admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-16T19:00:18.595128+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-16 19:00:22 +00:00
parent 61a6abedd1
commit 171bb02eb1
116 changed files with 15191 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
CVE-2023/CVE-2023-262xx/CVE-2023-26221.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26221",
"sourceIdentifier": "security@tibco.com",
"published": "2023-11-08T20:15:07.313",
"lastModified": "2023-11-09T13:46:24.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:37:34.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.\n\n"
},
{
"lang": "es",
"value": "El componente Spotfire Connectors de Spotfire Analyst, Spotfire Server y Spotfire para AWS Marketplace de TIBCO Software Inc. contiene una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante con pocos privilegios y acceso de lectura/escritura crear archivos maliciosos de Analyst. Un ataque exitoso que utilice esta vulnerabilidad requiere la interacci\u00f3n humana de una persona distinta del atacante. Las versiones afectadas son Spotfire Analyst de TIBCO Software Inc.: versiones 12.3.0, 12.4.0 y 12.5.0, Spotfire Server: versiones 12.3.0, 12.4.0 y 12.5.0, y Spotfire para AWS Marketplace: versi\u00f3n 12.5.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 2.5
},
{
"source": "security@tibco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "security@tibco.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949054A7-A299-4C11-9E2B-7437D6C4D801"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C63E85E6-8519-4957-B55B-0B8F6E658B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE433F55-79E4-438C-81C7-4CEEAEE1C442"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform:12.5.0:*:*:*:*:aws_marketplace:*:*",
"matchCriteriaId": "55B9367D-3938-4059-BABE-72322C2AE10C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_server:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7F5C30-950E-4483-8795-761C506BB549"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_server:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B67F529-EB21-4628-ADA2-56E76DA272EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_server:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889EE133-0CEE-429F-A58E-1F310FB981B8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com"
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-263xx/CVE-2023-26368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26368",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:29.547",
"lastModified": "2023-11-16T16:15:29.547",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2023/CVE-2023-286xx/CVE-2023-28618.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28618",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-12T22:15:29.190",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:42:45.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <=\u00a01.16 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Marios Alexandrou Enhanced Plugin Admin en versiones &lt;= 1.16."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:infolific:enhanced_plugin_admin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.16",
"matchCriteriaId": "6B2AA469-7267-48F8-AC4F-721A9DF5885F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/enhanced-plugin-admin/wordpress-enhanced-plugin-admin-plugin-1-16-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-286xx/CVE-2023-28694.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28694",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-12T22:15:29.370",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:42:33.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs \u2013 BuddyPress Activity Social Share plugin <=\u00a03.5.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Wbcom Designs Wbcom Designs \u2013 Complemento BuddyPress Activity Social Share en versiones &lt;= 3.5.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wbcomdesigns:buddypress_activity_social_share:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5.0",
"matchCriteriaId": "E30E0FAC-8A43-4964-B9EE-A9633E174D97"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bp-activity-social-share/wordpress-wbcom-designs-buddypress-activity-social-share-plugin-3-4-0-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-286xx/CVE-2023-28696.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28696",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-12T22:15:29.560",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:41:01.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <=\u00a03.9.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Harish Chouhan, Themeist I Recommend en versiones &lt;= 3.9.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeist:i_recommend_this:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.0",
"matchCriteriaId": "A94D9D57-22D4-40C0-8984-761A2FF46B6A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/i-recommend-this/wordpress-i-recommend-this-plugin-3-8-3-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-289xx/CVE-2023-28930.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28930",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-12T22:15:29.777",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:38:04.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <=\u00a01.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Robin Phillips Mobile Banner en versiones &lt;= 1.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robinphillips:mobile_banner:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5",
"matchCriteriaId": "2E72CCEC-06C5-49BE-8D46-AAFD04B902ED"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mobile-banner/wordpress-mobile-banner-plugin-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-289xx/CVE-2023-28987.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28987",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-12T22:15:29.960",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:37:59.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin\u00a0<= 2.0.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Wpmet Wp Ultimate Review en versiones &lt;= 2.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmet:wp_ultimate_review:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "9B623AB4-848F-4623-85C0-9AF7C8525AEA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-292xx/CVE-2023-29238.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29238",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-12T22:15:30.147",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:37:54.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate \u2013 FREE Donate button \u2013 Crowdfunding \u2013 Fundraising plugin <=\u00a03.12.15 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Whydonate Whydonate \u2013 FREE Donate button \u2013 Crowdfunding \u2013 Fundraising en versiones &lt;= 3.12.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:whydonate:wp_whydonate:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.12.15",
"matchCriteriaId": "BC50FDC2-CB4F-4164-8D98-C04C47BFF592"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-whydonate/wordpress-whydonate-plugin-3-12-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-294xx/CVE-2023-29425.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29425",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-12T22:15:30.327",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:37:47.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <=\u00a04.9.23 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento plainware.Com ShiftController Employee Shift Scheduling en versiones &lt;= 4.9.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plainware:shiftcontroller:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.9.23",
"matchCriteriaId": "97B4E2D6-C02C-4CF3-9691-3E79A1B58D9E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shiftcontroller/wordpress-shiftcontroller-employee-shift-scheduling-plugin-4-9-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-299xx/CVE-2023-29974.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-29974",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-08T21:15:08.447",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:35:54.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements."
},
{
"lang": "es",
"value": "Un problema descubierto en Pfsense CE versi\u00f3n 2.6.0 permite a los atacantes comprometer cuentas de usuario mediante requisitos de contrase\u00f1a d\u00e9biles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pfsense:pfsense:2.6.0:*:*:*:community:*:*:*",
"matchCriteriaId": "7F69B7B3-805F-4604-9710-80F11F5E4142"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-29974-weak-password-policy/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-310xx/CVE-2023-31077.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-31077",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-10T14:15:35.923",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:54:55.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <=\u00a02.1.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento ReCorp Export WP Page to Static HTML/CSS en versiones &lt;= 2.1.9."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myrecorp:export_wp_page_to_static_html\\/css:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.9",
"matchCriteriaId": "868E1CF7-EB3F-4BCA-982B-5A0A60B488D5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/export-wp-page-to-static-html/wordpress-export-wp-page-to-static-html-css-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-329xx/CVE-2023-32966.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-32966",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-07T18:15:08.620",
"lastModified": "2023-11-07T19:07:44.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:19:15.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en CRUDLab Jazz Popups conduce XSS Almacenado. Este problema afecta a Jazz Popups: desde n/a hasta 1.8.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crudlab:jazz_popups:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.7",
"matchCriteriaId": "654013BB-4972-4DE3-A8B5-96E822A29612"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jazz-popups/wordpress-jazz-popups-plugin-1-8-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-358xx/CVE-2023-35877.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35877",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T17:15:07.657",
"lastModified": "2023-11-13T18:44:54.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:14:43.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Vadym K. Extra User Details permiten almacenar XSS. Este problema afecta Extra User Details: desde n/a hasta 0.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vadimk:extra_user_details:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "0.5.1",
"matchCriteriaId": "EA7AF4C0-BCEB-45A1-888B-D8D7D2A29843"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/extra-user-details/wordpress-extra-user-details-plugin-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

134
CVE-2023/CVE-2023-391xx/CVE-2023-39198.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39198",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-09T20:15:08.730",
"lastModified": "2023-11-09T20:51:06.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:16:01.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador QXL del kernel de Linux. La funci\u00f3n qxl_mode_dumb_create() desreferencia el qobj devuelto por qxl_gem_object_create_with_handle(), pero el identificador es el \u00fanico que contiene una referencia a \u00e9l. Esta falla permite a un atacante adivinar el valor de identificador devuelto y desencadenar un problema de use-after-free, lo que podr\u00eda provocar una denegaci\u00f3n de servicio o una escalada de privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,106 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2226A776-DF8C-49E0-A030-0A7853BB018A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6F15C659-DF06-455A-9765-0E6DE920F29A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*",
"matchCriteriaId": "5B1C14ED-ABC4-41D3-8D9C-D38C6A65B4DE"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39198",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-392xx/CVE-2023-39295.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39295",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-11-10T16:15:32.580",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:57:01.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.1.3 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.1.3 y posteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:qumagie:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "DD6AF145-97B1-4A7D-9059-0B9DD12B7857"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-50",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-412xx/CVE-2023-41284.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41284",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-11-10T16:15:32.780",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:56:51.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.1.4 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n SQL afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.1.4 y posteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:qumagie:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "DD6AF145-97B1-4A7D-9059-0B9DD12B7857"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-50",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-412xx/CVE-2023-41285.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41285",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-11-10T16:15:32.967",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:09:49.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.1.4 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n SQL afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.1.4 y posteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:qumagie:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "DD6AF145-97B1-4A7D-9059-0B9DD12B7857"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-50",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-443xx/CVE-2023-44327.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44327",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.100",
"lastModified": "2023-11-16T15:15:08.100",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44328",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.300",
"lastModified": "2023-11-16T15:15:08.300",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44329",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.490",
"lastModified": "2023-11-16T15:15:08.490",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44330.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44330",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.683",
"lastModified": "2023-11-16T15:15:08.683",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44331.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44331",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.863",
"lastModified": "2023-11-16T15:15:08.863",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44332.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44332",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.043",
"lastModified": "2023-11-16T15:15:09.043",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44333.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44333",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.237",
"lastModified": "2023-11-16T15:15:09.237",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44334.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44334",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.450",
"lastModified": "2023-11-16T15:15:09.450",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44335.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44335",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.630",
"lastModified": "2023-11-16T15:15:09.630",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

1828
CVE-2023/CVE-2023-450xx/CVE-2023-45075.json
View File

File diff suppressed because it is too large Load Diff

1818
CVE-2023/CVE-2023-450xx/CVE-2023-45076.json
View File

File diff suppressed because it is too large Load Diff

1818
CVE-2023/CVE-2023-450xx/CVE-2023-45077.json
View File

File diff suppressed because it is too large Load Diff

1818
CVE-2023/CVE-2023-450xx/CVE-2023-45078.json
View File

File diff suppressed because it is too large Load Diff

1818
CVE-2023/CVE-2023-450xx/CVE-2023-45079.json
View File

File diff suppressed because it is too large Load Diff

57
CVE-2023/CVE-2023-451xx/CVE-2023-45140.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45140",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T16:15:09.800",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:50:42.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15."
},
{
"lang": "es",
"value": "The Bastion proporciona autenticaci\u00f3n, autorizaci\u00f3n, trazabilidad y auditabilidad para accesos SSH. Los complementos SCP y SFTP no respetan JIT MFA basado en grupos. Establecer una conexi\u00f3n SCP/SFTP a trav\u00e9s de The Bastion por medio de un acceso grupal donde se aplica MFA no requiere ning\u00fan factor adicional. Este comportamiento anormal solo se aplica a JIT MFA por grupo. Otros tipos de configuraci\u00f3n de MFA, como Immediate MFA, JIT MFA por complemento y JIT MFA por cuenta, no se ven afectados. Este problema se solucion\u00f3 en la versi\u00f3n 3.14.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ovh:the-bastion:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.14.15",
"matchCriteriaId": "A4A16733-F993-429F-B56C-6161B82D25C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ovh/the-bastion/releases/tag/v3.14.15",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ovh/the-bastion/security/advisories/GHSA-pr4q-w883-pf5x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-458xx/CVE-2023-45857.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-45857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-08T21:15:08.550",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:35:34.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information."
},
{
"lang": "es",
"value": "Un problema descubierto en Axios 1.5.1 revela inadvertidamente el XSRF-TOKEN confidencial almacenado en las cookies al incluirlo en el encabezado HTTP X-XSRF-TOKEN para cada solicitud realizada a cualquier host, lo que permite a los atacantes ver informaci\u00f3n sensible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axios:axios:1.5.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "28179B3F-4DC0-416C-BC68-2678D3DF2313"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/axios/axios/issues/6006",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

77
CVE-2023/CVE-2023-458xx/CVE-2023-45875.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-45875",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-08T21:15:08.587",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:35:03.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Couchbase Server 7.2.0. Hay una fuga de clave privada en debug.log al agregar un nodo anterior a 7.0 a un cl\u00faster 7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7BB41-6DE4-45D5-81FE-A3CC055853F1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://forums.couchbase.com/tags/security",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.couchbase.com/alerts/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46014.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46014",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T22:15:07.487",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:32:08.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en hospitalLogin.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de los par\u00e1metros 'hemail' y 'hpassword'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46014-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46015",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T22:15:07.537",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:31:55.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en index.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro 'msg' en la URL de la aplicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46015-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46016",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T22:15:07.587",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:31:46.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Cross Site Scripting (XSS) en abs.php en Code-Projects Blood Bank 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro 'search' en la URL de la aplicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46016-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46017.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46017",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T22:15:07.640",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:31:15.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en ReceiverLogin.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de los par\u00e1metros 'remail' y 'rpassword'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46017-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46018.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46018",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T22:15:07.690",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:31:02.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en ReceiverReg.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro 'remail'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46018-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46019.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46019",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T23:15:07.840",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:32:14.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en abs.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro 'error'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46019-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46020.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46020",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T23:15:07.893",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:32:22.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Cross Site Scripting (XSS) en updateprofile.php en Code-Projects Blood Bank 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros 'rename', 'remail', 'rphone' y 'rcity'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46020-Code-Projects-Blood-Bank-1.0-Stored-Cross-Site-Scripting-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46021",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T23:15:07.950",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:32:31.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en cancel.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro 'reqid'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:blood_bank:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46469A77-975B-4572-9311-910A97F6E607"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ersinerenler/CVE-2023-46021-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-462xx/CVE-2023-46201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46201",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T05:15:08.650",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:15:29.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:auto_login_new_user_after_registration_project:auto_login_new_user_after_registration:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.6",
"matchCriteriaId": "A6AD5FC4-4468-4877-8DE7-7C78618D688E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-466xx/CVE-2023-46634.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46634",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T04:15:08.050",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:16:13.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phoeniixx:custom_my_account_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1",
"matchCriteriaId": "5408CCD2-B79D-49BA-AA65-66DB3370A2DA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-my-account-for-woocommerce/wordpress-custom-my-account-for-woocommerce-plugin-2-1-csrf-to-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-46xx/CVE-2023-4632.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4632",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-11-08T22:15:11.210",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:33:06.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges."
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de ruta de b\u00fasqueda no controlada en Lenovo System Update que podr\u00eda permitir que un atacante con acceso local ejecute c\u00f3digo con privilegios elevados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.08.02.25",
"matchCriteriaId": "6E3CCF6F-990A-4BB7-9272-96F332444279"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-135367",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-470xx/CVE-2023-47004.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2023-47004",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T22:15:08.043",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:36:06.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento del b\u00fafer en Redis RedisGraph v.2.x a v.2.12.8 y corregida en v.2.12.9 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de la l\u00f3gica del c\u00f3digo despu\u00e9s de una autenticaci\u00f3n v\u00e1lida."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redislabs:redisgraph:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.12.9",
"matchCriteriaId": "AF83E4D7-A176-4767-A2C4-31B52259CBAB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/RedisGraph/RedisGraph/issues/3178",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-470xx/CVE-2023-47040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47040",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.120",
"lastModified": "2023-11-16T15:15:10.120",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47041.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47041",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.390",
"lastModified": "2023-11-16T15:15:10.390",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47042",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.650",
"lastModified": "2023-11-16T15:15:10.650",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47043",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.830",
"lastModified": "2023-11-16T15:15:10.830",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47044",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:11.007",
"lastModified": "2023-11-16T15:15:11.007",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47046.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47046",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.080",
"lastModified": "2023-11-16T16:15:32.080",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47047",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.367",
"lastModified": "2023-11-16T16:15:32.367",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47048",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.783",
"lastModified": "2023-11-16T16:15:32.783",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47049",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.973",
"lastModified": "2023-11-16T16:15:32.973",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47050.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47050",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.167",
"lastModified": "2023-11-16T16:15:33.167",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47051",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.370",
"lastModified": "2023-11-16T16:15:33.370",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47052",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.587",
"lastModified": "2023-11-16T16:15:33.587",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47053",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.770",
"lastModified": "2023-11-16T16:15:33.770",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47054",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.957",
"lastModified": "2023-11-16T16:15:33.957",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-470xx/CVE-2023-47055.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47055",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.267",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47056.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47056",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.510",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47057.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47057",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.700",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47058.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47058",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.890",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47059.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47059",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:08.080",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47060.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47060",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:08.270",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
}
]
}

76
CVE-2023/CVE-2023-471xx/CVE-2023-47109.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47109",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T22:15:10.423",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:34:36.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.\n"
},
{
"lang": "es",
"value": "PrestaShop blockreassurance agrega un bloque de informaci\u00f3n destinado a ofrecer informaci\u00f3n \u00fatil para asegurar a los clientes que la tienda es confiable. Al agregar un bloque en el m\u00f3dulo blockreassurance, un usuario BO puede modificar la solicitud http y proporcionar la ruta de cualquier archivo en el proyecto en lugar de una imagen. Al eliminar el bloque del BO, el archivo se eliminar\u00e1. Es posible hacer que el sitio web no est\u00e9 completamente disponible eliminando index.php, por ejemplo. Este problema se solucion\u00f3 en la versi\u00f3n 5.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:customer_reassurance_block:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "5.1.4",
"matchCriteriaId": "B2227213-F29B-4017-8827-E0E3BC608ED0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-471xx/CVE-2023-47111.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47111",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T22:15:10.657",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:33:53.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.\n"
},
{
"lang": "es",
"value": "ZITADEL proporciona infraestructura de identidad. ZITADEL brinda a los administradores la posibilidad de definir una \"Pol\u00edtica de bloqueo\" con una cantidad m\u00e1xima de intentos fallidos de verificaci\u00f3n de contrase\u00f1a. En cada verificaci\u00f3n de contrase\u00f1a fallida, la cantidad de comprobaciones fallidas se compara con el m\u00e1ximo configurado. Exceder el l\u00edmite bloquear\u00e1 al usuario y evitar\u00e1 una mayor autenticaci\u00f3n. En la implementaci\u00f3n afectada, un atacante pod\u00eda iniciar m\u00faltiples comprobaciones de contrase\u00f1as en paralelo, d\u00e1ndole la posibilidad de probar m\u00e1s combinaciones de las configuradas en la \"Pol\u00edtica de bloqueo\". Esta vulnerabilidad ha sido parcheada en las versiones 2.40.5 y 2.38.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.38.3",
"matchCriteriaId": "CF7331E5-9891-4D72-B9D1-71620A21A006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.39.0",
"versionEndExcluding": "2.40.5",
"matchCriteriaId": "8EA4342D-C972-4980-8E06-4F19EA76E69E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.38.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.40.5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-471xx/CVE-2023-47114.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47114",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T22:15:11.023",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:33:17.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being bundled together as a data subject access request package for the data subject to download. Supported data formats for the package include json and csv, but the most commonly used format is a series of HTML files compressed in a ZIP file. Once downloaded and unzipped, the data subject user can browse the HTML files on their local machine. It was identified that there was no validation of input coming from e.g. the connected systems and data stores which is later reflected in the downloaded data. This can result in an HTML injection that can be abused e.g. for phishing attacks or malicious JavaScript code execution, but only in the context of the data subject's browser accessing a HTML page using the `file://` protocol. Exploitation is limited to rogue Admin UI users, malicious connected system / data store users, and the data subject user if tricked via social engineering into submitting malicious data themselves. This vulnerability has been patched in version 2.23.3."
},
{
"lang": "es",
"value": "Fides es una plataforma de ingenier\u00eda de privacidad de c\u00f3digo abierto para gestionar el cumplimiento de las solicitudes de privacidad de datos en su entorno de ejecuci\u00f3n y la aplicaci\u00f3n de las regulaciones de privacidad en su c\u00f3digo. La aplicaci\u00f3n web de Fides permite a los usuarios interesados solicitar el acceso a sus datos personales. Si la solicitud es aprobada por el usuario del controlador de datos que opera la aplicaci\u00f3n web de Fides, los datos personales del interesado se pueden recuperar de los sistemas y almacenes de datos conectados antes de agruparlos como un paquete de solicitud de acceso del interesado para que el interesado los descargue. Los formatos de datos admitidos por el paquete incluyen json y csv, pero el formato m\u00e1s utilizado es una serie de archivos HTML comprimidos en un archivo ZIP. Una vez descargados y descomprimidos, el usuario interesado puede explorar los archivos HTML en su m\u00e1quina local. Se identific\u00f3 que no hubo validaci\u00f3n de las entradas provenientes, por ejemplo, de los sistemas conectados y los almacenes de datos, lo que luego se refleja en los datos descargados. Esto puede dar lugar a una inyecci\u00f3n de HTML de la que se puede abusar, por ejemplo, para ataques de phishing o ejecuci\u00f3n de c\u00f3digo JavaScript malicioso, pero s\u00f3lo en el contexto del navegador del interesado que accede a una p\u00e1gina HTML utilizando el protocolo `file://`. La explotaci\u00f3n se limita a usuarios no autorizados de la interfaz de usuario de administraci\u00f3n, a usuarios maliciosos del sistema conectado/almacenamiento de datos y al usuario interesado si se le enga\u00f1a mediante ingenier\u00eda social para que env\u00ede datos maliciosos. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 2.23.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ethyca:fides:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.15.1",
"versionEndExcluding": "2.23.3",
"matchCriteriaId": "64694F6B-53E4-40E4-89FD-6BE525A038D7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ethyca/fides/commit/50360a0e24aac858459806bb140bb1c4b71e67a1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ethyca/fides/releases/tag/2.23.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-3vpf-mcj7-5h38",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-471xx/CVE-2023-47122.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47122",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-10T22:15:14.250",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:50:16.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) - anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available."
},
{
"lang": "es",
"value": "Gitsign es un software para la firma Git sin llave mediante Sigstore. En las versiones de gitsign que comienzan con 0.6.0 y anteriores a 0.8.0, las claves p\u00fablicas de Rekor se obtuvieron a trav\u00e9s de la API de Rekor, en lugar de a trav\u00e9s del cliente TUF local. Si el servidor Rekor ascendente estuviera comprometido, los clientes de gitsign podr\u00edan ser enga\u00f1ados para que conf\u00eden en firmas incorrectas. No se conoce ning\u00fan compromiso con la instancia de bien p\u00fablico predeterminada (`rekor.sigstore.dev`): cualquiera que use esta instancia no se ve afectado. Este problema se solucion\u00f3 en v0.8.0. No hay workarounds conocidos disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sigstore:gitsign:*:*:*:*:*:go:*:*",
"versionStartIncluding": "0.6.0",
"versionEndExcluding": "0.8.0",
"matchCriteriaId": "438E0CC3-D374-42A0-B324-2887AB9A8328"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.sigstore.dev/about/threat-model/#sigstore-threat-model",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/sigstore/gitsign/commit/cd66ccb03c86a3600955f0c15f6bfeb75f697236",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sigstore/gitsign/pull/399",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sigstore/gitsign/security/advisories/GHSA-xvrc-2wvh-49vc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-471xx/CVE-2023-47127.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47127",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T20:15:08.230",
"lastModified": "2023-11-14T21:38:09.280",
"lastModified": "2023-11-16T18:15:06.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. En las instalaciones de typo3 siempre hay al menos dos sitios diferentes. P.ej. first.example.org y second.example.com. En las versiones afectadas, una cookie de sesi\u00f3n generada para el primer sitio se puede reutilizar en el segundo sitio sin requerir autenticaci\u00f3n adicional. Esta vulnerabilidad se solucion\u00f3 en las versiones 8.7.55, 9.5.44, 10.4.41, 11.5.33 y 12.4.8. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
@ -41,7 +45,7 @@
"description": [
{
"lang": "en",
"value": "CWE-294"
"value": "CWE-302"
}
]
}

78
CVE-2023/CVE-2023-471xx/CVE-2023-47163.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-47163",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-13T03:15:09.743",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:16:27.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition."
},
{
"lang": "es",
"value": "Remarshal anterior a v0.17.1 expande los nodos de alias YAML de forma ilimitada, por lo que Remarshal es vulnerable a Billion Laughs Attack. El procesamiento de archivos YAML que no son de confianza puede provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remarshal_project:remarshal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.17.1",
"matchCriteriaId": "A664F861-2169-4499-94F0-F80C46FCD477"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes"
]
},
{
"url": "https://jvn.jp/en/jp/JVN86156389/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-471xx/CVE-2023-47164.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47164",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-10T09:15:07.363",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:57:24.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Una vulnerabilidad de Cross-site scripting en HOTELDRUID 3.0.5 y versiones anteriores permite que un atacante remoto no autenticado ejecute un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digitaldruid:hoteldruid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.5",
"matchCriteriaId": "251580B4-8DB6-4B46-B11C-094EECAE7D85"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN99177549/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.hoteldruid.com/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://www.hoteldruid.com/en/download.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-475xx/CVE-2023-47514.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47514",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-16T18:15:07.060",
"lastModified": "2023-11-16T18:15:07.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <=\u00a02.0.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/star-cloudprnt-for-woocommerce/wordpress-star-cloudprnt-for-woocommerce-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

47
CVE-2023/CVE-2023-475xx/CVE-2023-47516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47516",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T04:15:08.287",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:16:05.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:starkdigital:category_post_list_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "A75CE266-5FAF-4FB0-8937-A238F292A101"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/category-post-list-widget/wordpress-category-post-list-widget-plugin-2-0-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

311
CVE-2023/CVE-2023-476xx/CVE-2023-47610.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47610",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-09T17:15:08.960",
"lastModified": "2023-11-09T19:32:04.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:19:06.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -50,10 +80,285 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF"
}
]
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/",
"source": "vulnerability@kaspersky.com"
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
]
}
]
}

315
CVE-2023/CVE-2023-476xx/CVE-2023-47611.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47611",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-10T17:15:07.380",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:51:56.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to \"manufacturer\" level on the targeted system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-269: Gesti\u00f3n de Privilegios Inadecuada en Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 que podr\u00eda permitir a un atacante local con pocos privilegios elevar los privilegios al nivel de \"fabricante\" en el sistema de destino."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -46,10 +80,285 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF"
}
]
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/",
"source": "vulnerability@kaspersky.com"
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
]
}
]
}

315
CVE-2023/CVE-2023-476xx/CVE-2023-47614.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47614",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-10T16:15:33.860",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:53:21.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-200: Exposici\u00f3n de Informaci\u00f3n Confidencial a un Actor No Autorizado en Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 que podr\u00eda permitir una vulnerabilidad local, un atacante con pocos privilegios revela rutas virtuales ocultas y nombres de archivos en el sistema objetivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -46,10 +80,285 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF"
}
]
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/",
"source": "vulnerability@kaspersky.com"
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-476xx/CVE-2023-47652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47652",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T04:15:08.497",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:15:46.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autoaffiliatelinks:auto_affiliate_links:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.4.2.5",
"matchCriteriaId": "962D4F05-9E3F-4836-B8F7-CC8BC9654900"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-auto-affiliate-links/wordpress-auto-affiliate-links-plugin-6-4-2-3-csrf-lead-to-stored-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47669.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47669",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T02:15:09.043",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:39:26.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin <=\u00a03.10.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Cozmoslabs User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles &amp; User Role Editor en versiones &lt;= 3.10.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.10.4",
"matchCriteriaId": "3FEF4C25-C251-4CBE-881B-8FE78D191437"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/profile-builder/wordpress-user-profile-builder-plugin-3-10-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-476xx/CVE-2023-47690.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47690",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T23:15:08.003",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:35:54.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:antonbond:additional_order_filters_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.10",
"matchCriteriaId": "78B3DA93-B44C-46C8-9CA2-F57F50DCF3C6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/additional-order-filters-for-woocommerce/wordpress-additional-order-filters-for-woocommerce-plugin-1-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4771",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-16T14:15:28.913",
"lastModified": "2023-11-16T14:15:28.913",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-480xx/CVE-2023-48052.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48052",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T18:15:07.250",
"lastModified": "2023-11-16T18:15:07.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack."
}
],
"metrics": {},
"references": [
{
"url": "https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-480xx/CVE-2023-48053.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48053",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T18:15:07.297",
"lastModified": "2023-11-16T18:15:07.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications."
}
],
"metrics": {},
"references": [
{
"url": "https://gxx777.github.io/Archery_v1.10.0_Cryptographic_API_Misuse_Vulnerability.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-480xx/CVE-2023-48054.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48054",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T18:15:07.343",
"lastModified": "2023-11-16T18:15:07.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack."
}
],
"metrics": {},
"references": [
{
"url": "https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-480xx/CVE-2023-48055.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48055",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T18:15:07.390",
"lastModified": "2023-11-16T18:15:07.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications."
}
],
"metrics": {},
"references": [
{
"url": "https://gxx777.github.io/SuperAGI_v0.0.13_Cryptographic_API_Misuse_Vulnerability.md",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-480xx/CVE-2023-48056.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-48056",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T18:15:07.440",
"lastModified": "2023-11-16T18:15:07.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications."
}
],
"metrics": {},
"references": [
{
"url": "http://bandoche.com",
"source": "cve@mitre.org"
},
{
"url": "http://pypinksign.com",
"source": "cve@mitre.org"
},
{
"url": "https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md",
"source": "cve@mitre.org"
}
]
}

68
CVE-2023/CVE-2023-480xx/CVE-2023-48058.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48058",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T16:15:28.080",
"lastModified": "2023-11-13T18:44:54.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:34:52.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/task/run"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8278D9D-0CD5-4659-8BD6-8A4557D57C2C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/CP1379767017/cms/blob/main/CSRF%20exists%20at%20the%20task%20management%20execution%20task%20location.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-480xx/CVE-2023-48060.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48060",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T16:15:28.150",
"lastModified": "2023-11-13T18:44:54.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:35:04.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/task/add"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8278D9D-0CD5-4659-8BD6-8A4557D57C2C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/CP1379767017/cms/blob/main/CSRF%20exists%20at%20the%20location%20where%20task%20management%20adds%20tasks.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-480xx/CVE-2023-48063.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48063",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T16:15:28.200",
"lastModified": "2023-11-13T18:44:54.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:35:21.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en dreamer_cms 4.1.3. Existe una vulnerabilidad CSRF que puede eliminar un proyecto de tema a trav\u00e9s de /admin/category/delete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8278D9D-0CD5-4659-8BD6-8A4557D57C2C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/CP1379767017/cms/blob/dreamcms_vul/There%20is%20a%20CSRF%20vulnerability%20at%20th%20menu%20management%20location.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-480xx/CVE-2023-48068.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48068",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-13T16:15:28.243",
"lastModified": "2023-11-13T18:44:54.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:35:37.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que DedeCMS v6.2 contiene una vulnerabilidad de Cross-site Scripting (XSS) a trav\u00e9s de spec_add.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF3C77B-5D8B-452E-860A-D7C4C8C0BCE9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/CP1379767017/cms/blob/dreamcms_vul/dedevCMS/dedeCMS_XSS.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

267
CVE-2023/CVE-2023-48xx/CVE-2023-4804.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4804",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2023-11-10T23:15:07.743",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:45:01.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed."
},
{
"lang": "es",
"value": "Un usuario no autorizado podr\u00eda acceder a las funciones de depuraci\u00f3n de los productos Quantum HD Unity que quedaron expuestos accidentalmente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "productsecurity@jci.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "productsecurity@jci.com",
"type": "Secondary",
@ -46,14 +80,239 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.00",
"versionEndExcluding": "11.22",
"matchCriteriaId": "F1B48F7F-42AA-45AA-8FC7-F93FA3136139"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_compressor_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.00",
"versionEndExcluding": "12.22",
"matchCriteriaId": "2017C20F-3D16-4848-A0EF-42B4B4EBE345"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_compressor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "640BFA18-318D-41FA-BBE1-C91234A25A1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.00",
"versionEndExcluding": "11.12",
"matchCriteriaId": "A7E3C78C-D372-4CF3-BA1B-3F2DF3EDF364"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_acuair_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.00",
"versionEndExcluding": "12.12",
"matchCriteriaId": "607F1C13-830D-4B8D-8BCF-42A8AEDB3147"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_acuair:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC4238A-8CE2-4DBE-BAE5-9E687725CCB2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\\/vessel_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.00",
"versionEndExcluding": "11.11",
"matchCriteriaId": "A84D6C4C-55F8-4E99-9BFC-F1C4E554F933"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_condenser\\/vessel_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.00",
"versionEndExcluding": "12.11",
"matchCriteriaId": "E69F5AF9-715A-4AAB-BCB2-5B8AEE775BE6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_condenser\\/vessel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B733-1714-4111-B53C-4644A736B734"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.00",
"versionEndExcluding": "11.11",
"matchCriteriaId": "1CE01D66-6D85-4685-87D7-CA3A8D976412"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_evaporator_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.00",
"versionEndExcluding": "12.11",
"matchCriteriaId": "29520C3D-1083-47BE-9B61-652579E28867"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_evaporator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "769190A6-EF60-470F-B308-64DDD4D96C79"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.00",
"versionEndExcluding": "11.11",
"matchCriteriaId": "02F0D946-8D1D-42E2-8C55-2D9098AFC9E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_engine_room_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.00",
"versionEndExcluding": "12.11",
"matchCriteriaId": "C3AACE2F-4103-40FC-B1A5-79657AC808FE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_engine_room:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC48EFE2-04CD-491E-A127-E4F4370C202D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_interface_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.00",
"versionEndExcluding": "11.11",
"matchCriteriaId": "5A617CBC-3B72-46EC-B7B6-F51EFC1CD0E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:quantum_hd_unity_interface_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.00",
"versionEndExcluding": "12.11",
"matchCriteriaId": "27A27741-45EE-4F9F-98F2-260804055A19"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:quantum_hd_unity_interface:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0E1361-A1D8-43AD-B0C7-9D54049DF6A8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01",
"source": "productsecurity@jci.com"
"source": "productsecurity@jci.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"source": "productsecurity@jci.com"
"source": "productsecurity@jci.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-48xx/CVE-2023-4891.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4891",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-11-08T22:15:11.593",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:01:59.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. \n\n"
},
{
"lang": "es",
"value": "Se inform\u00f3 de una posible vulnerabilidad de use-after-free en el controlador Lenovo View que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -46,10 +70,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:view_driver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.18.1",
"matchCriteriaId": "DEE94F02-1D32-4170-AC42-7A30BE3A574F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-135344",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-50xx/CVE-2023-5075.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5075",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-11-08T22:15:11.770",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:01:47.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code."
},
{
"lang": "es",
"value": "Se inform\u00f3 de un desbordamiento del b\u00fafer en el controlador FmpSipoCapsuleDriver en el IdeaPad Duet 3-10IGL5 que puede permitir que un atacante local con privilegios elevados ejecute c\u00f3digo arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -46,10 +70,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:ideapad_duet_3_10igl5_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "eqcn39ww",
"matchCriteriaId": "934DAF3B-D040-45DC-90F5-E13B0846E857"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ED2CCF-A6BB-45C8-B729-31241AA7254A"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

582
CVE-2023/CVE-2023-50xx/CVE-2023-5078.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5078",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-11-08T22:15:11.957",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:01:15.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware."
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad en algunos BIOS de ThinkPad que podr\u00eda permitir que un atacante f\u00edsico o local con privilegios elevados altere el firmware del BIOS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -46,10 +70,562 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51AEE592-1F68-413B-A670-B0F6F3D110EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C890D81-D9C9-4AEB-A12E-DF79528876CD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_7_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.19",
"matchCriteriaId": "B01C37DE-CD3B-41B1-AD51-9A50756895AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1040935-6004-4539-992A-FCDDC84333B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF1F949-A465-4F73-9C63-0D74CC4A0DC3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2279C8-0F44-4CA3-9AED-F31E3C3327D8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_gen_8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61017FB7-72EF-4FD5-8B22-D583050545CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_gen_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826861DB-719A-40DE-B813-CE51EDEC84D2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_p14s_gen_3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77BE2A8-C168-4F8D-B171-B0BDA4F6987D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_p14s_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C54E4EC5-68F4-484D-8A1A-607207073291"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_p16s_gen_1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75543F74-E28E-44A9-B33E-F282F1FCCAD2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_p16s_gen_1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DBC3DED-A725-4686-BACD-FD2AC33D4B4C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14_gen_3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85C2DBDC-539A-4E63-90A0-17D92B800586"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33F5E4AC-0BB5-4582-A68B-B044AE1FDDF3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14s_gen_3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC69FC7-7B0F-4F20-A067-A685EC15FD74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14s_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F5560A-10AE-46AE-A609-C8EB9287F779"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t16_gen_1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "013EEF43-FF93-4F37-A1A6-950446B75E48"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t16_gen_1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A04B796B-A40C-43BC-8027-2539BBECF001"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l14_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.23",
"matchCriteriaId": "C9C3B900-6538-4D4D-A3E6-E216238AC569"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l14_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E774C0D8-4712-414D-B9B9-214AAC710B63"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l14_gen_4_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1",
"matchCriteriaId": "FFA1173E-8292-4C93-9D71-242BBC87306B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l14_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "181D4876-394F-4FE0-91B8-16267F987D18"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l15_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.23",
"matchCriteriaId": "67569E35-EBF9-4EC0-A6D4-35BC80424093"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l15_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4ACCDD8-A4F5-4805-91FC-4464A1FB46BA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l15_gen_4_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1",
"matchCriteriaId": "77783297-A20A-4137-8E0F-1600AC0EAE7D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l15_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED6441F-C705-40D0-9FDF-7471955D6610"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CEB116-4F8D-4573-8E65-C6FC5A65455E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D619CDB5-510B-443F-8772-CB09DD68190D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.19",
"matchCriteriaId": "1DA62157-F2A9-4868-B7BA-C15BD4EAFD77"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B43B845-C95E-47DF-8AEB-7ADB650A5425"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66645F82-9F66-4AEF-B11E-266C7EF154B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB43443-ED65-4CF5-8FDA-3BCC1E2BD5A2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_gen_4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7C2C57-6EE4-4B33-8EF8-C0BD769DF480"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5606FE-0787-44AD-97B8-AAB560056ED5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.19",
"matchCriteriaId": "7A6606CF-CCC8-4061-A989-3519EEA48E4C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6D51EE-16C2-4090-8872-E69E55D5D4A7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_gen_2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF9C24C-203D-4AA7-BBE9-20B0418514C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E560943-6A00-4423-91F3-FBBBBB978F6B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "839CD19A-A6B3-4F2A-B7F5-D2DF08933ADC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA25359-AE51-45EA-8507-40953790E04E"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-55xx/CVE-2023-5539.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5539",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-11-09T20:15:08.920",
"lastModified": "2023-11-09T20:51:06.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T18:17:35.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers."
},
{
"lang": "es",
"value": "Se identific\u00f3 un riesgo de ejecuci\u00f3n remota de c\u00f3digo en la actividad Lesson. Por defecto, esto s\u00f3lo estaba disponible para profesores y directivos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,18 +80,96 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.24",
"matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.17",
"matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.6",
"matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243352",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451580",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-59xx/CVE-2023-5913.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5913",
"sourceIdentifier": "security@opentext.com",
"published": "2023-11-08T17:15:08.193",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T17:00:33.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en texto abierto Fortify ScanCentral DAST. La vulnerabilidad podr\u00eda aprovecharse para obtener privilegios elevados. Este problema afecta a Fortify ScanCentral DAST versiones 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5578907C-9142-461B-88F3-D4510D57E23A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE09FF8-AFDD-4F5E-AF44-FFE8854F5763"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF4C5A3-E698-469A-A8AB-223AC6013B1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0926D3A0-76B2-435C-B691-58B51EDF81B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "956F2EB1-BF27-4F42-A325-E9F91EF60E5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA67A67-DC1E-4FC0-8A9B-8A2192E939BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFD11CE-87C4-40A2-A6EA-80CF1D465F4B"
}
]
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6013.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6013",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:08.460",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/9881569f-dc2a-437e-86b0-20d4b70ae7af",
"source": "security@huntr.dev"
}
]
}

4
CVE-2023/CVE-2023-60xx/CVE-2023-6015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6015",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T16:15:34.370",
"lastModified": "2023-11-16T16:15:34.370",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-60xx/CVE-2023-6016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6016",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T16:15:34.680",
"lastModified": "2023-11-16T16:15:34.680",
"vulnStatus": "Received",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

Some files were not shown because too many files have changed in this diff Show More