admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-17T23:00:18.499737+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-17 23:00:22 +00:00
parent 90e155bfe1
commit 215552aca4
22 changed files with 1178 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2018/CVE-2018-10008xx/CVE-2018-1000807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-1000807",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-10-08T15:29:00.837",
"lastModified": "2021-08-04T17:14:46.777",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-17T22:15:07.470",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -154,6 +154,10 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pyca/pyopenssl/pull/723",
"source": "cve@mitre.org",

51
CVE-2023/CVE-2023-238xx/CVE-2023-23800.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-23800",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T03:15:08.190",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:29:35.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin \u2014 Shortcodes Ultimate.This issue affects WP Shortcodes Plugin \u2014 Shortcodes Ultimate: from n/a through 5.12.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Vova Anokhin WP Shortcodes Plugin \u2014 Shortcodes Ultimate. Este problema afecta al complemento WP Shortcodes \u2013 Shortcodes Ultimate: desde n/a hasta 5.12.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.12.6",
"matchCriteriaId": "D12FB6EA-1707-4C49-B694-34A2C8220084"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shortcodes-ultimate/wordpress-shortcodes-ultimate-plugin-5-12-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-312xx/CVE-2023-31219.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31219",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T03:15:08.383",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:31:23.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en WPChill Download Monitor. Este problema afecta a Download Monitor: desde n/a hasta 4.8.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.8.1",
"matchCriteriaId": "E671C096-A3AE-4B34-B2AD-5C1D4A699F3F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-8-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-340xx/CVE-2023-34013.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34013",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T03:15:08.570",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:27:14.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker \u2013 Best WordPress Poll Plugin.This issue affects Poll Maker \u2013 Best WordPress Poll Plugin: from n/a through 4.6.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Poll Maker Team Poll Maker \u2013 Best WordPress Poll Plugin. Este problema afecta a Poll Maker \u2013 Best WordPress Poll Plugin: desde n/a hasta 4.6.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:poll_maker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.2",
"matchCriteriaId": "C1B1A0BB-68EF-4722-B309-426B01932AC4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-plugin-4-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-350xx/CVE-2023-35041.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35041",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T03:15:08.777",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:31:40.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications \u2013 Webpushr\u00a0plugin <= 4.34.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) que conduce a Local File Inclusion (LF) en Webpushr Web Push Notifications Web Push Notifications: complemento Webpushr en versiones &lt;= 4.34.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webpushr:web_push_notifications:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.34.0",
"matchCriteriaId": "0E0D713B-B691-4A56-86D4-E74EFDCCBA12"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webpushr-web-push-notifications/wordpress-web-push-notifications-webpushr-plugin-4-34-0-csrf-leading-to-lfi-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-379xx/CVE-2023-37978.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37978",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T03:15:08.957",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:31:58.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Dimitar Ivanov HTTP Headers. Este problema afecta a HTTP Headers: desde n/a hasta 1.18.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:riverside:http_headers:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.18.11",
"matchCriteriaId": "EC5F957F-3ACC-4BC3-947E-C3EBBB107ABF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/http-headers/wordpress-http-headers-plugin-1-18-11-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-385xx/CVE-2023-38515.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38515",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T03:15:09.143",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:32:33.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Andy Moyle Church Admin. Este problema afecta a Church Admin: desde n/a hasta 3.7.56."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.56",
"matchCriteriaId": "FF07C723-1841-4188-A12D-129AEB476799"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-56-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-439xx/CVE-2023-43901.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43901",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T05:15:08.767",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:57:26.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "El control de acceso incorrecto en el formulario de creaci\u00f3n de Usuarios AdHoc de EMSigner v2.8.7 permite a atacantes no autenticados modificar arbitrariamente nombres de usuarios y privilegios utilizando la direcci\u00f3n de correo electr\u00f3nico de un usuario registrado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emsigner:emsigner:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9679E6A5-A376-4D47-A0D8-4F8A4C11694E"
}
]
}
]
}
],
"references": [
{
"url": "https://secpro.llc/EMSigner-CVE-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-439xx/CVE-2023-43902.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43902",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T05:15:08.833",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T22:07:30.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "El control de acceso incorrecto en la funci\u00f3n Forgot Your Password de EMSigner v2.8.7 permite a atacantes no autenticados acceder a las cuentas de todos los usuarios registrados, incluidos aquellos con privilegios de administrador, a trav\u00e9s de un token de restablecimiento de contrase\u00f1a manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emsigner:emsigner:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9679E6A5-A376-4D47-A0D8-4F8A4C11694E"
}
]
}
]
}
],
"references": [
{
"url": "https://secpro.llc/emsigner-cve-2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-458xx/CVE-2023-45878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45878",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T06:15:29.040",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:33:27.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "GibbonEdu Gibbon versi\u00f3n 25.0.1 y anteriores permite la escritura arbitraria de archivos porque rubrics_visualise_saveAjax.phps no requiere autenticaci\u00f3n. El endpoint acepta los par\u00e1metros img, path y gibbonPersonID. Se espera que el par\u00e1metro img sea una imagen codificada en base64. Si se establece el par\u00e1metro de ruta, la ruta definida se utiliza como carpeta de destino, concatenada con la ruta absoluta del directorio de instalaci\u00f3n. El contenido del par\u00e1metro img se decodifica en base64 y se escribe en la ruta del archivo definida. Esto permite la creaci\u00f3n de archivos PHP que permiten la ejecuci\u00f3n remota de c\u00f3digo (no autenticado)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gibbonedu:gibbon:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.0.01",
"matchCriteriaId": "41E3249E-3016-411A-8B2F-5B534497F33C"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0025/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-467xx/CVE-2023-46745.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46745",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-17T22:15:07.633",
"lastModified": "2023-11-17T22:15:07.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx",
"source": "security-advisories@github.com"
}
]
}

70
CVE-2023/CVE-2023-473xx/CVE-2023-47390.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-47390",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-11T18:15:14.683",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:40:14.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Headscale through 0.22.3 writes bearer tokens to info-level logs."
},
{
"lang": "es",
"value": "Headscale hasta 0.22.3 escribe tokens de portador en registros de nivel de informaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:juanfont:headscale:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.22.3",
"matchCriteriaId": "42E94F72-9B5D-4380-A9C4-940FF6726DC5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/juanfont/headscale/issues/1259",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-480xx/CVE-2023-48020.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-48020",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T15:15:07.707",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:27:51.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "113EEBC1-2B91-4AE0-995F-E24A4AD607BC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moonsabc123/dreamer_cms/blob/main/Enable%20CSRF%20for%20Task%20Management%20Office.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48238.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48238",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-17T22:15:07.817",
"lastModified": "2023-11-17T22:15:07.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://github.com/joaquimserafim/json-web-token/security/advisories/GHSA-4xw9-cx39-r355",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-482xx/CVE-2023-48294.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-48294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-17T22:15:08.010",
"lastModified": "2023-11-17T22:15:08.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-482xx/CVE-2023-48295.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-48295",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-17T21:15:07.680",
"lastModified": "2023-11-17T21:15:07.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2023/CVE-2023-60xx/CVE-2023-6097.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6097",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-13T13:15:08.007",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:50:46.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de inyecci\u00f3n SQL en ICS Business Manager que afecta a la versi\u00f3n 7.06.0028.7089. Esta vulnerabilidad podr\u00eda permitir que un usuario remoto env\u00ede una consulta SQL especialmente manipulada y recupere toda la informaci\u00f3n almacenada en la base de datos. Los datos tambi\u00e9n podr\u00edan modificarse o eliminarse, provocando un mal funcionamiento de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.2802:*:*:*:*:*:*:*",
"matchCriteriaId": "AE578FEB-4F03-4203-830E-0A7F4A9410BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7066:*:*:*:*:*:*:*",
"matchCriteriaId": "732451C9-3C41-4317-862D-197952D10EA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7089:*:*:*:*:*:*:*",
"matchCriteriaId": "1D10212E-CD74-446B-8307-3F2A930305C5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-manager",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-60xx/CVE-2023-6098.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6098",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-13T13:15:08.237",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:54:07.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad XSS en ICS Business Manager que afecta a la versi\u00f3n 7.06.0028.7066. Un atacante remoto podr\u00eda enviar una cadena especialmente manipulada explotando el par\u00e1metro obdd_act, permitiendo al atacante robar la sesi\u00f3n de un usuario autenticado y realizar acciones dentro de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.2802:*:*:*:*:*:*:*",
"matchCriteriaId": "AE578FEB-4F03-4203-830E-0A7F4A9410BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7066:*:*:*:*:*:*:*",
"matchCriteriaId": "732451C9-3C41-4317-862D-197952D10EA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7089:*:*:*:*:*:*:*",
"matchCriteriaId": "1D10212E-CD74-446B-8307-3F2A930305C5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-manager",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-60xx/CVE-2023-6099.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6099",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-13T16:15:28.323",
"lastModified": "2023-11-13T18:44:54.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:56:40.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Shenzhen Youkate Industrial Facial Love Cloud Payment System hasta 1.0.55.0.0.1 y clasificada como cr\u00edtica. Una parte desconocida del archivo /SystemMng.ashx del componente Account Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento operatorRole con la entrada 00 conduce a una gesti\u00f3n de privilegios inadecuada. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-245061. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:szjocat:facial_love_cloud_platform:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.55.0.0.1",
"matchCriteriaId": "E4A23701-6CDC-4500-A74E-976F86ED393F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gatsby2003/Shenzhen-Youkate-Industrial-Co.-Ltd/blob/main/Shenzhen%20Youkate%20Industrial%20Co.%2C%20Ltd.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.245061",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.245061",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-61xx/CVE-2023-6130.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6130",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-14T17:15:08.070",
"lastModified": "2023-11-14T18:04:30.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:28:58.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.12.14",
"matchCriteriaId": "18D4B46C-BB77-4846-AC5F-E0D3F97FE240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A437911-198D-48C6-9903-03A2FECA7FD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:7.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "494E67A7-EDE8-46C2-AC29-47AA09D61A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB6718E-D5D2-4DF3-9342-363A78516BE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F70103A-8630-4F14-867F-9278AB1602ED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/22a27be9-f016-4daf-9887-c77eb3e1dc74",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-61xx/CVE-2023-6131.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6131",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-14T17:15:08.260",
"lastModified": "2023-11-14T18:04:30.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T21:28:31.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.12.14",
"matchCriteriaId": "18D4B46C-BB77-4846-AC5F-E0D3F97FE240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A437911-198D-48C6-9903-03A2FECA7FD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:7.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "494E67A7-EDE8-46C2-AC29-47AA09D61A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB6718E-D5D2-4DF3-9342-363A78516BE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F70103A-8630-4F14-867F-9278AB1602ED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/5fa50b25-f6b1-408c-99df-4442c86c563f",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-17T21:00:25.652570+00:00
2023-11-17T23:00:18.499737+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-17T20:29:04.170000+00:00
2023-11-17T22:15:08.010000+00:00
```
### Last Data Feed Release
@ -29,44 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231067
231071
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `4`
* [CVE-2023-48295](CVE-2023/CVE-2023-482xx/CVE-2023-48295.json) (`2023-11-17T21:15:07.680`)
* [CVE-2023-46745](CVE-2023/CVE-2023-467xx/CVE-2023-46745.json) (`2023-11-17T22:15:07.633`)
* [CVE-2023-48238](CVE-2023/CVE-2023-482xx/CVE-2023-48238.json) (`2023-11-17T22:15:07.817`)
* [CVE-2023-48294](CVE-2023/CVE-2023-482xx/CVE-2023-48294.json) (`2023-11-17T22:15:08.010`)
### CVEs modified in the last Commit
Recently modified CVEs: `42`
Recently modified CVEs: `17`
* [CVE-2022-39318](CVE-2022/CVE-2022-393xx/CVE-2022-39318.json) (`2023-11-17T19:15:08.413`)
* [CVE-2022-39319](CVE-2022/CVE-2022-393xx/CVE-2022-39319.json) (`2023-11-17T19:15:08.520`)
* [CVE-2022-39347](CVE-2022/CVE-2022-393xx/CVE-2022-39347.json) (`2023-11-17T19:15:08.620`)
* [CVE-2022-41877](CVE-2022/CVE-2022-418xx/CVE-2022-41877.json) (`2023-11-17T19:15:08.720`)
* [CVE-2023-39332](CVE-2023/CVE-2023-393xx/CVE-2023-39332.json) (`2023-11-17T19:08:58.170`)
* [CVE-2023-28167](CVE-2023/CVE-2023-281xx/CVE-2023-28167.json) (`2023-11-17T19:09:26.160`)
* [CVE-2023-39331](CVE-2023/CVE-2023-393xx/CVE-2023-39331.json) (`2023-11-17T19:10:41.253`)
* [CVE-2023-28172](CVE-2023/CVE-2023-281xx/CVE-2023-28172.json) (`2023-11-17T19:11:32.103`)
* [CVE-2023-34540](CVE-2023/CVE-2023-345xx/CVE-2023-34540.json) (`2023-11-17T19:15:08.837`)
* [CVE-2023-36281](CVE-2023/CVE-2023-362xx/CVE-2023-36281.json) (`2023-11-17T19:15:08.907`)
* [CVE-2023-27632](CVE-2023/CVE-2023-276xx/CVE-2023-27632.json) (`2023-11-17T19:29:14.953`)
* [CVE-2023-27623](CVE-2023/CVE-2023-276xx/CVE-2023-27623.json) (`2023-11-17T19:31:03.830`)
* [CVE-2023-22809](CVE-2023/CVE-2023-228xx/CVE-2023-22809.json) (`2023-11-17T19:32:56.817`)
* [CVE-2023-28200](CVE-2023/CVE-2023-282xx/CVE-2023-28200.json) (`2023-11-17T19:33:06.590`)
* [CVE-2023-34241](CVE-2023/CVE-2023-342xx/CVE-2023-34241.json) (`2023-11-17T19:33:17.840`)
* [CVE-2023-46129](CVE-2023/CVE-2023-461xx/CVE-2023-46129.json) (`2023-11-17T19:33:33.457`)
* [CVE-2023-43900](CVE-2023/CVE-2023-439xx/CVE-2023-43900.json) (`2023-11-17T19:36:27.767`)
* [CVE-2023-42326](CVE-2023/CVE-2023-423xx/CVE-2023-42326.json) (`2023-11-17T19:36:50.410`)
* [CVE-2023-27611](CVE-2023/CVE-2023-276xx/CVE-2023-27611.json) (`2023-11-17T19:50:57.180`)
* [CVE-2023-27431](CVE-2023/CVE-2023-274xx/CVE-2023-27431.json) (`2023-11-17T20:05:40.023`)
* [CVE-2023-27417](CVE-2023/CVE-2023-274xx/CVE-2023-27417.json) (`2023-11-17T20:07:43.807`)
* [CVE-2023-27418](CVE-2023/CVE-2023-274xx/CVE-2023-27418.json) (`2023-11-17T20:08:27.913`)
* [CVE-2023-28134](CVE-2023/CVE-2023-281xx/CVE-2023-28134.json) (`2023-11-17T20:14:54.230`)
* [CVE-2023-47121](CVE-2023/CVE-2023-471xx/CVE-2023-47121.json) (`2023-11-17T20:20:26.137`)
* [CVE-2023-47120](CVE-2023/CVE-2023-471xx/CVE-2023-47120.json) (`2023-11-17T20:29:04.170`)
* [CVE-2018-1000807](CVE-2018/CVE-2018-10008xx/CVE-2018-1000807.json) (`2023-11-17T22:15:07.470`)
* [CVE-2023-34013](CVE-2023/CVE-2023-340xx/CVE-2023-34013.json) (`2023-11-17T21:27:14.750`)
* [CVE-2023-48020](CVE-2023/CVE-2023-480xx/CVE-2023-48020.json) (`2023-11-17T21:27:51.187`)
* [CVE-2023-6131](CVE-2023/CVE-2023-61xx/CVE-2023-6131.json) (`2023-11-17T21:28:31.490`)
* [CVE-2023-6130](CVE-2023/CVE-2023-61xx/CVE-2023-6130.json) (`2023-11-17T21:28:58.080`)
* [CVE-2023-23800](CVE-2023/CVE-2023-238xx/CVE-2023-23800.json) (`2023-11-17T21:29:35.687`)
* [CVE-2023-31219](CVE-2023/CVE-2023-312xx/CVE-2023-31219.json) (`2023-11-17T21:31:23.647`)
* [CVE-2023-35041](CVE-2023/CVE-2023-350xx/CVE-2023-35041.json) (`2023-11-17T21:31:40.127`)
* [CVE-2023-37978](CVE-2023/CVE-2023-379xx/CVE-2023-37978.json) (`2023-11-17T21:31:58.827`)
* [CVE-2023-38515](CVE-2023/CVE-2023-385xx/CVE-2023-38515.json) (`2023-11-17T21:32:33.447`)
* [CVE-2023-45878](CVE-2023/CVE-2023-458xx/CVE-2023-45878.json) (`2023-11-17T21:33:27.220`)
* [CVE-2023-47390](CVE-2023/CVE-2023-473xx/CVE-2023-47390.json) (`2023-11-17T21:40:14.553`)
* [CVE-2023-6097](CVE-2023/CVE-2023-60xx/CVE-2023-6097.json) (`2023-11-17T21:50:46.223`)
* [CVE-2023-6098](CVE-2023/CVE-2023-60xx/CVE-2023-6098.json) (`2023-11-17T21:54:07.117`)
* [CVE-2023-6099](CVE-2023/CVE-2023-60xx/CVE-2023-6099.json) (`2023-11-17T21:56:40.573`)
* [CVE-2023-43901](CVE-2023/CVE-2023-439xx/CVE-2023-43901.json) (`2023-11-17T21:57:26.823`)
* [CVE-2023-43902](CVE-2023/CVE-2023-439xx/CVE-2023-43902.json) (`2023-11-17T22:07:30.403`)
## Download and Usage