admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-06T19:00:18.767547+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-06 19:00:22 +00:00
parent d3e16418be
commit 25a3ec6608
70 changed files with 4278 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2023/CVE-2023-250xx/CVE-2023-25057.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25057",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:07.903",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:24:39.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Libsyn Libsyn Publisher Hub. Este problema afecta a Libsyn Publisher Hub: desde n/a hasta 1.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libsyn:libsyn_publisher_hub:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "91CBEB41-2898-4607-A783-131D19F57EB6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-3-2-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-260xx/CVE-2023-26024.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26024",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T19:15:07.640",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:51:10.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898."
},
{
"lang": "es",
"value": "IBM Planning Analytics on Cloud Pak for Data 4.0 podr\u00eda permitir que un atacante en una red compartida obtenga informaci\u00f3n confidencial causada por una comunicaci\u00f3n de red insegura. ID de IBM X-Force: 247898."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:planning_analytics_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "926BDD37-F861-4701-AFAD-E351C2F29F97"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247898",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/7082784",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7082784",
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-265xx/CVE-2023-26533.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26533",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.490",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:43:35.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Gesundheit Bewegt GmbH Zippy. Este problema afecta a Zippy: desde n/a hasta 1.6.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gesundheit-bewegt:zippy:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "BF6D6D57-4939-4DE3-B2D4-D0224E54E23D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-1-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-322xx/CVE-2023-32268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32268",
"sourceIdentifier": "security@opentext.com",
"published": "2023-12-06T14:15:07.347",
"lastModified": "2023-12-06T14:15:07.347",
"vulnStatus": "Received",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

96
CVE-2023/CVE-2023-34xx/CVE-2023-3443.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3443",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:07.600",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:31:10.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "12.1.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "5C01C1BA-42EF-451E-911B-9D8CBEBC711A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.1.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "AA7BF2A9-47BC-4F49-B706-C9CB817E405F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*",
"matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416497",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2036500",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-365xx/CVE-2023-36507.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36507",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.693",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:42:58.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Repute Infosystems BookingPress: Appointment Booking Calendar Plugin and Online Scheduling Plugin. Este problema afecta a BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: desde n/a hasta 1.0.64."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.64",
"matchCriteriaId": "C0915F97-5305-4324-94BD-DECE0DAFEC86"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-64-unauthenticated-server-information-disclosure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-365xx/CVE-2023-36523.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36523",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.893",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:43:14.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el enlace de descarga del correo electr\u00f3nico de Gopi Ramasamy. Este problema afecta el enlace de descarga del correo electr\u00f3nico: desde n/a hasta 3.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:email_download_link:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7",
"matchCriteriaId": "39D3AC1C-43BF-4503-AEF6-D6D913E24C26"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/email-download-link/wordpress-email-download-link-plugin-3-7-sensitive-data-exposure?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-366xx/CVE-2023-36655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36655",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T16:15:07.047",
"lastModified": "2023-12-06T16:15:07.047",
"vulnStatus": "Received",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

32
CVE-2023/CVE-2023-393xx/CVE-2023-39326.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-39326",
"sourceIdentifier": "security@golang.org",
"published": "2023-12-06T17:15:07.147",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/547335",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/64433",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2382",
"source": "security@golang.org"
}
]
}

4
CVE-2023/CVE-2023-395xx/CVE-2023-39538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39538",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-12-06T16:15:07.277",
"lastModified": "2023-12-06T16:15:07.277",
"vulnStatus": "Received",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-395xx/CVE-2023-39539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39539",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-12-06T16:15:07.510",
"lastModified": "2023-12-06T16:15:07.510",
"vulnStatus": "Received",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

96
CVE-2023/CVE-2023-39xx/CVE-2023-3949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3949",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:08.973",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:31:54.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "EAC69A79-4900-45F1-A299-E449ED2D0057"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "79FABBE9-AC1C-46A9-8337-C2352E29B3C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*",
"matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419664",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2079374",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-39xx/CVE-2023-3964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3964",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:09.620",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:32:45.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "13.2.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "21810033-2473-41F9-9001-CCCE1DB23783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "13.2.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "EEC3E75B-194E-400C-8985-F50F144D1DDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*",
"matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419857",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2037316",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-420xx/CVE-2023-42006.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42006",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T17:15:07.297",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:52:49.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266."
},
{
"lang": "es",
"value": "IBM Administration Runtime Expert para i 7.2, 7.3, 7.4 y 7.5 podr\u00eda permitir a un usuario local obtener informaci\u00f3n confidencial causada por comprobaciones de autoridad inadecuadas. ID de IBM X-Force: 265266."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -34,14 +58,65 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E41BD05-37B8-4494-9344-506D4BCF43C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4F4919-D935-4B81-B4E8-0E0F2DAC09B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2B298C-E1F6-43BD-A5EF-83964C6669CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88B74622-BDB2-43AE-A91F-FADEC4B64B4F"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265266",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7085891",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-430xx/CVE-2023-43089.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43089",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-01T02:15:07.063",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:38:41.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.\n\n"
},
{
"lang": "es",
"value": "Dell Rugged Control Center, versi\u00f3n anterior a 4.7, no contiene protecci\u00f3n suficiente para la carpeta Pol\u00edtica. Un usuario est\u00e1ndar malicioso local podr\u00eda explotar esta vulnerabilidad para modificar el contenido del archivo de pol\u00edtica, lo que provocar\u00eda un acceso no autorizado a los recursos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:rugged_control_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7",
"matchCriteriaId": "01646831-B95F-4537-A0D0-0BE43594030B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-434xx/CVE-2023-43453.json
View File

@ -2,19 +2,96 @@
"id": "CVE-2023-43453",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T02:15:07.267",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:37:21.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component."
},
{
"lang": "es",
"value": "Un problema en TOTOLINK X6000R V9.4.0cu.652_B20230116 y V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro IP del componente setDiagnosisCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2CE74-D049-404D-9209-A8CEC98E046A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6000R/2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-434xx/CVE-2023-43454.json
View File

@ -2,19 +2,96 @@
"id": "CVE-2023-43454",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T02:15:07.320",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:37:12.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component."
},
{
"lang": "es",
"value": "Un problema en TOTOLINK X6000R V9.4.0cu.652_B20230116 y V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro hostName del componente switchOpMode."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2CE74-D049-404D-9209-A8CEC98E046A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6000R/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-434xx/CVE-2023-43455.json
View File

@ -2,19 +2,96 @@
"id": "CVE-2023-43455",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T02:15:07.367",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:37:02.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component."
},
{
"lang": "es",
"value": "Un problema en TOTOLINK X6000R V9.4.0cu.652_B20230116 y V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de comando del componente setTracerouteCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2CE74-D049-404D-9209-A8CEC98E046A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6000R/3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-451xx/CVE-2023-45168.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45168",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T15:15:07.623",
"lastModified": "2023-12-03T16:37:37.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:58:31.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966."
},
{
"lang": "es",
"value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando invscout para ejecutar comandos arbitrarios. ID de IBM X-Force: 267966."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267966",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7086090",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2023/CVE-2023-452xx/CVE-2023-45283.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-45283",
"sourceIdentifier": "security@golang.org",
"published": "2023-11-09T17:15:08.757",
"lastModified": "2023-12-06T03:15:07.377",
"lastModified": "2023-12-06T17:15:07.233",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name."
"value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored."
},
{
"lang": "es",
@ -100,6 +100,10 @@
"Vendor Advisory"
]
},
{
"url": "https://go.dev/cl/541175",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/63713",
"source": "security@golang.org",
@ -108,6 +112,10 @@
"Vendor Advisory"
]
},
{
"url": "https://go.dev/issue/64028",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
"source": "security@golang.org",
@ -117,6 +125,10 @@
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2185",
"source": "security@golang.org",

32
CVE-2023/CVE-2023-452xx/CVE-2023-45285.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-45285",
"sourceIdentifier": "security@golang.org",
"published": "2023-12-06T17:15:07.320",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Using go get to fetch a module with the \".git\" suffix may unexpectedly fallback to the insecure \"git://\" protocol if the module is unavailable via the secure \"https://\" and \"git+ssh://\" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off)."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/540257",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/63845",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2383",
"source": "security@golang.org"
}
]
}

63
CVE-2023/CVE-2023-458xx/CVE-2023-45834.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:08.920",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:29:22.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Libsyn Libsyn Publisher Hub. Este problema afecta a Libsyn Publisher Hub: desde n/a hasta 1.4.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libsyn:libsyn_publisher_hub:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.4",
"matchCriteriaId": "B491759C-9D32-480E-9D45-50A5A67FC488"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

180
CVE-2023/CVE-2023-45xx/CVE-2023-4518.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4518",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-01T15:15:07.860",
"lastModified": "2023-12-03T16:37:37.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:55:10.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured.\u00a0"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la validaci\u00f3n de entrada de los mensajes GOOSE donde los valores fuera de rango recibidos y procesados por el IED provocaron un reinicio del dispositivo. Para que un atacante aproveche la vulnerabilidad, es necesario configurar los bloques receptores de ganso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -46,10 +80,150 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.2.6",
"matchCriteriaId": "1C4B7DA8-BA72-48E5-9E21-33FB1881E952"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.3",
"versionEndExcluding": "2.2.3.7",
"matchCriteriaId": "4949214C-03DE-489E-80E3-7DC4EFED7ACA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.4",
"versionEndExcluding": "2.2.4.4",
"matchCriteriaId": "53D9E635-5BDA-4383-9FE5-4AFA4148A5E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.5",
"versionEndExcluding": "2.2.5.6",
"matchCriteriaId": "64A83135-6909-4838-9429-1046CA824723"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA98332-543F-48A7-B63C-B39F679D47F0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.4",
"versionEndExcluding": "2.2.4.4",
"matchCriteriaId": "612B2549-82F9-4B7F-BDBD-95A562BF1EAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.5",
"versionEndExcluding": "2.2.5.6",
"matchCriteriaId": "DC7C5065-1CEC-44DC-BF01-16FC02390583"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A406AD0-38C5-4C32-AA88-AA45EE97C315"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A74BD43-D925-483C-98F7-5F5C32D3B6F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C658029-20F4-411A-B1FE-B4E07D590775"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.5",
"versionEndExcluding": "2.2.5.6",
"matchCriteriaId": "264C95EE-756F-434E-9FA1-DC7878CEEF61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5C50F4-CF04-4C13-868A-F7ECE49DE01B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7025C2A4-698E-408C-9567-8759B638AB90"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E73E9D1A-1DFE-4B7C-81F1-0809071A3DDB"
}
]
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-463xx/CVE-2023-46383.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-46383",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.377",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:47:36.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration."
},
{
"lang": "es",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 utiliza autenticaci\u00f3n b\u00e1sica HTTP, que transmite nombres de usuario y contrase\u00f1as en texto plano codificado en base64 y permite a atacantes remotos robar la contrase\u00f1a y obtener control total de la configuraci\u00f3n del dispositivo Loytec."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3C033CD9-3C86-4361-AFC1-BAC7B361F0BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-463xx/CVE-2023-46384.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-46384",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.423",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:47:18.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device."
},
{
"lang": "es",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. El almacenamiento de credenciales en texto plano permite a atacantes remotos revelar la contrase\u00f1a de administrador y omitir una autenticaci\u00f3n para iniciar sesi\u00f3n en el dispositivo Loytec."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3C033CD9-3C86-4361-AFC1-BAC7B361F0BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-463xx/CVE-2023-46385.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-46385",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.473",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:43:03.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration."
},
{
"lang": "es",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. Una credencial de administrador se pasa como un valor de los par\u00e1metros de URL sin cifrado, por lo que permite a atacantes remotos robar la contrase\u00f1a y obtener control total de la configuraci\u00f3n del dispositivo Loytec."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3C033CD9-3C86-4361-AFC1-BAC7B361F0BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-463xx/CVE-2023-46386.json
View File

@ -2,23 +2,126 @@
"id": "CVE-2023-46386",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.520",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:42:31.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
},
{
"lang": "es",
"value": "LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a permisos inseguros a trav\u00e9s del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticaci\u00f3n de correo electr\u00f3nico."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-463xx/CVE-2023-46387.json
View File

@ -2,23 +2,126 @@
"id": "CVE-2023-46387",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.567",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:42:12.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration."
},
{
"lang": "es",
"value": "LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a trav\u00e9s del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre la configuraci\u00f3n de puntos de datos del dispositivo Loytec."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-463xx/CVE-2023-46388.json
View File

@ -2,23 +2,126 @@
"id": "CVE-2023-46388",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.613",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:41:39.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
},
{
"lang": "es",
"value": "LOYTEC electronics GmbH LINX-212 6.2.4 y LINX-151 7.2.4 son vulnerables a permisos inseguros a trav\u00e9s del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticaci\u00f3n de correo electr\u00f3nico."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-463xx/CVE-2023-46389.json
View File

@ -2,23 +2,126 @@
"id": "CVE-2023-46389",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.660",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:39:54.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration."
},
{
"lang": "es",
"value": "El firmware LINX-212 6.2.4 de LOYTEC electronics GmbH y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a trav\u00e9s del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre la configuraci\u00f3n de LINX."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-466xx/CVE-2023-46690.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46690",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-30T22:15:08.313",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:49:11.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution."
},
{
"lang": "es",
"value": "En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante escribir en cualquier archivo en cualquier ubicaci\u00f3n del sistema de archivos, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:infrasuite_device_master:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2272F-A8D8-487C-BA49-569D1410C49A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

63
CVE-2023/CVE-2023-468xx/CVE-2023-46820.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46820",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:09.120",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:29:13.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Iulia Cazan Image Regenerate & Select Crop. Este problema afecta a Image Regenerate & Select Crop: desde n/a hasta 7.3.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iuliacazan:image_regenerate_\\&_select_crop:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.3.0",
"matchCriteriaId": "95656015-EF05-4906-958D-CC7F2DED553E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/image-regenerate-select-crop/wordpress-image-regenerate-select-crop-plugin-7-3-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-469xx/CVE-2023-46956.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46956",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.717",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:39:39.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Packers and Movers Management System v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el archivo /mpms/admin/?page=user/manage_user&id."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:packers_and_movers_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E7A5FB-799D-42CF-97F9-7250B4C49C6B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/geilihan/bug_reports/blob/main/packers-and-movers-management-system/SQL-1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-472xx/CVE-2023-47207.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47207",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-30T22:15:08.873",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:48:48.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges."
},
{
"lang": "es",
"value": "En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado ejecutar c\u00f3digo con privilegios de administrador local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:infrasuite_device_master:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2272F-A8D8-487C-BA49-569D1410C49A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

61
CVE-2023/CVE-2023-472xx/CVE-2023-47279.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47279",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-30T23:15:07.770",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:38:55.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying."
},
{
"lang": "es",
"value": "En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado revelar informaci\u00f3n del usuario a trav\u00e9s de un \u00fanico paquete UDP, obtener credenciales de texto plano o realizar retransmisi\u00f3n NTLM."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:infrasuite_device_master:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2272F-A8D8-487C-BA49-569D1410C49A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

67
CVE-2023/CVE-2023-474xx/CVE-2023-47452.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-47452",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T21:15:08.800",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:02:02.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en notepad++ 6.5 permite a los usuarios locales obtener privilegios aumentados a trav\u00e9s del archivo msimg32.dll en el directorio de trabajo actual."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E62123-2C3B-405E-B5F1-DFB4C38F7681"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xieqiang11/poc-1/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

67
CVE-2023/CVE-2023-474xx/CVE-2023-47453.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-47453",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T21:15:08.847",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:01:25.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en Sohu Video Player 7.0.15.0 permite a los usuarios locales obtener privilegios aumentados a trav\u00e9s del archivo version.dll en el directorio de trabajo actual."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sohu:video_player:7.0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2088FCF-9958-4268-B6C6-7DFBF14B2D53"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xieqiang11/poc-2/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47521.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47521",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:09.947",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:53:58.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Max Bond, AndreSC Q2W3 Post Order permite XSS reflejado. Este problema afecta a Q2W3 Post Order: desde n/a hasta 1.2.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:q2w3:q2w3_post_order:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.8",
"matchCriteriaId": "DC5C9C6D-39C4-4836-8815-900070FFF36B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/q2w3-post-order/wordpress-q2w3-post-order-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-47xx/CVE-2023-4770.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4770",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:11.880",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:31:06.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad no controlada en un elemento de ruta de b\u00fasqueda en aplicaciones ejecutables de Windows de 4D y 4D server, afectando a la versi\u00f3n 19 R8 100218. Esta vulnerabilidad consiste en un secuestro de DLL reemplazando x64 shfolder.dll en la ruta de instalaci\u00f3n, provocando la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,47 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:4d:4d:19:r8:*:*:*:*:*:*",
"matchCriteriaId": "626249AD-1971-4665-B370-221B29BC7644"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:4d:server:19:r8:*:*:*:*:*:*",
"matchCriteriaId": "7677CD7F-7041-433F-ACC2-FAF967509CC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-480xx/CVE-2023-48016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48016",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T03:15:07.453",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:36:49.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Restaurant Table Booking System V1.0 es vulnerable a la inyecci\u00f3n SQL en rtbs/admin/index.php a trav\u00e9s del par\u00e1metro de nombre de usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:restaurant_table_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02963BE3-61BC-41D5-82BA-71B773AA8FA0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Serhatcck/cves/blob/main/CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

63
CVE-2023/CVE-2023-483xx/CVE-2023-48333.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48333",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:09.310",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:25:08.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Pluggabl LLC Booster para WooCommerce. Este problema afecta a Booster para WooCommerce: desde n/a hasta 7.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.1.1",
"matchCriteriaId": "53D63779-759F-4AD5-A0D4-65195A6A805D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-1-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-488xx/CVE-2023-48802.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-48802",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.727",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:05:11.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
},
{
"lang": "es",
"value": "En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la funci\u00f3n sub_4119A0 obtiene campos del front-end a trav\u00e9s de Uci_ Set_. La funci\u00f3n Str cuando se pasa a la funci\u00f3n CsteSystem crea una vulnerabilidad de ejecuci\u00f3n de comandos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-6-9541a9b3387a40de856a1cad692ba8d4?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-488xx/CVE-2023-48813.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-48813",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T16:15:07.487",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:53:57.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php."
},
{
"lang": "es",
"value": "Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de admin/modules/reporting/customs/fines_report.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slims:senayan_library_management_system_bulian:9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0439647C-9560-44A0-B186-BFDF828ECD17"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-fines_report.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/slims/slims9_bulian/issues/217",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

79
CVE-2023/CVE-2023-488xx/CVE-2023-48842.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-48842",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T16:15:07.550",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:54:07.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link Go-RT-AC750 revA_v101b03 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro de servicio en hedwig.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*",
"matchCriteriaId": "11857770-E809-483A-993F-1C827428B334"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:go-rt-ac750:revision_a:*:*:*:*:*:*:*",
"matchCriteriaId": "426BE281-6336-4A4E-892B-CE8BBCA8ABF7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1y5om__f2SAhNmcPqDxC_SRTvJVAWwPcH/view?usp=drive_link",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

4
CVE-2023/CVE-2023-488xx/CVE-2023-48859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48859",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T15:15:06.967",
"lastModified": "2023-12-06T15:15:06.967",
"vulnStatus": "Received",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-488xx/CVE-2023-48893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48893",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T16:15:07.607",
"lastModified": "2023-12-05T07:15:07.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:53:44.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de admin/modules/reporting/customs/staff_act.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slims:senayan_library_management_system_bulian:9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0439647C-9560-44A0-B186-BFDF828ECD17"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-staff_act.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/slims/slims9_bulian/issues/209",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-488xx/CVE-2023-48894.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48894",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T22:15:09.077",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:48:22.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function."
},
{
"lang": "es",
"value": "Vulnerabilidad de control de acceso incorrecto en jshERP V3.3 permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n doFilter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huaxiaerp:jsherp:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81F91FC3-1573-49FF-A1CE-B660D8BF2278"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/jishenghua/jshERP/issues/98",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

60
CVE-2023/CVE-2023-490xx/CVE-2023-49083.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49083",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T19:15:07.967",
"lastModified": "2023-12-05T02:15:06.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:12:03.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*",
"versionStartIncluding": "3.1",
"versionEndExcluding": "41.0.6",
"matchCriteriaId": "D82EE66F-7D6B-4710-8F2B-08F1819F6860"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pyca/cryptography/pull/9926",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-490xx/CVE-2023-49087.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49087",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T06:15:47.173",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:49:44.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simplesamlphp:saml2:5.0.0:alpha12:*:*:*:*:*:*",
"matchCriteriaId": "96D08664-7238-4C52-B40E-F32E304DE2D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simplesamlphp:xml-security:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1375D1-EBBE-4AD5-8271-457C64C948BD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-490xx/CVE-2023-49092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49092",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T21:15:08.530",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:47:43.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rust-lang:rsa:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "600DB2C9-3C8D-4C14-A69F-B5EE18B99EB6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-493xx/CVE-2023-49371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T15:15:07.817",
"lastModified": "2023-12-06T13:15:07.227",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-06T18:58:20.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 que RuoYi hasta v4.6 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de /system/dept/edit."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.6.0",
"matchCriteriaId": "CD05AA5C-0071-43CF-AF08-48FE02254AF1"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Maverickfir/53405b944b2830b43a84abf4b1734847",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/Maverickfir/RuoYi-v4.6-vulnerability/blob/main/Ruoyiv4.6.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

94
CVE-2023/CVE-2023-52xx/CVE-2023-5226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5226",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:12.003",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:57:33.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "7269551A-80EB-4E8B-8022-0B66994C7601"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "B9CF956D-DF30-47A7-8710-262AC4C76F2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*",
"matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/426400",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2173053",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-56xx/CVE-2023-5634.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5634",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-12-01T14:15:07.967",
"lastModified": "2023-12-01T14:49:03.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:59:59.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: before v1.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en ArslanSoft Education Portal permite la inyecci\u00f3n SQL. Este problema afecta a Education Portal: versiones anteriores a v1.1."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1",
"matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0670",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-56xx/CVE-2023-5635.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5635",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-12-01T14:15:08.190",
"lastModified": "2023-12-01T14:49:03.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:59:51.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.This issue affects Education Portal: before v1.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de protecci\u00f3n inadecuada para mensajes de error salientes y se\u00f1ales de alerta en ArslanSoft Education Portal permite Account Footprinting. Este problema afecta a Education Portal: versiones anteriores a v1.1."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1",
"matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0670",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-56xx/CVE-2023-5636.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5636",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-12-01T14:15:08.393",
"lastModified": "2023-12-01T14:49:03.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:59:28.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1.\n\n"
},
{
"lang": "es",
"value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ArslanSoft Education Portal permite la inyecci\u00f3n de comandos. Este problema afecta a Education Portal: versiones anteriores a v1.1."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1",
"matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0670",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-56xx/CVE-2023-5637.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5637",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-12-01T14:15:08.607",
"lastModified": "2023-12-01T14:49:03.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:59:08.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1.\n\n"
},
{
"lang": "es",
"value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ArslanSoft Education Portal permite leer cadenas confidenciales dentro de un ejecutable. Este problema afecta a Education Portal: versiones anteriores a v1.1."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1",
"matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0670",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-59xx/CVE-2023-5965.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5965",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:12.943",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:21:03.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution."
},
{
"lang": "es",
"value": "Un atacante con privilegios autenticados podr\u00eda cargar un zip especialmente manipulado en el servidor EspoCRM en la versi\u00f3n 7.2.5, a trav\u00e9s del formulario de actualizaci\u00f3n, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo PHP arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.2",
"matchCriteriaId": "D2AF385B-24CA-4DFB-A10B-866AC9FF31BD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-59xx/CVE-2023-5966.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5966",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:13.450",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:16:00.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution."
},
{
"lang": "es",
"value": "Un atacante con privilegios autenticados podr\u00eda cargar un zip especialmente manipulado en el servidor EspoCRM en la versi\u00f3n 7.2.5, a trav\u00e9s del formulario de implementaci\u00f3n de la extensi\u00f3n, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo PHP arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.2",
"matchCriteriaId": "D2AF385B-24CA-4DFB-A10B-866AC9FF31BD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-59xx/CVE-2023-5995.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5995",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:13.033",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:52:42.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "2F963AF1-CC28-43B9-A5F2-1F1722B87D04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425361",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2138880",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-60xx/CVE-2023-6033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6033",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:13.633",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:53:10.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,76 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.10",
"versionEndExcluding": "16.6.1",
"matchCriteriaId": "D7E9318B-8CA3-49D0-9359-4DB5CE76491F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.10",
"versionEndExcluding": "16.6.1",
"matchCriteriaId": "54546976-4D6A-40EC-B080-5C2CF88B14AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "E74DD7CD-128A-4584-9A20-0206F3275766"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "9403AA96-9680-4679-9C30-139C05FD328E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431201",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2236039",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-62xx/CVE-2023-6288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6288",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-12-06T14:15:07.677",
"lastModified": "2023-12-06T14:15:07.677",
"vulnStatus": "Received",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

77
CVE-2023/CVE-2023-63xx/CVE-2023-6342.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6342",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.380",
"lastModified": "2023-11-30T21:15:09.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:19:36.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and \n'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable \"pay for print\" feature was removed on or around 2023-11-01."
},
{
"lang": "es",
"value": "Tyler Technologies Court Case Management Plus permite a un atacante remoto autenticarse como cualquier usuario manipulando al menos los par\u00e1metros 'CmWebSearchPfp/Login.aspx?xyzldk=' y 'payforprint_CM/Redirector.ashx?userid='. La funci\u00f3n vulnerable \"pagar por imprimir\" se elimin\u00f3 el 1 de noviembre de 2023 o alrededor de esa fecha."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,22 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
}
]
}

87
CVE-2023/CVE-2023-63xx/CVE-2023-6343.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6343",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.573",
"lastModified": "2023-11-30T21:15:09.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:19:15.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n\n\n"
},
{
"lang": "es",
"value": "Tyler Technologies Court Case Management Plus permite a un atacante remoto no autenticado enumerar y acceder a archivos confidenciales utilizando los par\u00e1metros tiffserver/tssp.aspx 'FN' y 'PN'. Este comportamiento est\u00e1 relacionado con el uso de una versi\u00f3n obsoleta de Aquaforest TIFF Server, posiblemente 2.x. La funci\u00f3n vulnerable del servidor TIFF de Aquaforest se elimin\u00f3 el 1 de noviembre de 2023 o alrededor de esa fecha. Los problemas de configuraci\u00f3n insegura en Aquaforest TIFF Server se identifican por separado como CVE-2023-6352. CVE-2023-6343 es similar a CVE-2020-9323. CVE-2023-6343 est\u00e1 relacionado o parcialmente causado por CVE-2023-6352."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,30 +80,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.aquaforest.com/blog/tiff-server-security-update",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
}
]
}

87
CVE-2023/CVE-2023-63xx/CVE-2023-6344.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6344",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:08.767",
"lastModified": "2023-11-30T21:15:09.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:18:18.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n"
},
{
"lang": "es",
"value": "Tyler Technologies Court Case Management Plus permite a un atacante remoto no autenticado enumerar directorios utilizando el par\u00e1metro tiffserver/te003.aspx o te004.aspx 'ifolder'. Este comportamiento est\u00e1 relacionado con el uso de una versi\u00f3n obsoleta de Aquaforest TIFF Server, posiblemente 2.x. La funci\u00f3n vulnerable del servidor TIFF de Aquaforest se elimin\u00f3 el 1 de noviembre de 2023 o alrededor de esa fecha. Los problemas de configuraci\u00f3n insegura en Aquaforest TIFF Server se identifican por separado como CVE-2023-6352. CVE-2023-6343 est\u00e1 relacionado o parcialmente causado por CVE-2023-6352."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,30 +80,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.aquaforest.com/blog/tiff-server-security-update",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-63xx/CVE-2023-6353.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6353",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.147",
"lastModified": "2023-11-30T21:15:09.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:18:09.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.\n\n\n\n"
},
{
"lang": "es",
"value": "Tyler Technologies Civil and Criminal Electronic Filing permite que un atacante remoto no autenticado cargue, elimine y vea archivos manipulando el par\u00e1metro Upload.aspx 'enky'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,22 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-63xx/CVE-2023-6354.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6354",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.333",
"lastModified": "2023-11-30T21:15:09.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T18:18:01.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.\n\n\n"
},
{
"lang": "es",
"value": "Tyler Technologies Magistrate Court Case Management Plus permite a un atacante remoto no autenticado cargar, eliminar y ver archivos manipulando el par\u00e1metro 'nombre de archivo' PDFViewer.aspx."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,22 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-63xx/CVE-2023-6375.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6375",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-30T18:15:09.523",
"lastModified": "2023-11-30T21:15:09.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:11:21.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.\n\n\n"
},
{
"lang": "es",
"value": "Tyler Technologies Court Case Management Plus puede almacenar copias de seguridad en una ubicaci\u00f3n a la que pueda acceder un atacante remoto no autenticado. Las copias de seguridad pueden contener informaci\u00f3n confidencial, como credenciales de bases de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,22 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
}
]
}

59
CVE-2023/CVE-2023-63xx/CVE-2023-6393.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6393",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-06T17:15:07.377",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial \"completion\" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6393",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253113",
"source": "secalert@redhat.com"
}
]
}

64
CVE-2023/CVE-2023-64xx/CVE-2023-6439.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6439",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-30T20:15:07.027",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T17:10:16.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en ZenTao PMS 18.8 y clasificada como problem\u00e1tica. Una funcionalidad desconocida es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-246439."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easycorp:zentao:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "16FF4A74-229E-4592-87A9-DADF11B5622A"
}
]
}
]
}
],
"references": [
{
"url": "https://1drv.ms/w/s!AgMfVZkPO1NWgR2_sUsSJF67lvbG?e=SStrt5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246439",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.246439",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

57
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-06T17:00:58.971340+00:00
2023-12-06T19:00:18.767547+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-06T16:55:22.653000+00:00
2023-12-06T18:59:59.893000+00:00
```
### Last Data Feed Release
@ -29,38 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232415
232418
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `3`
* [CVE-2023-48859](CVE-2023/CVE-2023-488xx/CVE-2023-48859.json) (`2023-12-06T15:15:06.967`)
* [CVE-2023-36655](CVE-2023/CVE-2023-366xx/CVE-2023-36655.json) (`2023-12-06T16:15:07.047`)
* [CVE-2023-39538](CVE-2023/CVE-2023-395xx/CVE-2023-39538.json) (`2023-12-06T16:15:07.277`)
* [CVE-2023-39539](CVE-2023/CVE-2023-395xx/CVE-2023-39539.json) (`2023-12-06T16:15:07.510`)
* [CVE-2023-39326](CVE-2023/CVE-2023-393xx/CVE-2023-39326.json) (`2023-12-06T17:15:07.147`)
* [CVE-2023-45285](CVE-2023/CVE-2023-452xx/CVE-2023-45285.json) (`2023-12-06T17:15:07.320`)
* [CVE-2023-6393](CVE-2023/CVE-2023-63xx/CVE-2023-6393.json) (`2023-12-06T17:15:07.377`)
### CVEs modified in the last Commit
Recently modified CVEs: `15`
Recently modified CVEs: `66`
* [CVE-2023-6298](CVE-2023/CVE-2023-62xx/CVE-2023-6298.json) (`2023-12-06T15:15:07.027`)
* [CVE-2023-39166](CVE-2023/CVE-2023-391xx/CVE-2023-39166.json) (`2023-12-06T15:15:36.487`)
* [CVE-2023-32123](CVE-2023/CVE-2023-321xx/CVE-2023-32123.json) (`2023-12-06T15:15:43.370`)
* [CVE-2023-31230](CVE-2023/CVE-2023-312xx/CVE-2023-31230.json) (`2023-12-06T15:15:51.843`)
* [CVE-2023-47870](CVE-2023/CVE-2023-478xx/CVE-2023-47870.json) (`2023-12-06T15:21:19.540`)
* [CVE-2023-22523](CVE-2023/CVE-2023-225xx/CVE-2023-22523.json) (`2023-12-06T16:15:06.897`)
* [CVE-2023-22524](CVE-2023/CVE-2023-225xx/CVE-2023-22524.json) (`2023-12-06T16:15:06.983`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-06T16:15:07.100`)
* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-12-06T16:15:07.687`)
* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-06T16:27:43.533`)
* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-06T16:28:18.557`)
* [CVE-2023-39226](CVE-2023/CVE-2023-392xx/CVE-2023-39226.json) (`2023-12-06T16:45:39.013`)
* [CVE-2023-6442](CVE-2023/CVE-2023-64xx/CVE-2023-6442.json) (`2023-12-06T16:53:05.960`)
* [CVE-2023-6440](CVE-2023/CVE-2023-64xx/CVE-2023-6440.json) (`2023-12-06T16:54:08.450`)
* [CVE-2023-47454](CVE-2023/CVE-2023-474xx/CVE-2023-47454.json) (`2023-12-06T16:55:22.653`)
* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-12-06T18:47:43.140`)
* [CVE-2023-48894](CVE-2023/CVE-2023-488xx/CVE-2023-48894.json) (`2023-12-06T18:48:22.700`)
* [CVE-2023-47207](CVE-2023/CVE-2023-472xx/CVE-2023-47207.json) (`2023-12-06T18:48:48.427`)
* [CVE-2023-46690](CVE-2023/CVE-2023-466xx/CVE-2023-46690.json) (`2023-12-06T18:49:11.797`)
* [CVE-2023-32268](CVE-2023/CVE-2023-322xx/CVE-2023-32268.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-6288](CVE-2023/CVE-2023-62xx/CVE-2023-6288.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-48859](CVE-2023/CVE-2023-488xx/CVE-2023-48859.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-36655](CVE-2023/CVE-2023-366xx/CVE-2023-36655.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-39538](CVE-2023/CVE-2023-395xx/CVE-2023-39538.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-39539](CVE-2023/CVE-2023-395xx/CVE-2023-39539.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-26024](CVE-2023/CVE-2023-260xx/CVE-2023-26024.json) (`2023-12-06T18:51:10.323`)
* [CVE-2023-5995](CVE-2023/CVE-2023-59xx/CVE-2023-5995.json) (`2023-12-06T18:52:42.327`)
* [CVE-2023-42006](CVE-2023/CVE-2023-420xx/CVE-2023-42006.json) (`2023-12-06T18:52:49.500`)
* [CVE-2023-6033](CVE-2023/CVE-2023-60xx/CVE-2023-6033.json) (`2023-12-06T18:53:10.447`)
* [CVE-2023-48893](CVE-2023/CVE-2023-488xx/CVE-2023-48893.json) (`2023-12-06T18:53:44.693`)
* [CVE-2023-48813](CVE-2023/CVE-2023-488xx/CVE-2023-48813.json) (`2023-12-06T18:53:57.517`)
* [CVE-2023-48842](CVE-2023/CVE-2023-488xx/CVE-2023-48842.json) (`2023-12-06T18:54:07.467`)
* [CVE-2023-4518](CVE-2023/CVE-2023-45xx/CVE-2023-4518.json) (`2023-12-06T18:55:10.680`)
* [CVE-2023-5226](CVE-2023/CVE-2023-52xx/CVE-2023-5226.json) (`2023-12-06T18:57:33.787`)
* [CVE-2023-49371](CVE-2023/CVE-2023-493xx/CVE-2023-49371.json) (`2023-12-06T18:58:20.680`)
* [CVE-2023-45168](CVE-2023/CVE-2023-451xx/CVE-2023-45168.json) (`2023-12-06T18:58:31.920`)
* [CVE-2023-5637](CVE-2023/CVE-2023-56xx/CVE-2023-5637.json) (`2023-12-06T18:59:08.660`)
* [CVE-2023-5636](CVE-2023/CVE-2023-56xx/CVE-2023-5636.json) (`2023-12-06T18:59:28.783`)
* [CVE-2023-5635](CVE-2023/CVE-2023-56xx/CVE-2023-5635.json) (`2023-12-06T18:59:51.757`)
* [CVE-2023-5634](CVE-2023/CVE-2023-56xx/CVE-2023-5634.json) (`2023-12-06T18:59:59.893`)
## Download and Usage