admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-22T19:00:19.986892+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-22 19:00:23 +00:00
parent dcf1a4ca58
commit 2042bbef88
141 changed files with 5011 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2021/CVE-2021-213xx/CVE-2021-21330.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-21330",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-02-26T03:15:12.840",
"lastModified": "2023-11-07T03:29:48.187",
"lastModified": "2023-11-22T17:09:17.470",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 2.7
},
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.4",
"matchCriteriaId": "728B59B5-934C-4602-A40A-2CEBF520AEC5"
"matchCriteriaId": "85039D6B-2E1A-4679-8345-BD3804144EAC"
}
]
}

6
CVE-2022/CVE-2022-331xx/CVE-2022-33124.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-33124",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-06-23T17:15:14.877",
"lastModified": "2023-11-07T03:48:17.783",
"lastModified": "2023-11-22T17:09:17.470",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aiohttp_project:aiohttp:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF331E5E-098F-4924-A146-80AACFEE7758"
"criteria": "cpe:2.3:a:aiohttp:aiohttp:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9497F8CF-C73D-4D9F-BCD4-1164551B8374"
}
]
}

43
CVE-2023/CVE-2023-200xx/CVE-2023-20084.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20084",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-22T17:15:18.317",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20240.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20240",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-22T17:15:18.520",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20241.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20241",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-22T17:15:18.740",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.\r\n\r These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8",
"source": "ykramarz@cisco.com"
}
]
}

44
CVE-2023/CVE-2023-222xx/CVE-2023-22268.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22268",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:07.693",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:45:33.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
"value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante autenticado con pocos privilegios. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.4",
"matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-222xx/CVE-2023-22272.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22272",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:07.897",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:45:09.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
"value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante no autenticado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.4",
"matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-222xx/CVE-2023-22273.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22273",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:08.097",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:44:58.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
"value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo por parte de un atacante autenticado por un administrador. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.4",
"matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-222xx/CVE-2023-22274.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22274",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:08.277",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:44:48.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
"value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una vulnerabilidad de restricci\u00f3n inadecuada de referencia de entidad externa XML ('XXE') que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante no autenticado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.4",
"matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-222xx/CVE-2023-22275.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22275",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:08.467",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:44:42.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
"value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante no autenticado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.4",
"matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

18
CVE-2023/CVE-2023-242xx/CVE-2023-24229.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-24229",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-15T18:15:10.460",
"lastModified": "2023-03-19T03:57:06.433",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-22T18:15:07.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component."
"value": "DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter."
}
],
"metrics": {
@ -84,12 +84,24 @@
"Third Party Advisory"
]
},
{
"url": "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul",
"source": "cve@mitre.org"
},
{
"url": "https://www.draytek.co.uk/support/guides/kb-remotemanagement",
"source": "cve@mitre.org"
},
{
"url": "https://www.draytek.com/",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.draytek.com/support/knowledge-base/5465",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-24xx/CVE-2023-2437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2437",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.043",
"lastModified": "2023-11-22T16:15:08.043",
"vulnStatus": "Received",
"lastModified": "2023-11-22T18:15:08.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"

4
CVE-2023/CVE-2023-24xx/CVE-2023-2438.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2438",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.207",
"lastModified": "2023-11-22T16:15:08.207",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-24xx/CVE-2023-2440.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2440",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.367",
"lastModified": "2023-11-22T16:15:08.367",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-24xx/CVE-2023-2446.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2446",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T08:15:07.020",
"lastModified": "2023-11-22T13:56:48.513",
"lastModified": "2023-11-22T18:15:08.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -39,6 +39,10 @@
]
},
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"

8
CVE-2023/CVE-2023-24xx/CVE-2023-2448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2448",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.537",
"lastModified": "2023-11-22T16:15:08.537",
"vulnStatus": "Received",
"lastModified": "2023-11-22T18:15:08.603",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"

8
CVE-2023/CVE-2023-24xx/CVE-2023-2449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2449",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.697",
"lastModified": "2023-11-22T16:15:08.697",
"vulnStatus": "Received",
"lastModified": "2023-11-22T18:15:08.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"

4
CVE-2023/CVE-2023-24xx/CVE-2023-2497.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2497",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.857",
"lastModified": "2023-11-22T16:15:08.857",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-259xx/CVE-2023-25986.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25986",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:08.087",
"lastModified": "2023-11-22T18:15:08.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen \u2013 Ancienne version plugin <=\u00a04.10.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/paygreen-woocommerce/wordpress-paygreen-plugin-4-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25987.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25987",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:08.283",
"lastModified": "2023-11-22T18:15:08.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uro\u0161evi\u0107 My YouTube Channel plugin <=\u00a03.23.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/youtube-channel/wordpress-my-youtube-channel-plugin-3-23-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-265xx/CVE-2023-26542.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26542",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T15:15:08.990",
"lastModified": "2023-11-22T15:15:08.990",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:32:02.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2841",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:09.020",
"lastModified": "2023-11-22T16:15:09.020",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-372xx/CVE-2023-37276.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-37276",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-19T20:15:10.603",
"lastModified": "2023-07-28T15:55:35.390",
"lastModified": "2023-11-22T17:09:17.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.8.4",
"matchCriteriaId": "DF4DD285-33F6-451D-B56A-C326E41CF6E4"
"matchCriteriaId": "2108175E-0BE7-48A0-B191-AFA35C485AF3"
}
]
}

55
CVE-2023/CVE-2023-430xx/CVE-2023-43082.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43082",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-22T17:15:18.940",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

24
CVE-2023/CVE-2023-438xx/CVE-2023-43887.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.747",
"lastModified": "2023-11-22T18:15:08.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/strukturag/libde265/issues/418",
"source": "cve@mitre.org"
}
]
}

64
CVE-2023/CVE-2023-443xx/CVE-2023-44325.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44325",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T09:15:23.053",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:44:29.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.0.2",
"matchCriteriaId": "E38DCD72-51C3-4D00-9D3B-31CA58712414"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/animate/apsb23-61.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44336.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44336",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:08.890",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:18:22.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44337.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44337",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:09.600",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:16:36.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

123
CVE-2023/CVE-2023-443xx/CVE-2023-44338.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44338",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:10.187",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:16:11.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44339.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44339",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:10.717",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:15:45.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44340",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:11.347",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:15:31.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44348",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:12.063",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:15:18.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44356",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:12.640",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:07:19.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44357.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44357",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:13.173",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:04:47.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44358.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44358",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:13.740",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:04:35.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

113
CVE-2023/CVE-2023-443xx/CVE-2023-44359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44359",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:14.283",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:04:24.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.006.20380",
"matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndIncluding": "20.005.30539",
"matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30539",
"matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
]
}
]
}

24
CVE-2023/CVE-2023-453xx/CVE-2023-45377.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.083",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Chronopost Official\" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/fr/transporteurs/19561-chronopost-officiel.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.friendsofpresta.org/modules/2023/11/21/chronopost.html",
"source": "cve@mitre.org"
}
]
}

91
CVE-2023/CVE-2023-456xx/CVE-2023-45620.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45620",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:10.333",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:30:05.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-456xx/CVE-2023-45621.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45621",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:10.497",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:30:22.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-456xx/CVE-2023-45622.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45622",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:10.660",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:30:32.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en BLE Daemon Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-456xx/CVE-2023-45623.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45623",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:10.883",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:26:16.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en Wi-Fi Uplink Service al que se accede a trav\u00e9s a trav\u00e9s protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-456xx/CVE-2023-45624.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45624",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:11.077",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:15:26.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) no autenticada en Soft Ap Daemon al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-463xx/CVE-2023-46357.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46357",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.797",
"lastModified": "2023-11-22T18:15:08.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Cross Selling in Modal Cart\" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/fr/ventes-croisees-packs-produits/16122-cross-selling-in-modal-cart.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.friendsofpresta.org/modules/2023/11/21/motivationsale.html",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-46xx/CVE-2023-4686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4686",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:09.823",
"lastModified": "2023-11-22T16:15:09.823",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-470xx/CVE-2023-47014.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47014",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.840",
"lastModified": "2023-11-22T18:15:08.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

68
CVE-2023/CVE-2023-470xx/CVE-2023-47025.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47025",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T23:15:08.123",
"lastModified": "2023-11-16T23:57:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:56:48.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component."
},
{
"lang": "es",
"value": "Un problema en Free5gc v.3.3.0 permite que un atacante local provoque una denegaci\u00f3n de servicio a trav\u00e9s del componente free5gc-compose."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:free5gc:free5gc:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89BA8BA8-E366-48F9-930A-91ED1442AAFE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/free5gc/free5gc/issues/501",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

53
CVE-2023/CVE-2023-470xx/CVE-2023-47055.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47055",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.267",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:21:17.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-470xx/CVE-2023-47056.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47056",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.510",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:21:22.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores), 23.6 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n Heap de la memoria que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Es requerida una interacci\u00f3n del usuario para explotar este problema, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -35,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +60,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-470xx/CVE-2023-47057.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47057",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.700",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:21:31.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe Premiere Pro versiones 24.0 (y anteriores) y 23.6 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de escritura fuera de l\u00edmites que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Una explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -35,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +60,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47058.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47058",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:07.890",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:21:45.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar lugar a una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +70,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-470xx/CVE-2023-47059.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47059",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:08.080",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:31:40.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar lugar a una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-470xx/CVE-2023-47060.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47060",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T17:15:08.270",
"lastModified": "2023-11-16T17:30:31.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:31:45.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de acceso al puntero no inicializado que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47066",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:07.293",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:55:17.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47067",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:07.793",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:54:19.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47068",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:07.997",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:53:51.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47069",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.200",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:52:15.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47070.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47070",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.457",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:51:55.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47071.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47071",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.660",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:51:28.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47072",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.867",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:50:36.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-470xx/CVE-2023-47073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47073",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:09.060",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:50:07.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -50,10 +80,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0",
"versionEndIncluding": "23.6",
"matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-472xx/CVE-2023-47250.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-47250",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.883",
"lastModified": "2023-11-22T18:15:08.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack."
}
],
"metrics": {},
"references": [
{
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/",
"source": "cve@mitre.org"
},
{
"url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-472xx/CVE-2023-47251.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-47251",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.930",
"lastModified": "2023-11-22T18:15:08.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem."
}
],
"metrics": {},
"references": [
{
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/",
"source": "cve@mitre.org"
},
{
"url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-473xx/CVE-2023-47312.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.207",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries."
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47312/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-473xx/CVE-2023-47313.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47313",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.260",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal."
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47313/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-473xx/CVE-2023-47314.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.327",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload."
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47314/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-473xx/CVE-2023-47315.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47315",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.377",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret."
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47315/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-473xx/CVE-2023-47316.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47316",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.490",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls."
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47316/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-473xx/CVE-2023-47350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47350",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T16:15:09.580",
"lastModified": "2023-11-22T16:15:09.580",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47380.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47380",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T15:15:09.380",
"lastModified": "2023-11-22T15:15:09.380",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-474xx/CVE-2023-47467.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47467",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.980",
"lastModified": "2023-11-22T18:15:08.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/u2479829/tegvu8/dvmfdl5fssfen05q",
"source": "cve@mitre.org"
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47511.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47511",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-16T19:15:08.880",
"lastModified": "2023-11-16T20:03:36.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T18:23:46.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO WP Pinyin Slugs plugin <=\u00a02.3.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento SO WP Pinyin Slugs en versiones &lt;=2.3.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:so-wp:pinyin_slugs:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.0",
"matchCriteriaId": "7F2D4EAA-A942-44CE-A14B-520AEDA4A166"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/so-pinyin-slugs/wordpress-pinyin-slugs-plugin-2-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-475xx/CVE-2023-47514.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47514",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-16T18:15:07.060",
"lastModified": "2023-11-16T20:03:36.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T18:31:02.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <=\u00a02.0.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento WooCommerce para lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT en versiones &lt;=2.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:star-emea:star_cloudprnt_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "05281085-B5B8-4B65-B032-707EE8D93533"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/star-cloudprnt-for-woocommerce/wordpress-star-cloudprnt-for-woocommerce-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47686.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47686",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-16T23:15:08.170",
"lastModified": "2023-11-16T23:57:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:56:36.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <=\u00a02.7.2.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Kiboko Labs Arigato Autoresponder and Newsletteren versiones &lt;=2.7.2.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kibokolabs:arigato_autoresponder_and_newsletter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.7.2.2",
"matchCriteriaId": "D0AD36A7-A6C1-417A-BE66-45ED2B0CBBE5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47687.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47687",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-16T23:15:08.380",
"lastModified": "2023-11-16T23:57:47.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:56:23.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <=\u00a02.6.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento VJInfotech Woo Custom y Sequential Order Number en versiones &lt;=2.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vjinfotech:woo_custom_and_sequential_order_number:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.0",
"matchCriteriaId": "7E3600CE-11BE-4597-AFB1-63137170F3FE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-custom-and-sequential-order-number/wordpress-woo-custom-and-sequential-order-number-plugin-2-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47755.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47755",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:09.037",
"lastModified": "2023-11-22T18:15:09.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <=\u00a03.3.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47758.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47758",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:09.253",
"lastModified": "2023-11-22T18:15:09.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <=\u00a01.7.11 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47765.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:09.440",
"lastModified": "2023-11-22T18:15:09.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <=\u00a02.1.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

60
CVE-2023/CVE-2023-47xx/CVE-2023-4706.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4706",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-11-08T22:15:11.420",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T18:26:48.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.\n\n"
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en dispositivos precargados de Lenovo implementados con Microsoft AutoPilot en una cuenta de usuario est\u00e1ndar debido a privilegios predeterminados incorrectos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:preload_directory:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFD66E5-DB7E-4EA9-A2D5-2F0081C651EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-127385",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4726",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:09.983",
"lastModified": "2023-11-22T16:15:09.983",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2023/CVE-2023-480xx/CVE-2023-48011.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-48011",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T19:15:07.693",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:42:49.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que GPAC v2.3-DEV-rev566-g50c2ab06f-master contiene un heap-use-after-free a trav\u00e9s de la funci\u00f3n flush_ref_samples en /gpac/src/isomedia/movie_fragments.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev566-g50c2ab06f-master:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEFB340-26A2-43CD-A8DC-518262E4DC36"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2611",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

73
CVE-2023/CVE-2023-480xx/CVE-2023-48013.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-48013",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T19:15:07.753",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:42:31.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que GPAC v2.3-DEV-rev566-g50c2ab06f-master contiene un doble libre a trav\u00e9s de la funci\u00f3n gf_filterpacket_del en /gpac/src/filter_core/filter.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev566-g50c2ab06f-master:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEFB340-26A2-43CD-A8DC-518262E4DC36"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2612",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

73
CVE-2023/CVE-2023-480xx/CVE-2023-48014.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-48014",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T19:15:07.803",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:38:29.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que GPAC v2.3-DEV-rev566-g50c2ab06f-master conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n hevc_parse_vps_extension en /media_tools/av_parsers.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev566-g50c2ab06f-master:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEFB340-26A2-43CD-A8DC-518262E4DC36"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2613",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

67
CVE-2023/CVE-2023-480xx/CVE-2023-48055.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48055",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T18:15:07.390",
"lastModified": "2023-11-16T20:03:36.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T18:24:27.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SuperAGI v0.0.13 utiliza una clave codificada para operaciones de cifrado. Esta vulnerabilidad puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n y comunicaciones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:superagi:superagi:0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "18D1F2CD-E6AA-4A40-8CB9-885C003D343E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gxx777.github.io/SuperAGI_v0.0.13_Cryptographic_API_Misuse_Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-480xx/CVE-2023-48056.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-48056",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T18:15:07.440",
"lastModified": "2023-11-16T20:03:36.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T18:24:16.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications."
},
{
"lang": "es",
"value": "PyPinkSign v0.5.1 utiliza un IV no aleatorio o est\u00e1tico para el modo Cipher Block Chaining (CBC) en el cifrado AES. Esta vulnerabilidad puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n y comunicaciones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bandoche:pypinksign:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD699B70-087B-47BC-B486-13A7DA1BEDC1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://bandoche.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://pypinksign.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-481xx/CVE-2023-48106.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:09.630",
"lastModified": "2023-11-22T18:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zlib-ng/minizip-ng/issues/740",
"source": "cve@mitre.org"
}
]
}

68
CVE-2023/CVE-2023-481xx/CVE-2023-48134.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48134",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T19:15:09.263",
"lastModified": "2023-11-16T20:03:36.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T18:23:58.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor."
},
{
"lang": "es",
"value": "nagayama_copabowl Line 13.6.1 es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/nagayama_copabowl.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-486xx/CVE-2023-48646.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48646",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:09.670",
"lastModified": "2023-11-22T18:15:09.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings."
}
],
"metrics": {},
"references": [
{
"url": "https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html",
"source": "cve@mitre.org"
}
]
}

70
CVE-2023/CVE-2023-486xx/CVE-2023-48655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48655",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.640",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:35:04.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los par\u00e1metros de consulta."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.176",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

70
CVE-2023/CVE-2023-486xx/CVE-2023-48656.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48656",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.690",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:35:26.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal las cl\u00e1usulas de pedido."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.176",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

71
CVE-2023/CVE-2023-486xx/CVE-2023-48657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48657",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.740",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:53:34.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal los filtros."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.176",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
]
}
]
}

71
CVE-2023/CVE-2023-486xx/CVE-2023-48658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48658",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.793",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:54:32.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php carece de una funci\u00f3n checkParam para caracteres alfanum\u00e9ricos, guiones bajos, guiones, puntos y espacios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.176",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
]
}
]
}

71
CVE-2023/CVE-2023-486xx/CVE-2023-48659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48659",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.847",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T17:54:40.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/AppController.php maneja mal el an\u00e1lisis de par\u00e1metros."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.176",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
]
}
]
}

4
CVE-2023/CVE-2023-487xx/CVE-2023-48705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48705",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-22T16:15:09.627",
"lastModified": "2023-11-22T16:15:09.627",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-50xx/CVE-2023-5048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5048",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.137",
"lastModified": "2023-11-22T16:15:10.137",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
CVE-2023/CVE-2023-50xx/CVE-2023-5079.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5079",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-11-08T22:15:12.133",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T18:45:31.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta de la aplicaci\u00f3n Lenovo LeCloud permite a los atacantes acceder a componentes arbitrarios y descargas de archivos arbitrarios, lo que podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:lecloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.25.99",
"matchCriteriaId": "72EE10E2-9487-4FB7-A2BE-FBADCCF0BC12"
}
]
}
]
}
],
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/418253?",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-50xx/CVE-2023-5096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5096",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.293",
"lastModified": "2023-11-22T16:15:10.293",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-51xx/CVE-2023-5128.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5128",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.453",
"lastModified": "2023-11-22T16:15:10.453",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-51xx/CVE-2023-5163.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5163",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.613",
"lastModified": "2023-11-22T16:15:10.613",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-52xx/CVE-2023-5234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5234",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.773",
"lastModified": "2023-11-22T16:15:10.773",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-53xx/CVE-2023-5314.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5314",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.930",
"lastModified": "2023-11-22T16:15:10.930",
"vulnStatus": "Received",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

Some files were not shown because too many files have changed in this diff Show More