",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T04:15:10.617",
"lastModified": "2023-10-27T19:15:41.360",
"lastModified": "2023-10-30T15:15:41.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/31",
"source": "cve@mitre.org"

64
CVE-2023/CVE-2023-458xx/CVE-2023-45815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45815",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-19T22:15:10.407",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:31:17.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archivebox:archivebox:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.6.2",
"matchCriteriaId": "7E721DF1-19BE-4E74-AAD8-C2C26FB0B887"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ArchiveBox/ArchiveBox/issues/239",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/ArchiveBox/ArchiveBox/security/advisories/GHSA-cr45-98w9-gwqx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-458xx/CVE-2023-45822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45822",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-19T21:15:08.930",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:37:49.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifacthub:hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.16.0",
"matchCriteriaId": "19535757-82CE-47EA-B827-0273894CF9BD"
}
]
}
]
}
],
"references": [
{
"url": "https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/artifacthub/hub/security/advisories/GHSA-9pc8-m4vp-ggvf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.openpolicyagent.org/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation"
]
},
{
"url": "https://www.openpolicyagent.org/docs/latest/#rego",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation"
]
}
]
}

62
CVE-2023/CVE-2023-458xx/CVE-2023-45823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45823",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-19T21:15:09.003",
"lastModified": "2023-10-20T11:27:31.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T15:35:37.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifacthub:hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.16.0",
"matchCriteriaId": "19535757-82CE-47EA-B827-0273894CF9BD"
}
]
}
]
}
],
"references": [
{
"url": "https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/artifacthub/hub/security/advisories/GHSA-hmq4-c2r4-5q8h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-460xx/CVE-2023-46074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46074",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T12:15:08.687",
"lastModified": "2023-10-26T12:58:59.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:21:25.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:borbis:freshmail_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.2",
"matchCriteriaId": "B635D748-7FA1-4F02-A9B2-1C0C2321C835"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-460xx/CVE-2023-46076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46076",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T13:15:09.593",
"lastModified": "2023-10-26T15:32:27.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:28:35.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rednao:woocommerce_pdf_invoice_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.102",
"matchCriteriaId": "8B8E2CC5-D69E-4802-B00F-B89C0B734FD1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-pdf-invoice-builder/wordpress-woocommerce-pdf-invoice-builder-plugin-1-2-100-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-460xx/CVE-2023-46077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46077",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T13:15:09.667",
"lastModified": "2023-10-26T15:32:23.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:29:04.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arrowplugins:the_awesome_feed:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.5",
"matchCriteriaId": "E68E6AB0-1B8D-4A40-8753-E2128EDED258"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-facebook-feed/wordpress-the-awesome-feed-custom-feed-plugin-2-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-460xx/CVE-2023-46081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46081",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T13:15:09.747",
"lastModified": "2023-10-26T15:32:23.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:29:47.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lava-code:lava_directory_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.34",
"matchCriteriaId": "36295305-4CB1-4B9B-9AA1-73B32F2F0E9C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/lava-directory-manager/wordpress-lava-directory-manager-plugin-1-1-34-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-464xx/CVE-2023-46435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46435",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T18:15:08.767",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:20:21.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Sourcecodester Packers and Movers Management System v1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de mpms/?p=services/view_service&id."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:packers_and_movers_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E7A5FB-799D-42CF-97F9-7250B4C49C6B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kirra-max/bug_reports/blob/main/packers-and-movers-management-system-phpoop-free-source-code/SQL-1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-464xx/CVE-2023-46449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46449",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T15:15:09.257",
"lastModified": "2023-10-26T15:32:23.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T15:55:58.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "El sistema de gesti\u00f3n de inventario Gratuito y de C\u00f3digo Abierto Sourcecodester v1.0 es vulnerable a un control de acceso incorrecto. Un usuario arbitrario puede cambiar la contrase\u00f1a de otro usuario y hacerse cargo de la cuenta a trav\u00e9s de IDOR en la funci\u00f3n de cambio de contrase\u00f1a."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A0265A-E1A5-4424-8D30-EC76231AEE53"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sajaljat/CVE-2023-46449/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=H5QnsOKjs3s",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-464xx/CVE-2023-46450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46450",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T15:15:09.317",
"lastModified": "2023-10-26T15:32:23.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T15:55:16.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "El sistema de gesti\u00f3n de inventario Gratuito y de C\u00f3digo Abierto Sourcecodester v1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de la funci\u00f3n Agregar proveedor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A0265A-E1A5-4424-8D30-EC76231AEE53"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yte121/-CVE-2023-46450/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/LQy0_xIK2q0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-49xx/CVE-2023-4964.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4964",
"sourceIdentifier": "security@opentext.com",
"published": "2023-10-30T15:15:42.197",
"lastModified": "2023-10-30T15:28:31.260",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US",
"source": "security@opentext.com"
}
]
}

69
CVE-2023/CVE-2023-57xx/CVE-2023-5790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5790",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-26T17:15:10.080",
"lastModified": "2023-10-26T17:33:34.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:33:03.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -64,6 +86,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +107,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:file_manager_app:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13DCEB1D-966B-4E2E-99F8-F04FF9720D86"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yp1oneer/cve_hub/blob/main/File%20Manager%20App/Unrestricted%20File%20Upload.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.243595",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.243595",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-57xx/CVE-2023-5791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5791",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-26T17:15:10.167",
"lastModified": "2023-10-26T17:33:34.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:34:21.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -64,6 +86,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +107,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:sticky_notes_app:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A761D294-F1B2-4BB1-BA12-1D230E8F4177"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/Cross%20Site%20Scripting.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.243597",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.243597",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-57xx/CVE-2023-5792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5792",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-26T17:15:10.250",
"lastModified": "2023-10-26T17:33:34.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:34:50.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -64,6 +86,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +107,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:sticky_notes_app:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A761D294-F1B2-4BB1-BA12-1D230E8F4177"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/SQL%20Injection-1.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.243598",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.243598",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-58xx/CVE-2023-5802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5802",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T12:15:08.817",
"lastModified": "2023-10-26T12:58:59.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-30T16:23:18.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpknowledgebase:wp_knowledgebase:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.4",
"matchCriteriaId": "B32E6C93-1862-4B23-8714-601485312B20"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-knowledgebase/wordpress-wp-knowledgebase-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-30T15:00:24.334469+00:00
2023-10-30T17:00:24.800205+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-30T14:55:59.993000+00:00
2023-10-30T16:34:50.407000+00:00
```
### Last Data Feed Release
@ -29,48 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229156
229162
```
### CVEs added in the last Commit
Recently added CVEs: `22`
Recently added CVEs: `6`
* [CVE-2018-11103](CVE-2018/CVE-2018-111xx/CVE-2018-11103.json) (`2023-10-30T14:15:08.817`)
* [CVE-2020-25870](CVE-2020/CVE-2020-258xx/CVE-2020-25870.json) (`2023-10-30T14:15:08.897`)
* [CVE-2022-48190](CVE-2022/CVE-2022-481xx/CVE-2022-48190.json) (`2023-10-30T14:15:08.977`)
* [CVE-2023-5832](CVE-2023/CVE-2023-58xx/CVE-2023-5832.json) (`2023-10-30T13:15:31.690`)
* [CVE-2023-5833](CVE-2023/CVE-2023-58xx/CVE-2023-5833.json) (`2023-10-30T13:15:31.917`)
* [CVE-2023-40943](CVE-2023/CVE-2023-409xx/CVE-2023-40943.json) (`2023-10-30T14:15:09.037`)
* [CVE-2023-41605](CVE-2023/CVE-2023-416xx/CVE-2023-41605.json) (`2023-10-30T14:15:09.080`)
* [CVE-2023-44078](CVE-2023/CVE-2023-440xx/CVE-2023-44078.json) (`2023-10-30T14:15:09.123`)
* [CVE-2023-5049](CVE-2023/CVE-2023-50xx/CVE-2023-5049.json) (`2023-10-30T14:15:09.167`)
* [CVE-2023-5164](CVE-2023/CVE-2023-51xx/CVE-2023-5164.json) (`2023-10-30T14:15:09.240`)
* [CVE-2023-5199](CVE-2023/CVE-2023-51xx/CVE-2023-5199.json) (`2023-10-30T14:15:09.307`)
* [CVE-2023-5250](CVE-2023/CVE-2023-52xx/CVE-2023-5250.json) (`2023-10-30T14:15:09.383`)
* [CVE-2023-5251](CVE-2023/CVE-2023-52xx/CVE-2023-5251.json) (`2023-10-30T14:15:09.457`)
* [CVE-2023-5252](CVE-2023/CVE-2023-52xx/CVE-2023-5252.json) (`2023-10-30T14:15:09.530`)
* [CVE-2023-5315](CVE-2023/CVE-2023-53xx/CVE-2023-5315.json) (`2023-10-30T14:15:09.597`)
* [CVE-2023-5335](CVE-2023/CVE-2023-53xx/CVE-2023-5335.json) (`2023-10-30T14:15:09.667`)
* [CVE-2023-5362](CVE-2023/CVE-2023-53xx/CVE-2023-5362.json) (`2023-10-30T14:15:09.733`)
* [CVE-2023-5565](CVE-2023/CVE-2023-55xx/CVE-2023-5565.json) (`2023-10-30T14:15:09.973`)
* [CVE-2023-5566](CVE-2023/CVE-2023-55xx/CVE-2023-5566.json) (`2023-10-30T14:15:10.043`)
* [CVE-2023-5583](CVE-2023/CVE-2023-55xx/CVE-2023-5583.json) (`2023-10-30T14:15:10.120`)
* [CVE-2023-5666](CVE-2023/CVE-2023-56xx/CVE-2023-5666.json) (`2023-10-30T14:15:10.183`)
* [CVE-2023-5843](CVE-2023/CVE-2023-58xx/CVE-2023-5843.json) (`2023-10-30T14:15:10.253`)
* [CVE-2022-48189](CVE-2022/CVE-2022-481xx/CVE-2022-48189.json) (`2023-10-30T15:15:39.203`)
* [CVE-2022-4573](CVE-2022/CVE-2022-45xx/CVE-2022-4573.json) (`2023-10-30T15:15:39.653`)
* [CVE-2022-4574](CVE-2022/CVE-2022-45xx/CVE-2022-4574.json) (`2023-10-30T15:15:40.080`)
* [CVE-2022-4575](CVE-2022/CVE-2022-45xx/CVE-2022-4575.json) (`2023-10-30T15:15:40.493`)
* [CVE-2023-44323](CVE-2023/CVE-2023-443xx/CVE-2023-44323.json) (`2023-10-30T15:15:40.980`)
* [CVE-2023-4964](CVE-2023/CVE-2023-49xx/CVE-2023-4964.json) (`2023-10-30T15:15:42.197`)
### CVEs modified in the last Commit
Recently modified CVEs: `7`
Recently modified CVEs: `32`
* [CVE-2022-25332](CVE-2022/CVE-2022-253xx/CVE-2022-25332.json) (`2023-10-30T13:44:07.793`)
* [CVE-2023-45813](CVE-2023/CVE-2023-458xx/CVE-2023-45813.json) (`2023-10-30T13:37:36.380`)
* [CVE-2023-46324](CVE-2023/CVE-2023-463xx/CVE-2023-46324.json) (`2023-10-30T13:46:10.107`)
* [CVE-2023-5524](CVE-2023/CVE-2023-55xx/CVE-2023-5524.json) (`2023-10-30T13:50:35.243`)
* [CVE-2023-45146](CVE-2023/CVE-2023-451xx/CVE-2023-45146.json) (`2023-10-30T14:14:07.753`)
* [CVE-2023-43492](CVE-2023/CVE-2023-434xx/CVE-2023-43492.json) (`2023-10-30T14:33:25.570`)
* [CVE-2023-45812](CVE-2023/CVE-2023-458xx/CVE-2023-45812.json) (`2023-10-30T14:55:59.993`)
* [CVE-2023-34051](CVE-2023/CVE-2023-340xx/CVE-2023-34051.json) (`2023-10-30T15:28:40.420`)
* [CVE-2023-45471](CVE-2023/CVE-2023-454xx/CVE-2023-45471.json) (`2023-10-30T15:29:13.613`)
* [CVE-2023-45394](CVE-2023/CVE-2023-453xx/CVE-2023-45394.json) (`2023-10-30T15:29:24.470`)
* [CVE-2023-45815](CVE-2023/CVE-2023-458xx/CVE-2023-45815.json) (`2023-10-30T15:31:17.737`)
* [CVE-2023-43875](CVE-2023/CVE-2023-438xx/CVE-2023-43875.json) (`2023-10-30T15:32:49.323`)
* [CVE-2023-43359](CVE-2023/CVE-2023-433xx/CVE-2023-43359.json) (`2023-10-30T15:33:04.453`)
* [CVE-2023-43344](CVE-2023/CVE-2023-433xx/CVE-2023-43344.json) (`2023-10-30T15:33:21.567`)
* [CVE-2023-43342](CVE-2023/CVE-2023-433xx/CVE-2023-43342.json) (`2023-10-30T15:33:39.503`)
* [CVE-2023-43341](CVE-2023/CVE-2023-433xx/CVE-2023-43341.json) (`2023-10-30T15:34:20.017`)
* [CVE-2023-45823](CVE-2023/CVE-2023-458xx/CVE-2023-45823.json) (`2023-10-30T15:35:37.783`)
* [CVE-2023-45822](CVE-2023/CVE-2023-458xx/CVE-2023-45822.json) (`2023-10-30T15:37:49.727`)
* [CVE-2023-46450](CVE-2023/CVE-2023-464xx/CVE-2023-46450.json) (`2023-10-30T15:55:16.417`)
* [CVE-2023-46449](CVE-2023/CVE-2023-464xx/CVE-2023-46449.json) (`2023-10-30T15:55:58.057`)
* [CVE-2023-30492](CVE-2023/CVE-2023-304xx/CVE-2023-30492.json) (`2023-10-30T15:56:56.320`)
* [CVE-2023-46435](CVE-2023/CVE-2023-464xx/CVE-2023-46435.json) (`2023-10-30T16:20:21.103`)
* [CVE-2023-46074](CVE-2023/CVE-2023-460xx/CVE-2023-46074.json) (`2023-10-30T16:21:25.490`)
* [CVE-2023-5802](CVE-2023/CVE-2023-58xx/CVE-2023-5802.json) (`2023-10-30T16:23:18.107`)
* [CVE-2023-32116](CVE-2023/CVE-2023-321xx/CVE-2023-32116.json) (`2023-10-30T16:27:32.430`)
* [CVE-2023-46076](CVE-2023/CVE-2023-460xx/CVE-2023-46076.json) (`2023-10-30T16:28:35.143`)
* [CVE-2023-46077](CVE-2023/CVE-2023-460xx/CVE-2023-46077.json) (`2023-10-30T16:29:04.847`)
* [CVE-2023-46081](CVE-2023/CVE-2023-460xx/CVE-2023-46081.json) (`2023-10-30T16:29:47.100`)
* [CVE-2023-43360](CVE-2023/CVE-2023-433xx/CVE-2023-43360.json) (`2023-10-30T16:31:41.030`)
* [CVE-2023-5790](CVE-2023/CVE-2023-57xx/CVE-2023-5790.json) (`2023-10-30T16:33:03.000`)
* [CVE-2023-5791](CVE-2023/CVE-2023-57xx/CVE-2023-5791.json) (`2023-10-30T16:34:21.550`)
* [CVE-2023-5792](CVE-2023/CVE-2023-57xx/CVE-2023-5792.json) (`2023-10-30T16:34:50.407`)
## Download and Usage