From 25a3ec66081dceac1d24bae1cd705ea103d6cbae Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 6 Dec 2023 19:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-12-06T19:00:18.767547+00:00 --- CVE-2023/CVE-2023-250xx/CVE-2023-25057.json | 63 ++++++- CVE-2023/CVE-2023-260xx/CVE-2023-26024.json | 63 ++++++- CVE-2023/CVE-2023-265xx/CVE-2023-26533.json | 63 ++++++- CVE-2023/CVE-2023-322xx/CVE-2023-32268.json | 4 +- CVE-2023/CVE-2023-34xx/CVE-2023-3443.json | 96 ++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36507.json | 63 ++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36523.json | 63 ++++++- CVE-2023/CVE-2023-366xx/CVE-2023-36655.json | 4 +- CVE-2023/CVE-2023-393xx/CVE-2023-39326.json | 32 ++++ CVE-2023/CVE-2023-395xx/CVE-2023-39538.json | 4 +- CVE-2023/CVE-2023-395xx/CVE-2023-39539.json | 4 +- CVE-2023/CVE-2023-39xx/CVE-2023-3949.json | 96 ++++++++++- CVE-2023/CVE-2023-39xx/CVE-2023-3964.json | 96 ++++++++++- CVE-2023/CVE-2023-420xx/CVE-2023-42006.json | 83 ++++++++- CVE-2023/CVE-2023-430xx/CVE-2023-43089.json | 61 ++++++- CVE-2023/CVE-2023-434xx/CVE-2023-43453.json | 85 ++++++++- CVE-2023/CVE-2023-434xx/CVE-2023-43454.json | 85 ++++++++- CVE-2023/CVE-2023-434xx/CVE-2023-43455.json | 85 ++++++++- CVE-2023/CVE-2023-451xx/CVE-2023-45168.json | 76 ++++++++- CVE-2023/CVE-2023-452xx/CVE-2023-45283.json | 16 +- CVE-2023/CVE-2023-452xx/CVE-2023-45285.json | 32 ++++ CVE-2023/CVE-2023-458xx/CVE-2023-45834.json | 63 ++++++- CVE-2023/CVE-2023-45xx/CVE-2023-4518.json | 180 +++++++++++++++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46383.json | 74 +++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46384.json | 74 +++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46385.json | 74 +++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46386.json | 113 +++++++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46387.json | 113 +++++++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46388.json | 113 +++++++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46389.json | 113 +++++++++++- CVE-2023/CVE-2023-466xx/CVE-2023-46690.json | 61 ++++++- CVE-2023/CVE-2023-468xx/CVE-2023-46820.json | 63 ++++++- CVE-2023/CVE-2023-469xx/CVE-2023-46956.json | 68 +++++++- CVE-2023/CVE-2023-472xx/CVE-2023-47207.json | 61 ++++++- CVE-2023/CVE-2023-472xx/CVE-2023-47279.json | 61 ++++++- CVE-2023/CVE-2023-474xx/CVE-2023-47452.json | 67 +++++++- CVE-2023/CVE-2023-474xx/CVE-2023-47453.json | 67 +++++++- CVE-2023/CVE-2023-475xx/CVE-2023-47521.json | 51 +++++- CVE-2023/CVE-2023-47xx/CVE-2023-4770.json | 67 +++++++- CVE-2023/CVE-2023-480xx/CVE-2023-48016.json | 63 ++++++- CVE-2023/CVE-2023-483xx/CVE-2023-48333.json | 63 ++++++- CVE-2023/CVE-2023-488xx/CVE-2023-48802.json | 80 ++++++++- CVE-2023/CVE-2023-488xx/CVE-2023-48813.json | 73 +++++++- CVE-2023/CVE-2023-488xx/CVE-2023-48842.json | 79 ++++++++- CVE-2023/CVE-2023-488xx/CVE-2023-48859.json | 4 +- CVE-2023/CVE-2023-488xx/CVE-2023-48893.json | 69 +++++++- CVE-2023/CVE-2023-488xx/CVE-2023-48894.json | 68 +++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49083.json | 60 ++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49087.json | 57 ++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49092.json | 63 ++++++- CVE-2023/CVE-2023-493xx/CVE-2023-49371.json | 69 +++++++- CVE-2023/CVE-2023-52xx/CVE-2023-5226.json | 94 +++++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5634.json | 31 +++- CVE-2023/CVE-2023-56xx/CVE-2023-5635.json | 31 +++- CVE-2023/CVE-2023-56xx/CVE-2023-5636.json | 31 +++- CVE-2023/CVE-2023-56xx/CVE-2023-5637.json | 31 +++- CVE-2023/CVE-2023-59xx/CVE-2023-5965.json | 51 +++++- CVE-2023/CVE-2023-59xx/CVE-2023-5966.json | 51 +++++- CVE-2023/CVE-2023-59xx/CVE-2023-5995.json | 77 ++++++++- CVE-2023/CVE-2023-60xx/CVE-2023-6033.json | 100 ++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6288.json | 4 +- CVE-2023/CVE-2023-63xx/CVE-2023-6342.json | 77 ++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6343.json | 87 +++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6344.json | 87 +++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6353.json | 77 ++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6354.json | 77 ++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6375.json | 77 ++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6393.json | 59 +++++++ CVE-2023/CVE-2023-64xx/CVE-2023-6439.json | 64 ++++++- README.md | 57 ++++--- 70 files changed, 4278 insertions(+), 290 deletions(-) create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39326.json create mode 100644 CVE-2023/CVE-2023-452xx/CVE-2023-45285.json create mode 100644 CVE-2023/CVE-2023-63xx/CVE-2023-6393.json diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25057.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25057.json index bdc56c83e64..a07c0ef5e1d 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25057.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25057.json @@ -2,16 +2,40 @@ "id": "CVE-2023-25057", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T16:15:07.903", - "lastModified": "2023-11-30T17:12:39.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:24:39.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Libsyn Libsyn Publisher Hub. Este problema afecta a Libsyn Publisher Hub: desde n/a hasta 1.3.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libsyn:libsyn_publisher_hub:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.2", + "matchCriteriaId": "91CBEB41-2898-4607-A783-131D19F57EB6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-3-2-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26024.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26024.json index ec00bce3763..3c1b03cc350 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26024.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26024.json @@ -2,16 +2,40 @@ "id": "CVE-2023-26024", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-01T19:15:07.640", - "lastModified": "2023-12-03T16:37:34.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:51:10.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898." + }, + { + "lang": "es", + "value": "IBM Planning Analytics on Cloud Pak for Data 4.0 podr\u00eda permitir que un atacante en una red compartida obtenga informaci\u00f3n confidencial causada por una comunicaci\u00f3n de red insegura. ID de IBM X-Force: 247898." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:planning_analytics_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "926BDD37-F861-4701-AFAD-E351C2F29F97" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247898", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://https://www.ibm.com/support/pages/node/7082784", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "https://www.ibm.com/support/pages/node/7082784", + "source": "nvd@nist.gov", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26533.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26533.json index e8e4cf68912..bc20b8fa977 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26533.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26533.json @@ -2,16 +2,40 @@ "id": "CVE-2023-26533", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T16:15:08.490", - "lastModified": "2023-11-30T17:12:39.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:43:35.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Gesundheit Bewegt GmbH Zippy. Este problema afecta a Zippy: desde n/a hasta 1.6.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gesundheit-bewegt:zippy:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.1", + "matchCriteriaId": "BF6D6D57-4939-4DE3-B2D4-D0224E54E23D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-1-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32268.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32268.json index a8a52de736e..5f09b05ff70 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32268.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32268.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32268", "sourceIdentifier": "security@opentext.com", "published": "2023-12-06T14:15:07.347", - "lastModified": "2023-12-06T14:15:07.347", - "vulnStatus": "Received", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3443.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3443.json index 9b8323b1df8..ba9ac1a61c8 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3443.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3443.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3443", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-01T07:15:07.600", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:31:10.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "12.1.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "5C01C1BA-42EF-451E-911B-9D8CBEBC711A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "12.1.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "AA7BF2A9-47BC-4F49-B706-C9CB817E405F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*", + "matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416497", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2036500", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36507.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36507.json index 90aba99b9bb..d856ac221a2 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36507.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36507.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36507", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T16:15:08.693", - "lastModified": "2023-11-30T17:12:39.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:42:58.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Repute Infosystems BookingPress: Appointment Booking Calendar Plugin and Online Scheduling Plugin. Este problema afecta a BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: desde n/a hasta 1.0.64." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.64", + "matchCriteriaId": "C0915F97-5305-4324-94BD-DECE0DAFEC86" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-64-unauthenticated-server-information-disclosure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36523.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36523.json index aab8e119a7b..9135dde4b45 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36523.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36523.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36523", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T16:15:08.893", - "lastModified": "2023-11-30T17:12:39.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:43:14.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el enlace de descarga del correo electr\u00f3nico de Gopi Ramasamy. Este problema afecta el enlace de descarga del correo electr\u00f3nico: desde n/a hasta 3.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:email_download_link:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7", + "matchCriteriaId": "39D3AC1C-43BF-4503-AEF6-D6D913E24C26" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/email-download-link/wordpress-email-download-link-plugin-3-7-sensitive-data-exposure?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36655.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36655.json index 79a2932d40b..931765a58f6 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36655.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36655.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36655", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-06T16:15:07.047", - "lastModified": "2023-12-06T16:15:07.047", - "vulnStatus": "Received", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39326.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39326.json new file mode 100644 index 00000000000..b5df2ed4bac --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39326.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-39326", + "sourceIdentifier": "security@golang.org", + "published": "2023-12-06T17:15:07.147", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/547335", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/64433", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2023-2382", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39538.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39538.json index 08fa24c767c..76e5f3ed4b5 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39538.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39538.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39538", "sourceIdentifier": "biossecurity@ami.com", "published": "2023-12-06T16:15:07.277", - "lastModified": "2023-12-06T16:15:07.277", - "vulnStatus": "Received", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39539.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39539.json index 4b1c9e09a9b..34ebbc51f7c 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39539.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39539.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39539", "sourceIdentifier": "biossecurity@ami.com", "published": "2023-12-06T16:15:07.510", - "lastModified": "2023-12-06T16:15:07.510", - "vulnStatus": "Received", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3949.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3949.json index 7c2cf039dd9..4827bc21219 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3949.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3949.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3949", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-01T07:15:08.973", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:31:54.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "11.3.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "EAC69A79-4900-45F1-A299-E449ED2D0057" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "11.3.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "79FABBE9-AC1C-46A9-8337-C2352E29B3C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*", + "matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419664", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2079374", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3964.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3964.json index fe179ebcc58..105665a5b3c 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3964.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3964.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3964", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-01T07:15:09.620", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:32:45.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "13.2.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "21810033-2473-41F9-9001-CCCE1DB23783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "13.2.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "EEC3E75B-194E-400C-8985-F50F144D1DDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*", + "matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419857", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2037316", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-420xx/CVE-2023-42006.json b/CVE-2023/CVE-2023-420xx/CVE-2023-42006.json index bdbdc80f15d..0f270c46346 100644 --- a/CVE-2023/CVE-2023-420xx/CVE-2023-42006.json +++ b/CVE-2023/CVE-2023-420xx/CVE-2023-42006.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42006", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-01T17:15:07.297", - "lastModified": "2023-12-03T16:37:34.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:52:49.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266." + }, + { + "lang": "es", + "value": "IBM Administration Runtime Expert para i 7.2, 7.3, 7.4 y 7.5 podr\u00eda permitir a un usuario local obtener informaci\u00f3n confidencial causada por comprobaciones de autoridad inadecuadas. ID de IBM X-Force: 265266." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +58,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5E41BD05-37B8-4494-9344-506D4BCF43C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "DD4F4919-D935-4B81-B4E8-0E0F2DAC09B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", + "matchCriteriaId": "AE2B298C-E1F6-43BD-A5EF-83964C6669CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*", + "matchCriteriaId": "88B74622-BDB2-43AE-A91F-FADEC4B64B4F" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265266", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7085891", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43089.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43089.json index cad6edc0ed9..08c74eb79c1 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43089.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43089.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43089", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-01T02:15:07.063", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:38:41.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.\n\n" + }, + { + "lang": "es", + "value": "Dell Rugged Control Center, versi\u00f3n anterior a 4.7, no contiene protecci\u00f3n suficiente para la carpeta Pol\u00edtica. Un usuario est\u00e1ndar malicioso local podr\u00eda explotar esta vulnerabilidad para modificar el contenido del archivo de pol\u00edtica, lo que provocar\u00eda un acceso no autorizado a los recursos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:rugged_control_center:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7", + "matchCriteriaId": "01646831-B95F-4537-A0D0-0BE43594030B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43453.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43453.json index f4b0851f7b1..aa4dc27bc6d 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43453.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43453.json @@ -2,19 +2,96 @@ "id": "CVE-2023-43453", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T02:15:07.267", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:37:21.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component." + }, + { + "lang": "es", + "value": "Un problema en TOTOLINK X6000R V9.4.0cu.652_B20230116 y V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro IP del componente setDiagnosisCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D2CE74-D049-404D-9209-A8CEC98E046A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*", + "matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6000R/2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43454.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43454.json index 0c1c6f4ed9d..291cf1c3357 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43454.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43454.json @@ -2,19 +2,96 @@ "id": "CVE-2023-43454", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T02:15:07.320", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:37:12.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component." + }, + { + "lang": "es", + "value": "Un problema en TOTOLINK X6000R V9.4.0cu.652_B20230116 y V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro hostName del componente switchOpMode." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D2CE74-D049-404D-9209-A8CEC98E046A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*", + "matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6000R/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43455.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43455.json index d0bbe1c7a8a..f0451983d94 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43455.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43455.json @@ -2,19 +2,96 @@ "id": "CVE-2023-43455", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T02:15:07.367", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:37:02.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component." + }, + { + "lang": "es", + "value": "Un problema en TOTOLINK X6000R V9.4.0cu.652_B20230116 y V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de comando del componente setTracerouteCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D2CE74-D049-404D-9209-A8CEC98E046A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*", + "matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/tharsis1024/vuln/blob/main/TOTOLINK/X6000R/3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45168.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45168.json index ffcde32f488..30ec3e31c88 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45168.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45168.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45168", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-01T15:15:07.623", - "lastModified": "2023-12-03T16:37:37.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:58:31.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando invscout para ejecutar comandos arbitrarios. ID de IBM X-Force: 267966." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +80,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267966", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7086090", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45283.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45283.json index f047d576fb4..09e22c559e8 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45283.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45283.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45283", "sourceIdentifier": "security@golang.org", "published": "2023-11-09T17:15:08.757", - "lastModified": "2023-12-06T03:15:07.377", + "lastModified": "2023-12-06T17:15:07.233", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name." + "value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored." }, { "lang": "es", @@ -100,6 +100,10 @@ "Vendor Advisory" ] }, + { + "url": "https://go.dev/cl/541175", + "source": "security@golang.org" + }, { "url": "https://go.dev/issue/63713", "source": "security@golang.org", @@ -108,6 +112,10 @@ "Vendor Advisory" ] }, + { + "url": "https://go.dev/issue/64028", + "source": "security@golang.org" + }, { "url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "source": "security@golang.org", @@ -117,6 +125,10 @@ "Vendor Advisory" ] }, + { + "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "source": "security@golang.org" + }, { "url": "https://pkg.go.dev/vuln/GO-2023-2185", "source": "security@golang.org", diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45285.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45285.json new file mode 100644 index 00000000000..4a3b29632bf --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45285.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-45285", + "sourceIdentifier": "security@golang.org", + "published": "2023-12-06T17:15:07.320", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Using go get to fetch a module with the \".git\" suffix may unexpectedly fallback to the insecure \"git://\" protocol if the module is unavailable via the secure \"https://\" and \"git+ssh://\" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/540257", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/63845", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2023-2383", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45834.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45834.json index 01111ea28d1..4ecea7c6ac5 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45834.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45834.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45834", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T15:15:08.920", - "lastModified": "2023-11-30T15:16:38.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:29:22.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Libsyn Libsyn Publisher Hub. Este problema afecta a Libsyn Publisher Hub: desde n/a hasta 1.4.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libsyn:libsyn_publisher_hub:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.4", + "matchCriteriaId": "B491759C-9D32-480E-9D45-50A5A67FC488" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4518.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4518.json index 0e3b3e42aa6..169992676da 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4518.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4518.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4518", "sourceIdentifier": "cybersecurity@hitachienergy.com", "published": "2023-12-01T15:15:07.860", - "lastModified": "2023-12-03T16:37:37.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:55:10.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured.\u00a0" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad en la validaci\u00f3n de entrada de los mensajes GOOSE donde los valores fuera de rango recibidos y procesados por el IED provocaron un reinicio del dispositivo. Para que un atacante aproveche la vulnerabilidad, es necesario configurar los bloques receptores de ganso." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cybersecurity@hitachienergy.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1284" + } + ] + }, { "source": "cybersecurity@hitachienergy.com", "type": "Secondary", @@ -46,10 +80,150 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.0", + "versionEndExcluding": "2.2.2.6", + "matchCriteriaId": "1C4B7DA8-BA72-48E5-9E21-33FB1881E952" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.3", + "versionEndExcluding": "2.2.3.7", + "matchCriteriaId": "4949214C-03DE-489E-80E3-7DC4EFED7ACA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.4", + "versionEndExcluding": "2.2.4.4", + "matchCriteriaId": "53D9E635-5BDA-4383-9FE5-4AFA4148A5E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.5", + "versionEndExcluding": "2.2.5.6", + "matchCriteriaId": "64A83135-6909-4838-9429-1046CA824723" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ADA98332-543F-48A7-B63C-B39F679D47F0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.4", + "versionEndExcluding": "2.2.4.4", + "matchCriteriaId": "612B2549-82F9-4B7F-BDBD-95A562BF1EAE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.5", + "versionEndExcluding": "2.2.5.6", + "matchCriteriaId": "DC7C5065-1CEC-44DC-BF01-16FC02390583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3A406AD0-38C5-4C32-AA88-AA45EE97C315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "8A74BD43-D925-483C-98F7-5F5C32D3B6F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1C658029-20F4-411A-B1FE-B4E07D590775" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.5", + "versionEndExcluding": "2.2.5.6", + "matchCriteriaId": "264C95EE-756F-434E-9FA1-DC7878CEEF61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DB5C50F4-CF04-4C13-868A-F7ECE49DE01B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "7025C2A4-698E-408C-9567-8759B638AB90" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E73E9D1A-1DFE-4B7C-81F1-0809071A3DDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true", - "source": "cybersecurity@hitachienergy.com" + "source": "cybersecurity@hitachienergy.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json index 8724026b625..9ae6636aa7c 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json @@ -2,23 +2,87 @@ "id": "CVE-2023-46383", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.377", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:47:36.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration." + }, + { + "lang": "es", + "value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 utiliza autenticaci\u00f3n b\u00e1sica HTTP, que transmite nombres de usuario y contrase\u00f1as en texto plano codificado en base64 y permite a atacantes remotos robar la contrase\u00f1a y obtener control total de la configuraci\u00f3n del dispositivo Loytec." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "3C033CD9-3C86-4361-AFC1-BAC7B361F0BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://seclists.org/fulldisclosure/2023/Nov/6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json index 33cda781bc5..f12915cd6d0 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json @@ -2,23 +2,87 @@ "id": "CVE-2023-46384", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.423", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:47:18.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device." + }, + { + "lang": "es", + "value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. El almacenamiento de credenciales en texto plano permite a atacantes remotos revelar la contrase\u00f1a de administrador y omitir una autenticaci\u00f3n para iniciar sesi\u00f3n en el dispositivo Loytec." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "3C033CD9-3C86-4361-AFC1-BAC7B361F0BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://seclists.org/fulldisclosure/2023/Nov/6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json index fd691d53437..3ae7b3de7c8 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json @@ -2,23 +2,87 @@ "id": "CVE-2023-46385", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.473", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:43:03.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration." + }, + { + "lang": "es", + "value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. Una credencial de administrador se pasa como un valor de los par\u00e1metros de URL sin cifrado, por lo que permite a atacantes remotos robar la contrase\u00f1a y obtener control total de la configuraci\u00f3n del dispositivo Loytec." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "3C033CD9-3C86-4361-AFC1-BAC7B361F0BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://seclists.org/fulldisclosure/2023/Nov/6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json index 12987f7e65e..6c2ba92fc09 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json @@ -2,23 +2,126 @@ "id": "CVE-2023-46386", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.520", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:42:31.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication." + }, + { + "lang": "es", + "value": "LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a permisos inseguros a trav\u00e9s del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticaci\u00f3n de correo electr\u00f3nico." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json index dd26c35f414..5787f94acd3 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json @@ -2,23 +2,126 @@ "id": "CVE-2023-46387", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.567", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:42:12.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration." + }, + { + "lang": "es", + "value": "LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a trav\u00e9s del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre la configuraci\u00f3n de puntos de datos del dispositivo Loytec." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json index 241e957f5be..1d9aa073653 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json @@ -2,23 +2,126 @@ "id": "CVE-2023-46388", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.613", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:41:39.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication." + }, + { + "lang": "es", + "value": "LOYTEC electronics GmbH LINX-212 6.2.4 y LINX-151 7.2.4 son vulnerables a permisos inseguros a trav\u00e9s del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticaci\u00f3n de correo electr\u00f3nico." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json index 3326de40e23..af2b0292bf1 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json @@ -2,23 +2,126 @@ "id": "CVE-2023-46389", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.660", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:39:54.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration." + }, + { + "lang": "es", + "value": "El firmware LINX-212 6.2.4 de LOYTEC electronics GmbH y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a trav\u00e9s del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre la configuraci\u00f3n de LINX." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "963786BE-1AC2-4E6F-A69D-59AE1389C7DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E62B5DA6-83D1-4582-B503-8A9B51A26E53" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46690.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46690.json index 85649316395..ee64137ac4b 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46690.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46690.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46690", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-30T22:15:08.313", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:49:11.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution." + }, + { + "lang": "es", + "value": "En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante escribir en cualquier archivo en cualquier ubicaci\u00f3n del sistema de archivos, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deltaww:infrasuite_device_master:1.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "ACA2272F-A8D8-487C-BA49-569D1410C49A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46820.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46820.json index 33b68f38356..4f28461fb53 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46820.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46820.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46820", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T15:15:09.120", - "lastModified": "2023-11-30T15:16:38.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:29:13.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Iulia Cazan Image Regenerate & Select Crop. Este problema afecta a Image Regenerate & Select Crop: desde n/a hasta 7.3.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iuliacazan:image_regenerate_\\&_select_crop:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.3.0", + "matchCriteriaId": "95656015-EF05-4906-958D-CC7F2DED553E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/image-regenerate-select-crop/wordpress-image-regenerate-select-crop-plugin-7-3-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46956.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46956.json index ebce061df9a..bee0b988510 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46956.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46956.json @@ -2,19 +2,79 @@ "id": "CVE-2023-46956", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.717", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:39:39.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Packers and Movers Management System v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el archivo /mpms/admin/?page=user/manage_user&id." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:packers_and_movers_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "00E7A5FB-799D-42CF-97F9-7250B4C49C6B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/geilihan/bug_reports/blob/main/packers-and-movers-management-system/SQL-1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47207.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47207.json index b906f29d698..022d79de4dd 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47207.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47207.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47207", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-30T22:15:08.873", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:48:48.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges." + }, + { + "lang": "es", + "value": "En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado ejecutar c\u00f3digo con privilegios de administrador local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deltaww:infrasuite_device_master:1.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "ACA2272F-A8D8-487C-BA49-569D1410C49A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47279.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47279.json index 31ffeb1fcef..95f61a65922 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47279.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47279.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47279", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-30T23:15:07.770", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:38:55.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying." + }, + { + "lang": "es", + "value": "En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado revelar informaci\u00f3n del usuario a trav\u00e9s de un \u00fanico paquete UDP, obtener credenciales de texto plano o realizar retransmisi\u00f3n NTLM." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deltaww:infrasuite_device_master:1.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "ACA2272F-A8D8-487C-BA49-569D1410C49A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47452.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47452.json index d76f932296b..6075c4edbce 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47452.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47452.json @@ -2,19 +2,78 @@ "id": "CVE-2023-47452", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T21:15:08.800", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:02:02.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en notepad++ 6.5 permite a los usuarios locales obtener privilegios aumentados a trav\u00e9s del archivo msimg32.dll en el directorio de trabajo actual." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "C1E62123-2C3B-405E-B5F1-DFB4C38F7681" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/xieqiang11/poc-1/tree/main", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47453.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47453.json index 6554838def7..c9b61aa5ee0 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47453.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47453.json @@ -2,19 +2,78 @@ "id": "CVE-2023-47453", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T21:15:08.847", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:01:25.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en Sohu Video Player 7.0.15.0 permite a los usuarios locales obtener privilegios aumentados a trav\u00e9s del archivo version.dll en el directorio de trabajo actual." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sohu:video_player:7.0.15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F2088FCF-9958-4268-B6C6-7DFBF14B2D53" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/xieqiang11/poc-2/tree/main", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47521.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47521.json index b105b7caab3..256bb111801 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47521.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47521.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47521", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T17:15:09.947", - "lastModified": "2023-11-30T17:30:19.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:53:58.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Max Bond, AndreSC Q2W3 Post Order permite XSS reflejado. Este problema afecta a Q2W3 Post Order: desde n/a hasta 1.2.8." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:q2w3:q2w3_post_order:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.8", + "matchCriteriaId": "DC5C9C6D-39C4-4836-8815-900070FFF36B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/q2w3-post-order/wordpress-q2w3-post-order-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4770.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4770.json index ef91306c84e..760c89f5cb8 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4770.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4770.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4770", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-30T14:15:11.880", - "lastModified": "2023-11-30T14:48:37.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:31:06.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad no controlada en un elemento de ruta de b\u00fasqueda en aplicaciones ejecutables de Windows de 4D y 4D server, afectando a la versi\u00f3n 19 R8 100218. Esta vulnerabilidad consiste en un secuestro de DLL reemplazando x64 shfolder.dll en la ruta de instalaci\u00f3n, provocando la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +70,47 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:4d:4d:19:r8:*:*:*:*:*:*", + "matchCriteriaId": "626249AD-1971-4665-B370-221B29BC7644" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:4d:server:19:r8:*:*:*:*:*:*", + "matchCriteriaId": "7677CD7F-7041-433F-ACC2-FAF967509CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48016.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48016.json index 2b24c823b4b..12953832c6d 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48016.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48016.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48016", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T03:15:07.453", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:36:49.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Restaurant Table Booking System V1.0 es vulnerable a la inyecci\u00f3n SQL en rtbs/admin/index.php a trav\u00e9s del par\u00e1metro de nombre de usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:restaurant_table_booking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "02963BE3-61BC-41D5-82BA-71B773AA8FA0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Serhatcck/cves/blob/main/CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48333.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48333.json index bd2a40d83f5..efc6ddc8b23 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48333.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48333.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48333", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T15:15:09.310", - "lastModified": "2023-11-30T15:16:38.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:25:08.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Pluggabl LLC Booster para WooCommerce. Este problema afecta a Booster para WooCommerce: desde n/a hasta 7.1.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.1.1", + "matchCriteriaId": "53D63779-759F-4AD5-A0D4-65195A6A805D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-1-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48802.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48802.json index b3d4d6de474..d8355a055bd 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48802.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48802.json @@ -2,19 +2,91 @@ "id": "CVE-2023-48802", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T18:15:07.727", - "lastModified": "2023-11-30T18:18:28.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:05:11.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability." + }, + { + "lang": "es", + "value": "En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la funci\u00f3n sub_4119A0 obtiene campos del front-end a trav\u00e9s de Uci_ Set_. La funci\u00f3n Str cuando se pasa a la funci\u00f3n CsteSystem crea una vulnerabilidad de ejecuci\u00f3n de comandos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*", + "matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.notion.so/X6000R-sub_4119A0-6-9541a9b3387a40de856a1cad692ba8d4?pvs=4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48813.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48813.json index 18e6836fff0..2e5543d5e68 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48813.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48813.json @@ -2,23 +2,86 @@ "id": "CVE-2023-48813", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T16:15:07.487", - "lastModified": "2023-12-03T16:37:34.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:53:57.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php." + }, + { + "lang": "es", + "value": "Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de admin/modules/reporting/customs/fines_report.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slims:senayan_library_management_system_bulian:9.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0439647C-9560-44A0-B186-BFDF828ECD17" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-fines_report.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/slims/slims9_bulian/issues/217", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48842.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48842.json index b3fdc60de3f..91328b55114 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48842.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48842.json @@ -2,19 +2,90 @@ "id": "CVE-2023-48842", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T16:15:07.550", - "lastModified": "2023-12-03T16:37:34.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:54:07.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que D-Link Go-RT-AC750 revA_v101b03 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro de servicio en hedwig.cgi." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*", + "matchCriteriaId": "11857770-E809-483A-993F-1C827428B334" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:go-rt-ac750:revision_a:*:*:*:*:*:*:*", + "matchCriteriaId": "426BE281-6336-4A4E-892B-CE8BBCA8ABF7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://drive.google.com/file/d/1y5om__f2SAhNmcPqDxC_SRTvJVAWwPcH/view?usp=drive_link", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48859.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48859.json index 9942e28eccc..82fd3ad47b6 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48859.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48859", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-06T15:15:06.967", - "lastModified": "2023-12-06T15:15:06.967", - "vulnStatus": "Received", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48893.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48893.json index 79c91bce243..7cc37c16dd6 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48893.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48893.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48893", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T16:15:07.607", - "lastModified": "2023-12-05T07:15:07.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:53:44.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de admin/modules/reporting/customs/staff_act.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slims:senayan_library_management_system_bulian:9.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0439647C-9560-44A0-B186-BFDF828ECD17" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-staff_act.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/slims/slims9_bulian/issues/209", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48894.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48894.json index 737d998f459..cd139a174da 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48894.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48894.json @@ -2,19 +2,79 @@ "id": "CVE-2023-48894", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T22:15:09.077", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:48:22.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de acceso incorrecto en jshERP V3.3 permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n doFilter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:huaxiaerp:jsherp:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "81F91FC3-1573-49FF-A1CE-B660D8BF2278" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/jishenghua/jshERP/issues/98", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json index ee58f854a7a..404f06630a4 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49083", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-29T19:15:07.967", - "lastModified": "2023-12-05T02:15:06.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:12:03.353", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*", + "versionStartIncluding": "3.1", + "versionEndExcluding": "41.0.6", + "matchCriteriaId": "D82EE66F-7D6B-4710-8F2B-08F1819F6860" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/pyca/cryptography/pull/9926", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49087.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49087.json index bc8aac335e4..b688a0d80b9 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49087.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49087.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49087", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-30T06:15:47.173", - "lastModified": "2023-11-30T13:39:13.380", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:49:44.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplesamlphp:saml2:5.0.0:alpha12:*:*:*:*:*:*", + "matchCriteriaId": "96D08664-7238-4C52-B40E-F32E304DE2D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplesamlphp:xml-security:1.6.11:*:*:*:*:*:*:*", + "matchCriteriaId": "3F1375D1-EBBE-4AD5-8271-457C64C948BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json index 1ae7a51995d..5e08c5c9aa0 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49092", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-28T21:15:08.530", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:47:43.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rust-lang:rsa:*:*:*:*:*:rust:*:*", + "matchCriteriaId": "600DB2C9-3C8D-4C14-A69F-B5EE18B99EB6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49371.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49371.json index a5393b42bdf..80c3c6d2f4d 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49371.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49371.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49371", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T15:15:07.817", - "lastModified": "2023-12-06T13:15:07.227", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-06T18:58:20.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Se descubri\u00f3 que RuoYi hasta v4.6 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de /system/dept/edit." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.6.0", + "matchCriteriaId": "CD05AA5C-0071-43CF-AF08-48FE02254AF1" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Maverickfir/53405b944b2830b43a84abf4b1734847", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/Maverickfir/RuoYi-v4.6-vulnerability/blob/main/Ruoyiv4.6.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5226.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5226.json index 6666397f917..23e7de83417 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5226.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5226.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5226", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-01T07:15:12.003", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:57:33.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,70 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "7269551A-80EB-4E8B-8022-0B66994C7601" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "B9CF956D-DF30-47A7-8710-262AC4C76F2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*", + "matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/426400", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2173053", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5634.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5634.json index f1d9e07530c..c8b8dac60ed 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5634.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5634.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5634", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-12-01T14:15:07.967", - "lastModified": "2023-12-01T14:49:03.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:59:59.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: before v1.1.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en ArslanSoft Education Portal permite la inyecci\u00f3n SQL. Este problema afecta a Education Portal: versiones anteriores a v1.1." } ], "metrics": { @@ -46,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0670", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5635.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5635.json index 7e6b02174a5..7de7d474ade 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5635.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5635.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5635", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-12-01T14:15:08.190", - "lastModified": "2023-12-01T14:49:03.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:59:51.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.This issue affects Education Portal: before v1.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de protecci\u00f3n inadecuada para mensajes de error salientes y se\u00f1ales de alerta en ArslanSoft Education Portal permite Account Footprinting. Este problema afecta a Education Portal: versiones anteriores a v1.1." } ], "metrics": { @@ -46,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0670", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5636.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5636.json index 3d5b0a4a8d3..103bc3bbf98 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5636.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5636.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5636", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-12-01T14:15:08.393", - "lastModified": "2023-12-01T14:49:03.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:59:28.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1.\n\n" + }, + { + "lang": "es", + "value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ArslanSoft Education Portal permite la inyecci\u00f3n de comandos. Este problema afecta a Education Portal: versiones anteriores a v1.1." } ], "metrics": { @@ -46,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0670", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5637.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5637.json index 05e9054e172..357e6930ec2 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5637.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5637.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5637", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-12-01T14:15:08.607", - "lastModified": "2023-12-01T14:49:03.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:59:08.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1.\n\n" + }, + { + "lang": "es", + "value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ArslanSoft Education Portal permite leer cadenas confidenciales dentro de un ejecutable. Este problema afecta a Education Portal: versiones anteriores a v1.1." } ], "metrics": { @@ -46,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "6A728C5C-53FC-4DD9-90D6-25FE3D3162CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0670", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5965.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5965.json index f646bee3000..007759db16d 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5965.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5965.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5965", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-30T14:15:12.943", - "lastModified": "2023-11-30T14:48:37.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:21:03.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution." + }, + { + "lang": "es", + "value": "Un atacante con privilegios autenticados podr\u00eda cargar un zip especialmente manipulado en el servidor EspoCRM en la versi\u00f3n 7.2.5, a trav\u00e9s del formulario de actualizaci\u00f3n, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo PHP arbitrario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.5.2", + "matchCriteriaId": "D2AF385B-24CA-4DFB-A10B-866AC9FF31BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5966.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5966.json index 253c2f766fe..aa4f6802490 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5966.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5966.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5966", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-30T14:15:13.450", - "lastModified": "2023-11-30T14:48:37.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:16:00.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution." + }, + { + "lang": "es", + "value": "Un atacante con privilegios autenticados podr\u00eda cargar un zip especialmente manipulado en el servidor EspoCRM en la versi\u00f3n 7.2.5, a trav\u00e9s del formulario de implementaci\u00f3n de la extensi\u00f3n, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo PHP arbitrario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.5.2", + "matchCriteriaId": "D2AF385B-24CA-4DFB-A10B-866AC9FF31BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5995.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5995.json index cfc5237934c..05753b0e1d2 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5995.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5995.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5995", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-01T07:15:13.033", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:52:42.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.2.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "2F963AF1-CC28-43B9-A5F2-1F1722B87D04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425361", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2138880", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6033.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6033.json index 79b985728c7..998c142628b 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6033.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6033.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6033", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-01T07:15:13.633", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:53:10.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,76 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "15.10", + "versionEndExcluding": "16.6.1", + "matchCriteriaId": "D7E9318B-8CA3-49D0-9359-4DB5CE76491F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.10", + "versionEndExcluding": "16.6.1", + "matchCriteriaId": "54546976-4D6A-40EC-B080-5C2CF88B14AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.4.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "E74DD7CD-128A-4584-9A20-0206F3275766" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.4.0", + "versionEndExcluding": "16.4.3", + "matchCriteriaId": "9403AA96-9680-4679-9C30-139C05FD328E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.5.0", + "versionEndExcluding": "16.5.3", + "matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431201", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2236039", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6288.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6288.json index 571f5310983..93784eeec62 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6288.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6288.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6288", "sourceIdentifier": "security@devolutions.net", "published": "2023-12-06T14:15:07.677", - "lastModified": "2023-12-06T14:15:07.677", - "vulnStatus": "Received", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6342.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6342.json index 752f7399d1a..3718404445c 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6342.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6342.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6342", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2023-11-30T18:15:08.380", - "lastModified": "2023-11-30T21:15:09.000", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:19:36.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and \n'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable \"pay for print\" feature was removed on or around 2023-11-01." + }, + { + "lang": "es", + "value": "Tyler Technologies Court Case Management Plus permite a un atacante remoto autenticarse como cualquier usuario manipulando al menos los par\u00e1metros 'CmWebSearchPfp/Login.aspx?xyzldk=' y 'payforprint_CM/Redirector.ashx?userid='. La funci\u00f3n vulnerable \"pagar por imprimir\" se elimin\u00f3 el 1 de noviembre de 2023 o alrededor de esa fecha." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -46,22 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6343.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6343.json index 6db9e0c0c25..ca7739231a1 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6343.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6343.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6343", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2023-11-30T18:15:08.573", - "lastModified": "2023-11-30T21:15:09.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:19:15.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n\n\n" + }, + { + "lang": "es", + "value": "Tyler Technologies Court Case Management Plus permite a un atacante remoto no autenticado enumerar y acceder a archivos confidenciales utilizando los par\u00e1metros tiffserver/tssp.aspx 'FN' y 'PN'. Este comportamiento est\u00e1 relacionado con el uso de una versi\u00f3n obsoleta de Aquaforest TIFF Server, posiblemente 2.x. La funci\u00f3n vulnerable del servidor TIFF de Aquaforest se elimin\u00f3 el 1 de noviembre de 2023 o alrededor de esa fecha. Los problemas de configuraci\u00f3n insegura en Aquaforest TIFF Server se identifican por separado como CVE-2023-6352. CVE-2023-6343 es similar a CVE-2020-9323. CVE-2023-6343 est\u00e1 relacionado o parcialmente causado por CVE-2023-6352." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -46,30 +80,67 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] }, { "url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.aquaforest.com/blog/tiff-server-security-update", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6344.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6344.json index 6fcfb07ecc8..a3e19cc4cec 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6344.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6344.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6344", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2023-11-30T18:15:08.767", - "lastModified": "2023-11-30T21:15:09.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:18:18.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n" + }, + { + "lang": "es", + "value": "Tyler Technologies Court Case Management Plus permite a un atacante remoto no autenticado enumerar directorios utilizando el par\u00e1metro tiffserver/te003.aspx o te004.aspx 'ifolder'. Este comportamiento est\u00e1 relacionado con el uso de una versi\u00f3n obsoleta de Aquaforest TIFF Server, posiblemente 2.x. La funci\u00f3n vulnerable del servidor TIFF de Aquaforest se elimin\u00f3 el 1 de noviembre de 2023 o alrededor de esa fecha. Los problemas de configuraci\u00f3n insegura en Aquaforest TIFF Server se identifican por separado como CVE-2023-6352. CVE-2023-6343 est\u00e1 relacionado o parcialmente causado por CVE-2023-6352." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -46,30 +80,67 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] }, { "url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.aquaforest.com/blog/tiff-server-security-update", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6353.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6353.json index 443bbde7fbd..b758aab51c1 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6353.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6353.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6353", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2023-11-30T18:15:09.147", - "lastModified": "2023-11-30T21:15:09.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:18:09.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.\n\n\n\n" + }, + { + "lang": "es", + "value": "Tyler Technologies Civil and Criminal Electronic Filing permite que un atacante remoto no autenticado cargue, elimine y vea archivos manipulando el par\u00e1metro Upload.aspx 'enky'." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -46,22 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6354.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6354.json index 56b3683cad4..e3baea88076 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6354.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6354.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6354", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2023-11-30T18:15:09.333", - "lastModified": "2023-11-30T21:15:09.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T18:18:01.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.\n\n\n" + }, + { + "lang": "es", + "value": "Tyler Technologies Magistrate Court Case Management Plus permite a un atacante remoto no autenticado cargar, eliminar y ver archivos manipulando el par\u00e1metro 'nombre de archivo' PDFViewer.aspx." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -46,22 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json index c16861304be..6e75a9e99cf 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6375.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6375", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2023-11-30T18:15:09.523", - "lastModified": "2023-11-30T21:15:09.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:11:21.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.\n\n\n" + }, + { + "lang": "es", + "value": "Tyler Technologies Court Case Management Plus puede almacenar copias de seguridad en una ubicaci\u00f3n a la que pueda acceder un atacante remoto no autenticado. Las copias de seguridad pueden contener informaci\u00f3n confidencial, como credenciales de bases de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", @@ -46,22 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice", - "source": "9119a7d8-5eab-497f-8521-727c672e3725" + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6393.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6393.json new file mode 100644 index 00000000000..fbd6b77c6bd --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6393.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6393", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-06T17:15:07.377", + "lastModified": "2023-12-06T18:49:19.267", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial \"completion\" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6393", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253113", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6439.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6439.json index 259e96371df..65635ed82d2 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6439.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6439.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6439", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-30T20:15:07.027", - "lastModified": "2023-12-01T02:28:42.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-06T17:10:16.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en ZenTao PMS 18.8 y clasificada como problem\u00e1tica. Una funcionalidad desconocida es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-246439." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easycorp:zentao:18.8:*:*:*:*:*:*:*", + "matchCriteriaId": "16FF4A74-229E-4592-87A9-DADF11B5622A" + } + ] + } + ] + } + ], "references": [ { "url": "https://1drv.ms/w/s!AgMfVZkPO1NWgR2_sUsSJF67lvbG?e=SStrt5", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.246439", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.246439", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 60196a34417..110e4110114 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-06T17:00:58.971340+00:00 +2023-12-06T19:00:18.767547+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-06T16:55:22.653000+00:00 +2023-12-06T18:59:59.893000+00:00 ``` ### Last Data Feed Release @@ -29,38 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232415 +232418 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `3` -* [CVE-2023-48859](CVE-2023/CVE-2023-488xx/CVE-2023-48859.json) (`2023-12-06T15:15:06.967`) -* [CVE-2023-36655](CVE-2023/CVE-2023-366xx/CVE-2023-36655.json) (`2023-12-06T16:15:07.047`) -* [CVE-2023-39538](CVE-2023/CVE-2023-395xx/CVE-2023-39538.json) (`2023-12-06T16:15:07.277`) -* [CVE-2023-39539](CVE-2023/CVE-2023-395xx/CVE-2023-39539.json) (`2023-12-06T16:15:07.510`) +* [CVE-2023-39326](CVE-2023/CVE-2023-393xx/CVE-2023-39326.json) (`2023-12-06T17:15:07.147`) +* [CVE-2023-45285](CVE-2023/CVE-2023-452xx/CVE-2023-45285.json) (`2023-12-06T17:15:07.320`) +* [CVE-2023-6393](CVE-2023/CVE-2023-63xx/CVE-2023-6393.json) (`2023-12-06T17:15:07.377`) ### CVEs modified in the last Commit -Recently modified CVEs: `15` +Recently modified CVEs: `66` -* [CVE-2023-6298](CVE-2023/CVE-2023-62xx/CVE-2023-6298.json) (`2023-12-06T15:15:07.027`) -* [CVE-2023-39166](CVE-2023/CVE-2023-391xx/CVE-2023-39166.json) (`2023-12-06T15:15:36.487`) -* [CVE-2023-32123](CVE-2023/CVE-2023-321xx/CVE-2023-32123.json) (`2023-12-06T15:15:43.370`) -* [CVE-2023-31230](CVE-2023/CVE-2023-312xx/CVE-2023-31230.json) (`2023-12-06T15:15:51.843`) -* [CVE-2023-47870](CVE-2023/CVE-2023-478xx/CVE-2023-47870.json) (`2023-12-06T15:21:19.540`) -* [CVE-2023-22523](CVE-2023/CVE-2023-225xx/CVE-2023-22523.json) (`2023-12-06T16:15:06.897`) -* [CVE-2023-22524](CVE-2023/CVE-2023-225xx/CVE-2023-22524.json) (`2023-12-06T16:15:06.983`) -* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-06T16:15:07.100`) -* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-12-06T16:15:07.687`) -* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-06T16:27:43.533`) -* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-06T16:28:18.557`) -* [CVE-2023-39226](CVE-2023/CVE-2023-392xx/CVE-2023-39226.json) (`2023-12-06T16:45:39.013`) -* [CVE-2023-6442](CVE-2023/CVE-2023-64xx/CVE-2023-6442.json) (`2023-12-06T16:53:05.960`) -* [CVE-2023-6440](CVE-2023/CVE-2023-64xx/CVE-2023-6440.json) (`2023-12-06T16:54:08.450`) -* [CVE-2023-47454](CVE-2023/CVE-2023-474xx/CVE-2023-47454.json) (`2023-12-06T16:55:22.653`) +* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-12-06T18:47:43.140`) +* [CVE-2023-48894](CVE-2023/CVE-2023-488xx/CVE-2023-48894.json) (`2023-12-06T18:48:22.700`) +* [CVE-2023-47207](CVE-2023/CVE-2023-472xx/CVE-2023-47207.json) (`2023-12-06T18:48:48.427`) +* [CVE-2023-46690](CVE-2023/CVE-2023-466xx/CVE-2023-46690.json) (`2023-12-06T18:49:11.797`) +* [CVE-2023-32268](CVE-2023/CVE-2023-322xx/CVE-2023-32268.json) (`2023-12-06T18:49:19.267`) +* [CVE-2023-6288](CVE-2023/CVE-2023-62xx/CVE-2023-6288.json) (`2023-12-06T18:49:19.267`) +* [CVE-2023-48859](CVE-2023/CVE-2023-488xx/CVE-2023-48859.json) (`2023-12-06T18:49:19.267`) +* [CVE-2023-36655](CVE-2023/CVE-2023-366xx/CVE-2023-36655.json) (`2023-12-06T18:49:19.267`) +* [CVE-2023-39538](CVE-2023/CVE-2023-395xx/CVE-2023-39538.json) (`2023-12-06T18:49:19.267`) +* [CVE-2023-39539](CVE-2023/CVE-2023-395xx/CVE-2023-39539.json) (`2023-12-06T18:49:19.267`) +* [CVE-2023-26024](CVE-2023/CVE-2023-260xx/CVE-2023-26024.json) (`2023-12-06T18:51:10.323`) +* [CVE-2023-5995](CVE-2023/CVE-2023-59xx/CVE-2023-5995.json) (`2023-12-06T18:52:42.327`) +* [CVE-2023-42006](CVE-2023/CVE-2023-420xx/CVE-2023-42006.json) (`2023-12-06T18:52:49.500`) +* [CVE-2023-6033](CVE-2023/CVE-2023-60xx/CVE-2023-6033.json) (`2023-12-06T18:53:10.447`) +* [CVE-2023-48893](CVE-2023/CVE-2023-488xx/CVE-2023-48893.json) (`2023-12-06T18:53:44.693`) +* [CVE-2023-48813](CVE-2023/CVE-2023-488xx/CVE-2023-48813.json) (`2023-12-06T18:53:57.517`) +* [CVE-2023-48842](CVE-2023/CVE-2023-488xx/CVE-2023-48842.json) (`2023-12-06T18:54:07.467`) +* [CVE-2023-4518](CVE-2023/CVE-2023-45xx/CVE-2023-4518.json) (`2023-12-06T18:55:10.680`) +* [CVE-2023-5226](CVE-2023/CVE-2023-52xx/CVE-2023-5226.json) (`2023-12-06T18:57:33.787`) +* [CVE-2023-49371](CVE-2023/CVE-2023-493xx/CVE-2023-49371.json) (`2023-12-06T18:58:20.680`) +* [CVE-2023-45168](CVE-2023/CVE-2023-451xx/CVE-2023-45168.json) (`2023-12-06T18:58:31.920`) +* [CVE-2023-5637](CVE-2023/CVE-2023-56xx/CVE-2023-5637.json) (`2023-12-06T18:59:08.660`) +* [CVE-2023-5636](CVE-2023/CVE-2023-56xx/CVE-2023-5636.json) (`2023-12-06T18:59:28.783`) +* [CVE-2023-5635](CVE-2023/CVE-2023-56xx/CVE-2023-5635.json) (`2023-12-06T18:59:51.757`) +* [CVE-2023-5634](CVE-2023/CVE-2023-56xx/CVE-2023-5634.json) (`2023-12-06T18:59:59.893`) ## Download and Usage