admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-19T15:00:24.751708+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-19 15:00:28 +00:00
parent cb456efc8b
commit 2656f1929f
96 changed files with 2294 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2014/CVE-2014-1251xx/CVE-2014-125107.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2014-125107",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-19T03:15:07.433",
"lastModified": "2023-12-19T03:15:07.433",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Corveda PHPSandbox 1.3.4 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente String Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n provoca el fallo del mecanismo de protecci\u00f3n. El ataque puede lanzarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.3.5 puede solucionar este problema. El parche se identifica como 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. Se recomienda actualizar el componente afectado. VDB-248270 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2019/CVE-2019-251xx/CVE-2019-25157.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2019-25157",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-19T03:15:07.693",
"lastModified": "2023-12-19T03:15:07.693",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Ethex Contracts. Ha sido clasificada como cr\u00edtica. Una parte desconocida del archivo EthexJackpot.sol del componente Monthly Jackpot Handler afecta a una parte desconocida. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es posible iniciar el ataque de forma remota. Este producto no utiliza versiones. Esta es la raz\u00f3n por la que la informaci\u00f3n sobre las versiones afectadas y no afectadas no est\u00e1 disponible. El parche se llama 6b8664b698d3d953e16c284fadc6caeb9e58e3db. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-248271."
}
],
"metrics": {

92
CVE-2019/CVE-2019-251xx/CVE-2019-25158.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2019-25158",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-19T13:15:43.133",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/pedroetb/tts-api/commit/29d9c25415911ea2f8b6de247cb5c4607d13d434",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/pedroetb/tts-api/releases/tag/v2.2.0",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.248278",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.248278",
"source": "cna@vuldb.com"
}
]
}

8
CVE-2022/CVE-2022-458xx/CVE-2022-45809.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-45809",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.130",
"lastModified": "2023-12-19T00:15:07.130",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de Time-of-check Time-of-use (TOCTOU) en Ricard Torres Thumbs Rating. Este problema afecta a Thumbs Rating: desde n/a hasta 5.0.0."
}
],
"metrics": {

4
CVE-2023/CVE-2023-224xx/CVE-2023-22439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22439",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:07.807",
"lastModified": "2023-12-18T22:15:07.807",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-235xx/CVE-2023-23570.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23570",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.020",
"lastModified": "2023-12-18T22:15:08.020",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-235xx/CVE-2023-23576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23576",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.210",
"lastModified": "2023-12-18T22:15:08.210",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-235xx/CVE-2023-23584.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23584",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.407",
"lastModified": "2023-12-18T22:15:08.407",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-245xx/CVE-2023-24590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24590",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.577",
"lastModified": "2023-12-18T22:15:08.577",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-333xx/CVE-2023-33331.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33331",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:07.520",
"lastModified": "2023-12-18T23:15:07.520",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en WooCommerce Product Vendors permite la inyecci\u00f3n SQL. Este problema afecta a Product Vendors: desde n/a hasta 2.1.76."
}
],
"metrics": {

8
CVE-2023/CVE-2023-341xx/CVE-2023-34168.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34168",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:07.743",
"lastModified": "2023-12-18T23:15:07.743",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Alex Raven WP Report Post permite la inyecci\u00f3n SQL. Este problema afecta a WP Report Post: desde n/a hasta 2.1.2."
}
],
"metrics": {

4
CVE-2023/CVE-2023-406xx/CVE-2023-40691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40691",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-18T21:15:08.087",
"lastModified": "2023-12-18T21:15:08.087",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-419xx/CVE-2023-41967.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41967",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.770",
"lastModified": "2023-12-18T22:15:08.770",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-420xx/CVE-2023-42015.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42015",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-19T03:15:07.950",
"lastModified": "2023-12-19T03:15:07.950",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyecci\u00f3n de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial. ID de IBM X-Force: 265512."
}
],
"metrics": {

8
CVE-2023/CVE-2023-449xx/CVE-2023-44982.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44982",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T01:15:11.477",
"lastModified": "2023-12-19T01:15:11.477",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial en una vulnerabilidad de actor no autorizado en Jordy Meow Perfect Images (administrar tama\u00f1os de imagen, miniaturas, reemplazar, Retina). Este problema afecta a Perfect Images (administrar tama\u00f1os de imagen, miniaturas, reemplazar, Retina): desde n/a hasta 6.4. 5."
}
],
"metrics": {

4
CVE-2023/CVE-2023-461xx/CVE-2023-46104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46104",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:07.517",
"lastModified": "2023-12-19T10:15:07.517",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-461xx/CVE-2023-46154.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46154",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.360",
"lastModified": "2023-12-19T00:15:07.360",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool for WordPress.This issue affects E2Pdf \u2013 Export To Pdf Tool for WordPress: from n/a through 1.20.18.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool para WordPress. Este problema afecta a E2Pdf \u2013 Export To Pdf Tool para WordPress: desde n/a hasta 1.20.18."
}
],
"metrics": {

8
CVE-2023/CVE-2023-462xx/CVE-2023-46212.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46212",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.563",
"lastModified": "2023-12-19T00:15:07.563",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.\n\n"
},
{
"lang": "es",
"value": "Autorizaci\u00f3n faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en TienCOP WP EXtra permite acceder a la funcionalidad no restringida adecuadamente por las ACL, Cross-Site Request Forgery. Este problema afecta a WP EXtra: desde n/a hasta 6.2."
}
],
"metrics": {

4
CVE-2023/CVE-2023-466xx/CVE-2023-46686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46686",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.967",
"lastModified": "2023-12-18T22:15:08.967",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-475xx/CVE-2023-47506.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47506",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:07.933",
"lastModified": "2023-12-18T23:15:07.933",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Master slider Master Slider Pro permite la inyecci\u00f3n de SQL. Este problema afecta a Master Slider Pro: desde n/a hasta 3.6.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-475xx/CVE-2023-47530.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47530",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.133",
"lastModified": "2023-12-18T23:15:08.133",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs permite la inyecci\u00f3n de SQL. Este problema afecta a Redirect 404 Error Page to Homepage or Custom Page with Logs: de n/a hasta 1.8.7."
}
],
"metrics": {

8
CVE-2023/CVE-2023-475xx/CVE-2023-47558.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47558",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.320",
"lastModified": "2023-12-18T23:15:08.320",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page \u2013 Hit Counter allows SQL Injection.This issue affects Who Hit The Page \u2013 Hit Counter: from n/a through 1.4.14.3.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Mahlamusa Who Hit The Page \u2013 Hit Counter permite la inyecci\u00f3n SQL. Este problema afecta a Who Hit The Page \u2013 Hit Counter: desde n/a hasta 1.4.14.3."
}
],
"metrics": {

69
CVE-2023/CVE-2023-476xx/CVE-2023-47619.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47619",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T21:15:07.417",
"lastModified": "2023-12-13T21:25:53.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T14:45:12.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available."
},
{
"lang": "es",
"value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. En las versiones 2.4.3 y anteriores, los usuarios con permiso de actualizaci\u00f3n pueden leer archivos arbitrarios, eliminar archivos arbitrarios y enviar una solicitud GET a URL arbitrarias y leer la respuesta. Este problema puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Al momento de la publicaci\u00f3n, no hay parches disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +84,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.3",
"matchCriteriaId": "19C6C925-7C95-4BEA-8457-E1C2A4BA6526"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-477xx/CVE-2023-47754.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47754",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.767",
"lastModified": "2023-12-19T00:15:07.767",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en los complementos de Clever. Eliminar publicaciones duplicadas permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta la eliminaci\u00f3n de publicaciones duplicadas: desde n/a hasta 4.8.9."
}
],
"metrics": {

73
CVE-2023/CVE-2023-486xx/CVE-2023-48663.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48663",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.433",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T14:33:48.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n"
},
{
"lang": "es",
"value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de inyecci\u00f3n de comandos. Un usuario malicioso remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad y llevar a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.5",
"matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.7",
"matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*",
"matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

184
CVE-2023/CVE-2023-486xx/CVE-2023-48676.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-48676",
"sourceIdentifier": "security@acronis.com",
"published": "2023-12-14T14:15:43.673",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T14:20:14.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilaci\u00f3n 36943."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,152 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update12:*:*:*:*:*:*",
"matchCriteriaId": "F13C19F5-D246-49B8-AC50-A2A33E42A4B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update3:*:*:*:*:*:*",
"matchCriteriaId": "25A39B45-AD7A-4466-9025-98F086FF7369"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update6:*:*:*:*:*:*",
"matchCriteriaId": "1F4887BE-8A9D-4FDA-8D61-240013F27CEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update7:*:*:*:*:*:*",
"matchCriteriaId": "BF1F6E6A-7209-4A3F-BD91-5B7EF913A527"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update10:*:*:*:*:*:*",
"matchCriteriaId": "58A27C80-FEF3-4A82-9C72-31EC236F7B18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update11:*:*:*:*:*:*",
"matchCriteriaId": "AA46A5D1-48CD-4CAC-B7BB-66E96C60B058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update2:*:*:*:*:*:*",
"matchCriteriaId": "9B2A46DB-EAE5-4AB0-B951-C4F7F2B72C33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update3:*:*:*:*:*:*",
"matchCriteriaId": "7A68AB88-B3F3-4028-A94F-FBB7F2511130"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update5:*:*:*:*:*:*",
"matchCriteriaId": "8CBFA456-3981-49D9-BD67-1BF5967EBFE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update7:*:*:*:*:*:*",
"matchCriteriaId": "71751A99-144B-41E3-BAEC-9650D8333C40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update8:*:*:*:*:*:*",
"matchCriteriaId": "642A5273-93FF-4B02-9519-A0CB586C5878"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update9:*:*:*:*:*:*",
"matchCriteriaId": "11536779-137C-4031-8AA2-EE7CF807230E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:uddate1:*:*:*:*:*:*",
"matchCriteriaId": "DE302081-7B9F-4A84-88E5-FBE71F036F3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update10:*:*:*:*:*:*",
"matchCriteriaId": "252FD2AD-DC8B-44FD-AF1A-AD836CF2453A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update11:*:*:*:*:*:*",
"matchCriteriaId": "2B45ABA8-8404-468A-B9C1-8F239D213317"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update12:*:*:*:*:*:*",
"matchCriteriaId": "709E6874-59DA-491D-A0EE-1FCC230C6D61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update2:*:*:*:*:*:*",
"matchCriteriaId": "524F2ED8-CA74-4C84-9A4D-626111E0C090"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update3:*:*:*:*:*:*",
"matchCriteriaId": "F0DDE287-33E4-4A0D-AD16-9D6239DEF809"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update5:*:*:*:*:*:*",
"matchCriteriaId": "E94AE028-4F33-4507-AE62-FB83046A7C2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update6:*:*:*:*:*:*",
"matchCriteriaId": "261677B5-2A5C-4FE7-A277-CC0268B308D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update7:*:*:*:*:*:*",
"matchCriteriaId": "6B675BDA-8979-403B-9281-42E92C88BE9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update8:*:*:*:*:*:*",
"matchCriteriaId": "D385D293-542B-414C-A344-3B6871D8E11B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update9:*:*:*:*:*:*",
"matchCriteriaId": "5830C1E7-CA7E-41E3-B556-3F006E8433DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5905",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-487xx/CVE-2023-48751.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48751",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.977",
"lastModified": "2023-12-19T00:15:07.977",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.\n\n"
},
{
"lang": "es",
"value": "Autorizaci\u00f3n faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en Roland Barker, xnau webdesign La base de datos de participantes permite acceder a la funcionalidad no restringida adecuadamente por las ACL, Cross-Site Request Forgery. Este problema afecta a la base de datos de participantes: desde n/a hasta 2.5.5."
}
],
"metrics": {

4
CVE-2023/CVE-2023-487xx/CVE-2023-48768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.143",
"lastModified": "2023-12-18T22:15:09.143",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48769",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.337",
"lastModified": "2023-12-18T22:15:09.337",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.570",
"lastModified": "2023-12-18T22:15:09.570",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.757",
"lastModified": "2023-12-18T22:15:09.757",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48778.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48778",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.960",
"lastModified": "2023-12-18T22:15:09.960",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48781",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:10.150",
"lastModified": "2023-12-18T22:15:10.150",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-490xx/CVE-2023-49006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49006",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T10:15:07.883",
"lastModified": "2023-12-19T10:15:07.883",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-491xx/CVE-2023-49148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49148",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:10.347",
"lastModified": "2023-12-18T22:15:10.347",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-491xx/CVE-2023-49153.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49153",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.503",
"lastModified": "2023-12-18T23:15:08.503",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon. Este problema afecta a Add to Cart Text Changer and Customize Button, Add Custom Icon: desde n/a hasta 2.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-491xx/CVE-2023-49155.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49155",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.697",
"lastModified": "2023-12-18T23:15:08.697",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator \u2013 easily Button Builder.This issue affects Button Generator \u2013 easily Button Builder: from n/a through 2.3.8.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Wow-Company Button Generator \u2013 easily Button Builder. Este problema afecta a Button Generator \u2013 easily Button Builder: desde n/a hasta 2.3.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-491xx/CVE-2023-49163.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49163",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.893",
"lastModified": "2023-12-18T23:15:08.893",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Michael Winkler TeachPress. Este problema afecta a TeachPress: desde n/a hasta 9.0.5."
}
],
"metrics": {

51
CVE-2023/CVE-2023-491xx/CVE-2023-49165.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49165",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T14:15:15.240",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:33:38.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Real Big Plugins Client Dash permite almacenar XSS. Este problema afecta a Client Dash: desde n/a hasta 2.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realbigplugins:client_dash:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "10CA619E-E40F-481A-A014-1265D45F7F7D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/client-dash/wordpress-client-dash-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49169.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49169",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:07.683",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:29:39.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en datafeedr.Com Ads by datafeedr.Com permite almacenar XSS. Este problema afecta a Ads by datafeedr.Com: desde n/a hasta 1.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:datafeedr:ads_by_datafeedr.com:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.0",
"matchCriteriaId": "FE79A6A2-D068-4772-B796-D439676B41BE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ads-by-datafeedrcom/wordpress-ads-by-datafeedr-com-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49170.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49170",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:07.890",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:24:14.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm \u2013 Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm \u2013 Form Builder for WordPress: from n/a through 2.5.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en captainform Forms by CaptainForm \u2013 Form Builder for WordPress permite XSS Reflejado. Este problema afecta a Forms by CaptainForm \u2013 Form Builder for WordPress: desde n/a hasta 2.5. 3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:captainform:captainform:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.3",
"matchCriteriaId": "4214A13C-FD04-4B38-86DE-9B7EFEC7609E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/captainform/wordpress-forms-by-captainform-form-builder-for-wordpress-plugin-2-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-494xx/CVE-2023-49489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49489",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T10:15:07.943",
"lastModified": "2023-12-19T10:15:07.943",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2023/CVE-2023-495xx/CVE-2023-49577.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49577",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.073",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T14:50:18.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,14 +70,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:human_capital_management:s4hcmcie_100:*:*:*:*:*:*:*",
"matchCriteriaId": "19485855-D7CB-4190-8CEE-354E1B11420C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:human_capital_management:sap_hrcie_600:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE8FC1E-86C2-41E7-8583-F9264DABF44D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:human_capital_management:sap_hrcie_604:*:*:*:*:*:*:*",
"matchCriteriaId": "E85CE99F-0271-4231-A420-32A97DF11136"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:human_capital_management:sap_hrcie_608:*:*:*:*:*:*:*",
"matchCriteriaId": "01D0A361-2D23-4D38-BC50-B2CC1FAEBCCA"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3217087",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-495xx/CVE-2023-49580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49580",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.493",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T14:50:39.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,14 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_755:*:*:*:*:java:*:*",
"matchCriteriaId": "8EBAA05C-1F1F-4E9F-9C8D-29C36EFDE881"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_755:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0579FD0-7554-4D30-A008-D82BC9C6CF5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_756:*:*:*:*:java:*:*",
"matchCriteriaId": "DC977BEE-6871-4F48-9E67-C40584E2D972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_756:*:*:*:*:windows:*:*",
"matchCriteriaId": "A988B074-0D2A-4E8D-8686-2ECF3C2A8413"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_757:*:*:*:*:java:*:*",
"matchCriteriaId": "CE27330C-BA2C-4477-B2CE-1FB948DC364E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_757:*:*:*:*:windows:*:*",
"matchCriteriaId": "AB781ECB-F468-43B5-9E0B-6F22AFBD72B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_758:*:*:*:*:java:*:*",
"matchCriteriaId": "BF01ABB2-2208-4BEB-9BE3-1A9966A52409"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:graphical_user_interface:sap_basis_758:*:*:*:*:windows:*:*",
"matchCriteriaId": "B1BF3850-07A2-4E4D-A033-9EA9859A1C98"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3385711",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-497xx/CVE-2023-49734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49734",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:08.007",
"lastModified": "2023-12-19T10:15:08.007",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-497xx/CVE-2023-49736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49736",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:08.323",
"lastModified": "2023-12-19T10:15:08.323",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-497xx/CVE-2023-49759.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49759",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.083",
"lastModified": "2023-12-18T23:15:09.083",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz \u2013 WooCommerce Comments.This issue affects WooDiscuz \u2013 WooCommerce Comments: from n/a through 2.3.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) engVectors Team WooDiscuz \u2013 WooCommerce Comments. Este problema afecta a WooDiscuz \u2013 WooCommerce Comments: desde n/a hasta 2.3.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-497xx/CVE-2023-49760.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49760",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.263",
"lastModified": "2023-12-18T23:15:09.263",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Giannopoulos Kostas WPsoonOnlinePage. Este problema afecta a WPsoonOnlinePage: desde n/a hasta 1.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-497xx/CVE-2023-49761.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49761",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.447",
"lastModified": "2023-12-18T23:15:09.447",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Gravity Master Product Inquiry para WooCommerce. Este problema afecta a Product Inquiry para WooCommerce: desde n/a hasta 3.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-497xx/CVE-2023-49763.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49763",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.630",
"lastModified": "2023-12-18T23:15:09.630",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through 1.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Creatomatic Ltd CSprite. Este problema afecta a CSprite: desde n/a hasta 1.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-498xx/CVE-2023-49819.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49819",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:08.270",
"lastModified": "2023-12-19T00:15:08.270",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc. Este problema afecta el contenido estructurado (JSON-LD) #wpsc: desde n/a hasta 1.5.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-498xx/CVE-2023-49821.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49821",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.833",
"lastModified": "2023-12-18T23:15:09.833",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat \u2013 WP live chat plugin for WordPress.This issue affects LiveChat \u2013 WP live chat plugin for WordPress: from n/a through 4.5.15.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en LiveChat LiveChat \u2013 WP live chat plugin for WordPress. Este problema afecta a LiveChat \u2013 WP live chat plugin for WordPress: desde n/a hasta 4.5.15."
}
],
"metrics": {

69
CVE-2023/CVE-2023-500xx/CVE-2023-50011.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-50011",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T15:15:10.207",
"lastModified": "2023-12-14T15:20:34.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:49:18.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field."
},
{
"lang": "es",
"value": "PopojiCMS versi\u00f3n 2.0.1 es vulnerable a la ejecuci\u00f3n remota de comandos en el campo Meta Social."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:popojicms:popojicms:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2215DA94-615C-4B2C-BCC4-4497C233208C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/175924/PopojiCMS-2.0.1-Remote-Command-Execution.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

8
CVE-2023/CVE-2023-503xx/CVE-2023-50376.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50376",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T09:15:36.343",
"lastModified": "2023-12-19T09:15:36.343",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross site scripting') en smp7, wp.Insider Simple Membership permite XSS reflejado. Este problema afecta a Simple Membership: desde n/a hasta 4.3.8."
}
],
"metrics": {

24
CVE-2023/CVE-2023-507xx/CVE-2023-50761.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50761",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.033",
"lastModified": "2023-12-19T14:49:52.980",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865647",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-507xx/CVE-2023-50762.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50762",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.093",
"lastModified": "2023-12-19T14:49:52.980",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1862625",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
}
]
}

8
CVE-2023/CVE-2023-54xx/CVE-2023-5413.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5413",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-19T03:15:08.243",
"lastModified": "2023-12-19T03:15:08.243",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Image horizontal reel scroll slideshow para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'ihrss-gallery' en versiones hasta la 13.3 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-54xx/CVE-2023-5432.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5432",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-19T04:15:07.440",
"lastModified": "2023-12-19T04:15:07.440",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Jquery news ticker para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del c\u00f3digo corto 'jquery-news-ticker' en versiones hasta la 3.1 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

24
CVE-2023/CVE-2023-61xx/CVE-2023-6135.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6135",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.143",
"lastModified": "2023-12-19T14:49:52.980",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1853908",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

8
CVE-2023/CVE-2023-63xx/CVE-2023-6314.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6314",
"sourceIdentifier": "product-security@gg.jp.panasonic.com",
"published": "2023-12-19T01:15:12.157",
"lastModified": "2023-12-19T01:15:12.157",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en FPWin Pro versi\u00f3n 7.7.0.0 y todas las versiones anteriores puede permitir a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de proyecto especialmente manipulado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-63xx/CVE-2023-6315.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6315",
"sourceIdentifier": "product-security@gg.jp.panasonic.com",
"published": "2023-12-19T01:15:12.310",
"lastModified": "2023-12-19T01:15:12.310",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lectura fuera de los l\u00edmites en FPWin Pro versi\u00f3n 7.7.0.0 y todas las versiones anteriores puede permitir a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de proyecto especialmente manipulado."
}
],
"metrics": {

4
CVE-2023/CVE-2023-63xx/CVE-2023-6355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6355",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:10.540",
"lastModified": "2023-12-18T22:15:10.540",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-64xx/CVE-2023-6448.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6448",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-12-05T18:15:12.643",
"lastModified": "2023-12-13T17:15:07.503",
"lastModified": "2023-12-19T14:15:07.183",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-11",
"cisaActionDue": "2023-12-18",
@ -438,6 +438,10 @@
}
],
"references": [
{
"url": "https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"

8
CVE-2023/CVE-2023-64xx/CVE-2023-6488.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6488",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-19T02:15:44.870",
"lastModified": "2023-12-19T02:15:44.870",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Shortcodes Plugin \u2014 Shortcodes Ultimate para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos 'su_button', 'su_members' y 'su_tabs' del complemento en todas las versiones hasta la 7.0.0 incluida debido a una sanitizaci\u00f3n insuficiente de las entradas y salida de escape en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

41
CVE-2023/CVE-2023-67xx/CVE-2023-6702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6702",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-14T22:15:44.387",
"lastModified": "2023-12-16T02:15:07.783",
"vulnStatus": "Modified",
"lastModified": "2023-12-19T14:44:04.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,6 +66,37 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.2210.77",
"matchCriteriaId": "2B485672-68D3-43BE-8C01-9DF7FBF6E4B1"
}
]
}
]
}
],
"references": [
@ -86,7 +117,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6730.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6730",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-19T13:15:43.380",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16",
"source": "security@huntr.dev"
}
]
}

60
CVE-2023/CVE-2023-67xx/CVE-2023-6775.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6775",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T21:15:09.793",
"lastModified": "2023-12-13T21:25:53.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T14:46:42.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247911."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en CodeAstro POS y Inventory Management System 1.0. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /item/item_con. La manipulaci\u00f3n del argumento item_name conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-247911."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeastro:pos_and_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "912BD54C-7528-49DD-9A65-3328BA873592"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/12llrfm5nmsbNexeyAroB6nL5yjqAYL8T?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.247911",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247911",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

183
CVE-2023/CVE-2023-68xx/CVE-2023-6836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6836",
"sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"published": "2023-12-15T10:15:09.407",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:52:56.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
@ -50,10 +80,157 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.0",
"matchCriteriaId": "80465515-637E-46D9-9F36-063B8549A539"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEAF56C-4583-40A6-826F-01AC86191AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04A2A50A-872E-4CC7-BBB7-3E0956176AAC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79CDDE83-4CB6-4DA3-8E96-FCDA4F5C1E93"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"matchCriteriaId": "16E39585-2B28-4631-A62F-27F17DC9AB4A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C016AEE9-7BF7-4BD8-913A-1BA02B2464CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5761F7-C287-4EC4-A899-C54FB4E80A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B184BFC-8E1A-4971-B6D2-C594742AB8CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA51AC1B-0BF6-44F6-B034-CAD4F623DD76"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E7D773-A7CE-4AB8-828B-C2E7DC2799AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA63B98-D4B4-4FCD-A869-FE64BC21A1B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA0050E-D5DD-45E5-9F61-DC1BB060EFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26542F95-73F3-4906-838E-A66F5DC9DFA5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:micro_integrator:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A690D484-8402-4D45-833D-373D1713FA49"
}
]
}
]
}
],
"references": [
{
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/",
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"tags": [
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-68xx/CVE-2023-6838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6838",
"sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"published": "2023-12-15T10:15:10.000",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:42:11.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
@ -50,10 +80,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1344FB79-0796-445C-A8F3-C03E995925D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E31E32CD-497E-4EF5-B3FC-8718EE06EDAD"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB34405-A2F1-461A-B51B-E103BB3680A1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F126CA-A2F9-44F4-968B-DF71765869E5"
}
]
}
]
}
],
"references": [
{
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1233/",
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"tags": [
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6856.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6856",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.313",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6857.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6857",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.377",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. \n*This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1796023",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6858.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6858",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.420",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826791",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6859.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6859",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.467",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840144",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6860.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6860",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.510",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854669",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6861.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6861",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.560",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864118",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2023/CVE-2023-68xx/CVE-2023-6862.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-6862",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.603",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6863.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6863",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.650",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868901",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-68xx/CVE-2023-6864.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6864",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.707",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736385%2C1810805%2C1846328%2C1856090%2C1858033%2C1858509%2C1862089%2C1862777%2C1864015",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2023/CVE-2023-68xx/CVE-2023-6865.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-6865",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.777",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864123",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6866.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6866",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.847",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1849037",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2023/CVE-2023-68xx/CVE-2023-6867.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-6867",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.933",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863863",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6868.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6868",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.983",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6869.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6869",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:08.040",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A `` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1799036",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6870.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6870",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:08.087",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. \n*This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823316",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6871.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6871",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:08.133",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1828334",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6872.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6872",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:08.180",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1849186",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6873.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6873",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:08.227",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855327%2C1862089%2C1862723",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
}
]
}

58
CVE-2023/CVE-2023-68xx/CVE-2023-6889.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6889",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-16T09:15:07.270",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:52:23.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n"
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.17",
"matchCriteriaId": "85E03A12-18B2-4BD1-AC03-9440332134B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-68xx/CVE-2023-6890.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6890",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-16T09:15:07.470",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T13:50:36.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n"
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.17",
"matchCriteriaId": "85E03A12-18B2-4BD1-AC03-9440332134B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-69xx/CVE-2023-6918.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6918",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-19T00:15:08.460",
"lastModified": "2023-12-19T00:15:08.460",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en la capa abstracta de implementaci\u00f3n de libssh para operaciones de resumen de mensajes (MD) implementadas por diferentes backends criptogr\u00e1ficos compatibles. Los valores de retorno de estos no se verificaron correctamente, lo que podr\u00eda causar fallas en situaciones de poca memoria, desreferencias NULL, fallas o uso de la memoria no inicializada como entrada para el KDF. En este caso, las claves que no coinciden resultar\u00e1n en fallas de descifrado/integridad, lo que terminar\u00e1 la conexi\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6927.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6927",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T23:15:10.027",
"lastModified": "2023-12-18T23:15:10.027",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Keycloak. Este problema puede permitir que un atacante robe c\u00f3digos de autorizaci\u00f3n o tokens de clientes usando un comod\u00edn en el modo de respuesta JARM \"form_post.jwt\" que podr\u00eda usarse para eludir el parche de seguridad implementado para abordar CVE-2023-6134."
}
],
"metrics": {

59
CVE-2023/CVE-2023-69xx/CVE-2023-6931.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6931",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-19T14:15:08.277",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b",
"source": "cve-coordination@google.com"
},
{
"url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b",
"source": "cve-coordination@google.com"
}
]
}

59
CVE-2023/CVE-2023-69xx/CVE-2023-6932.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6932",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-19T14:15:08.460",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1",
"source": "cve-coordination@google.com"
},
{
"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1",
"source": "cve-coordination@google.com"
}
]
}

8
CVE-2023/CVE-2023-69xx/CVE-2023-6940.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6940",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-19T02:15:45.050",
"lastModified": "2023-12-19T02:15:45.050",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system."
},
{
"lang": "es",
"value": "Con solo una interacci\u00f3n del usuario (descargar una configuraci\u00f3n maliciosa), los atacantes pueden obtener la ejecuci\u00f3n completa del comando en el sistema v\u00edctima."
}
],
"metrics": {

4
CVE-2023/CVE-2023-69xx/CVE-2023-6945.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6945",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-19T11:15:08.380",
"lastModified": "2023-12-19T11:15:08.380",
"vulnStatus": "Received",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-19T13:00:24.410198+00:00
2023-12-19T15:00:24.751708+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-19T11:15:08.380000+00:00
2023-12-19T14:50:39.843000+00:00
```
### Last Data Feed Release
@ -29,22 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233694
233719
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `25`
* [CVE-2023-6945](CVE-2023/CVE-2023-69xx/CVE-2023-6945.json) (`2023-12-19T11:15:08.380`)
* [CVE-2019-25158](CVE-2019/CVE-2019-251xx/CVE-2019-25158.json) (`2023-12-19T13:15:43.133`)
* [CVE-2023-6730](CVE-2023/CVE-2023-67xx/CVE-2023-6730.json) (`2023-12-19T13:15:43.380`)
* [CVE-2023-6856](CVE-2023/CVE-2023-68xx/CVE-2023-6856.json) (`2023-12-19T14:15:07.313`)
* [CVE-2023-6857](CVE-2023/CVE-2023-68xx/CVE-2023-6857.json) (`2023-12-19T14:15:07.377`)
* [CVE-2023-6858](CVE-2023/CVE-2023-68xx/CVE-2023-6858.json) (`2023-12-19T14:15:07.420`)
* [CVE-2023-6859](CVE-2023/CVE-2023-68xx/CVE-2023-6859.json) (`2023-12-19T14:15:07.467`)
* [CVE-2023-6860](CVE-2023/CVE-2023-68xx/CVE-2023-6860.json) (`2023-12-19T14:15:07.510`)
* [CVE-2023-6861](CVE-2023/CVE-2023-68xx/CVE-2023-6861.json) (`2023-12-19T14:15:07.560`)
* [CVE-2023-6862](CVE-2023/CVE-2023-68xx/CVE-2023-6862.json) (`2023-12-19T14:15:07.603`)
* [CVE-2023-6863](CVE-2023/CVE-2023-68xx/CVE-2023-6863.json) (`2023-12-19T14:15:07.650`)
* [CVE-2023-6864](CVE-2023/CVE-2023-68xx/CVE-2023-6864.json) (`2023-12-19T14:15:07.707`)
* [CVE-2023-6865](CVE-2023/CVE-2023-68xx/CVE-2023-6865.json) (`2023-12-19T14:15:07.777`)
* [CVE-2023-6866](CVE-2023/CVE-2023-68xx/CVE-2023-6866.json) (`2023-12-19T14:15:07.847`)
* [CVE-2023-6867](CVE-2023/CVE-2023-68xx/CVE-2023-6867.json) (`2023-12-19T14:15:07.933`)
* [CVE-2023-6868](CVE-2023/CVE-2023-68xx/CVE-2023-6868.json) (`2023-12-19T14:15:07.983`)
* [CVE-2023-6869](CVE-2023/CVE-2023-68xx/CVE-2023-6869.json) (`2023-12-19T14:15:08.040`)
* [CVE-2023-6870](CVE-2023/CVE-2023-68xx/CVE-2023-6870.json) (`2023-12-19T14:15:08.087`)
* [CVE-2023-6871](CVE-2023/CVE-2023-68xx/CVE-2023-6871.json) (`2023-12-19T14:15:08.133`)
* [CVE-2023-6872](CVE-2023/CVE-2023-68xx/CVE-2023-6872.json) (`2023-12-19T14:15:08.180`)
* [CVE-2023-6873](CVE-2023/CVE-2023-68xx/CVE-2023-6873.json) (`2023-12-19T14:15:08.227`)
* [CVE-2023-6931](CVE-2023/CVE-2023-69xx/CVE-2023-6931.json) (`2023-12-19T14:15:08.277`)
* [CVE-2023-6932](CVE-2023/CVE-2023-69xx/CVE-2023-6932.json) (`2023-12-19T14:15:08.460`)
* [CVE-2023-50761](CVE-2023/CVE-2023-507xx/CVE-2023-50761.json) (`2023-12-19T14:15:07.033`)
* [CVE-2023-50762](CVE-2023/CVE-2023-507xx/CVE-2023-50762.json) (`2023-12-19T14:15:07.093`)
* [CVE-2023-6135](CVE-2023/CVE-2023-61xx/CVE-2023-6135.json) (`2023-12-19T14:15:07.143`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `70`
* [CVE-2023-4154](CVE-2023/CVE-2023-41xx/CVE-2023-4154.json) (`2023-12-19T11:15:07.490`)
* [CVE-2023-5871](CVE-2023/CVE-2023-58xx/CVE-2023-5871.json) (`2023-12-19T11:15:08.223`)
* [CVE-2023-23576](CVE-2023/CVE-2023-235xx/CVE-2023-23576.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-23584](CVE-2023/CVE-2023-235xx/CVE-2023-23584.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-24590](CVE-2023/CVE-2023-245xx/CVE-2023-24590.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-41967](CVE-2023/CVE-2023-419xx/CVE-2023-41967.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-46686](CVE-2023/CVE-2023-466xx/CVE-2023-46686.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-48768](CVE-2023/CVE-2023-487xx/CVE-2023-48768.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-48769](CVE-2023/CVE-2023-487xx/CVE-2023-48769.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-48772](CVE-2023/CVE-2023-487xx/CVE-2023-48772.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-48773](CVE-2023/CVE-2023-487xx/CVE-2023-48773.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-48778](CVE-2023/CVE-2023-487xx/CVE-2023-48778.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-48781](CVE-2023/CVE-2023-487xx/CVE-2023-48781.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-6355](CVE-2023/CVE-2023-63xx/CVE-2023-6355.json) (`2023-12-19T13:42:29.533`)
* [CVE-2023-50011](CVE-2023/CVE-2023-500xx/CVE-2023-50011.json) (`2023-12-19T13:49:18.530`)
* [CVE-2023-6890](CVE-2023/CVE-2023-68xx/CVE-2023-6890.json) (`2023-12-19T13:50:36.190`)
* [CVE-2023-6889](CVE-2023/CVE-2023-68xx/CVE-2023-6889.json) (`2023-12-19T13:52:23.363`)
* [CVE-2023-6836](CVE-2023/CVE-2023-68xx/CVE-2023-6836.json) (`2023-12-19T13:52:56.807`)
* [CVE-2023-6448](CVE-2023/CVE-2023-64xx/CVE-2023-6448.json) (`2023-12-19T14:15:07.183`)
* [CVE-2023-48676](CVE-2023/CVE-2023-486xx/CVE-2023-48676.json) (`2023-12-19T14:20:14.047`)
* [CVE-2023-48663](CVE-2023/CVE-2023-486xx/CVE-2023-48663.json) (`2023-12-19T14:33:48.787`)
* [CVE-2023-6702](CVE-2023/CVE-2023-67xx/CVE-2023-6702.json) (`2023-12-19T14:44:04.613`)
* [CVE-2023-47619](CVE-2023/CVE-2023-476xx/CVE-2023-47619.json) (`2023-12-19T14:45:12.943`)
* [CVE-2023-6775](CVE-2023/CVE-2023-67xx/CVE-2023-6775.json) (`2023-12-19T14:46:42.323`)
* [CVE-2023-49577](CVE-2023/CVE-2023-495xx/CVE-2023-49577.json) (`2023-12-19T14:50:18.817`)
* [CVE-2023-49580](CVE-2023/CVE-2023-495xx/CVE-2023-49580.json) (`2023-12-19T14:50:39.843`)
## Download and Usage