admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-07T04:00:24.618738+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-07 04:00:28 +00:00
parent 68e15b4be8
commit 29621b3a55
24 changed files with 1550 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2023/CVE-2023-271xx/CVE-2023-27121.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-27121",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T19:15:10.063",
"lastModified": "2023-10-04T19:53:11.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T03:07:34.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente /framework/cron/action/humanize de Pleasant Solutions Pleasant Password Server v7.11.41.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro cronString."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pleasantsolutions:pleasant_password_server:7.11.41:*:*:*:*:*:*:*",
"matchCriteriaId": "08F94C1A-8D16-4F5D-9877-16ECEEF9F869"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://pleasantpasswords.com/download",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.nuget.org/packages/CronExpressionDescriptor/2.9.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

57
CVE-2023/CVE-2023-307xx/CVE-2023-30734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30734",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-10-04T04:15:13.127",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:56:32.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:health:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.24.3.007",
"matchCriteriaId": "A52F47BC-219F-411D-8D1F-609F18F8D9F2"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-324xx/CVE-2023-32485.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32485",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T19:15:11.163",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T03:19:10.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.\n\n"
},
{
"lang": "es",
"value": "El software Dell SmartFabric Storage versi\u00f3n 1.3 y anteriores contienen una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad y escalar privilegios hasta el nivel de administraci\u00f3n m\u00e1s alto. Esta es una vulnerabilidad de gravedad cr\u00edtica que afecta la autenticaci\u00f3n del usuario. Dell recomienda a los clientes actualizar lo antes posible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.0",
"matchCriteriaId": "EC3FF97B-064D-4894-89FB-22484AFD1335"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-396xx/CVE-2023-39651.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39651",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T22:15:10.417",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:55:26.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module \u201cTheme Volty CMS BrandList\u201d (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS BrandList para PrestaShop En el m\u00f3dulo \u201cTheme Volty CMS BrandList\u201d (tvcmsbrandlist) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_brandlist:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "4.0.1",
"matchCriteriaId": "151466AF-5B3C-45D4-9853-BF7226879E0B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmsbrandlist.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-412xx/CVE-2023-41244.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41244",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T14:15:11.057",
"lastModified": "2023-10-03T14:29:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:54:45.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <=\u00a01.0.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Buildfail Localize Remote Images en versiones &lt;= 1.0.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildfail:localize_remote_images:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.9",
"matchCriteriaId": "D4992F6C-85C0-4942-9EAB-5E2FCA94B99A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/localize-remote-images/wordpress-localize-remote-images-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-416xx/CVE-2023-41693.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41693",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T14:15:11.130",
"lastModified": "2023-10-03T14:29:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:54:55.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <=\u00a02.125 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento edward_plainview MyCryptoCheckout en versiones &lt;= 2.125."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plainviewplugins:mycryptocheckout:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.125",
"matchCriteriaId": "8CD8257A-812C-4286-8F43-EB7F0DBB4FBB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mycryptocheckout/wordpress-mycryptocheckout-plugin-2-125-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-428xx/CVE-2023-42824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42824",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-04T19:15:10.490",
"lastModified": "2023-10-06T06:15:11.740",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:10:55.283",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-10-05",
"cisaActionDue": "2023-10-26",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -18,19 +18,89 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.0.3 y iPadOS 17.0.3. Un atacante local podr\u00eda aumentar sus privilegios. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.6."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.3",
"matchCriteriaId": "71783128-A6C0-4F4F-B6CA-884BC24AD705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.3",
"matchCriteriaId": "332CB807-981B-4A6C-8B0F-E4119513098E"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/12",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://support.apple.com/en-us/HT213961",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213961",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-433xx/CVE-2023-43343.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-43343",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T22:15:12.237",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:50:46.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en opensolution Quick CMS v.6.7 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro Files - Description en el componente Pages Menu."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensolution:quick_cms:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B571ABB-F2E3-4C39-9560-74C3E9E98593"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43343-Quick-CMS-Stored-XSS---Pages-Files",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sromanhu/Quick-CMS-Stored-XSS---Pages-Files",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-438xx/CVE-2023-43877.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43877",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T22:15:09.937",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T03:11:45.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu."
},
{
"lang": "es",
"value": "Rite CMS 3.0 tiene m\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) que permiten a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en los campos de la p\u00e1gina de inicio en el men\u00fa Administraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ritecms:ritecms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5685F4C3-7F88-4548-98F0-93E731778DBE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/RiteCMS-Stored-XSS---Home",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-439xx/CVE-2023-43981.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43981",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T20:15:13.200",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:52:59.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Presto Changeo testsitecreator hasta 1.1.1 contiene una vulnerabilidad de deserializaci\u00f3n a trav\u00e9s del componente delete_excluded_folder.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presto-changeo:test_site_creator:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "1.1.1",
"matchCriteriaId": "244474A2-1738-4062-8805-A3B52C2ED923"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/03/testsitecreator.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-439xx/CVE-2023-43983.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43983",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T20:15:13.250",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:52:28.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Presto Changeo atributegrid hasta 2.0.3 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente disable_json.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presto-changeo:attribute_grid:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "4249DDAE-D4FD-4F80-81D6-59ED4F093006"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/03/attributegrid.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-440xx/CVE-2023-44024.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-44024",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T20:15:13.303",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T02:51:06.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en KnowBand Module One Page Checkout, Social Login &amp; Mailchimp (supercheckout) v.8.0.3 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada a la funci\u00f3n updateCheckoutBehaviour en el componente supercheckout.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:knowband:one_page_checkout\\,_social_login_\\&_mailchimp:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "8.0.3",
"matchCriteriaId": "07205CCA-89D6-4654-8344-971B4D54AEC6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/05/supercheckout.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44828.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.550",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:15:05.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro CurrentPassword en la funci\u00f3n CheckPasswdSettings. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/CheckPasswdSettings_CurrentPassword",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44829.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44829",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.610",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:15:25.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro AdminPassword en la funci\u00f3n SetDeviceSettings. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetDeviceSettings_AdminPassword",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44830.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44830",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.657",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:18:38.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro EndTime en la funci\u00f3n SetParentsControlInfo. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_EndTime",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44831.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.700",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:16:56.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro Type en la funci\u00f3n SetWLanRadioSettings. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_Type",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44832.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44832",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.753",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:15:46.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro MacAddress en la funci\u00f3n SetWanSettings. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWanSettings_MacAddress",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44833.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44833",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.807",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:17:11.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro GuardInt en la funci\u00f3n SetWLanRadioSettings. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_GuardInt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44834.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44834",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.863",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:17:41.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro StartTime en la funci\u00f3n SetParentsControlInfo. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_%20StartTime",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-448xx/CVE-2023-44835.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44835",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.917",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T03:17:27.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro Mac en la funci\u00f3n SetParentsControlInfo. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF303ADD-7BAC-4D2A-B644-D03B23F76DDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_Mac",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-45xx/CVE-2023-4504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4504",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-09-21T23:15:12.293",
"lastModified": "2023-09-30T20:15:10.257",
"vulnStatus": "Modified",
"lastModified": "2023-10-07T03:15:10.747",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -123,6 +123,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/",
"source": "cve@takeonme.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/",
"source": "cve@takeonme.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/",
"source": "cve@takeonme.org"

63
CVE-2023/CVE-2023-52xx/CVE-2023-5291.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5291",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-04T02:15:10.080",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-07T02:56:05.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Blog Filter para WordPress es vulnerable a los Cross-Site Scripting (XSS) a trav\u00e9s del shortcode 'AWL-BlogFilter' en versiones hasta la 1.5.3 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awplife:blog_filter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.3",
"matchCriteriaId": "7BF7BDE0-F2AD-4C59-8F81-7D7897E3B9A3"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/blog-filter/tags/1.5.3/blog-filter-output.php#L128",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2974261/blog-filter#file54",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-53xx/CVE-2023-5346.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-5346",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-10-05T18:15:13.270",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-07T03:18:22.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "La confusi\u00f3n de tipos en V8 de Google Chrome anterior a 117.0.5938.149 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del \"heap\" a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "117.0.5938.149",
"matchCriteriaId": "165A6008-1028-4FD5-AB29-E558E70ED0E4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1485829",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

36
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-07T02:00:26.303445+00:00
2023-10-07T04:00:24.618738+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-07T01:15:10.840000+00:00
2023-10-07T03:19:10.777000+00:00
```
### Last Data Feed Release
@ -34,19 +34,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `0`
* [CVE-2023-36123](CVE-2023/CVE-2023-361xx/CVE-2023-36123.json) (`2023-10-07T00:15:11.457`)
* [CVE-2023-5182](CVE-2023/CVE-2023-51xx/CVE-2023-5182.json) (`2023-10-07T00:15:11.597`)
* [CVE-2023-43615](CVE-2023/CVE-2023-436xx/CVE-2023-43615.json) (`2023-10-07T01:15:10.783`)
* [CVE-2023-45199](CVE-2023/CVE-2023-451xx/CVE-2023-45199.json) (`2023-10-07T01:15:10.840`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `23`
* [CVE-2023-45322](CVE-2023/CVE-2023-453xx/CVE-2023-45322.json) (`2023-10-07T00:15:11.530`)
* [CVE-2023-43343](CVE-2023/CVE-2023-433xx/CVE-2023-43343.json) (`2023-10-07T02:50:46.760`)
* [CVE-2023-44024](CVE-2023/CVE-2023-440xx/CVE-2023-44024.json) (`2023-10-07T02:51:06.240`)
* [CVE-2023-43983](CVE-2023/CVE-2023-439xx/CVE-2023-43983.json) (`2023-10-07T02:52:28.870`)
* [CVE-2023-43981](CVE-2023/CVE-2023-439xx/CVE-2023-43981.json) (`2023-10-07T02:52:59.353`)
* [CVE-2023-41244](CVE-2023/CVE-2023-412xx/CVE-2023-41244.json) (`2023-10-07T02:54:45.463`)
* [CVE-2023-41693](CVE-2023/CVE-2023-416xx/CVE-2023-41693.json) (`2023-10-07T02:54:55.387`)
* [CVE-2023-39651](CVE-2023/CVE-2023-396xx/CVE-2023-39651.json) (`2023-10-07T02:55:26.180`)
* [CVE-2023-5291](CVE-2023/CVE-2023-52xx/CVE-2023-5291.json) (`2023-10-07T02:56:05.827`)
* [CVE-2023-30734](CVE-2023/CVE-2023-307xx/CVE-2023-30734.json) (`2023-10-07T02:56:32.723`)
* [CVE-2023-27121](CVE-2023/CVE-2023-271xx/CVE-2023-27121.json) (`2023-10-07T03:07:34.393`)
* [CVE-2023-42824](CVE-2023/CVE-2023-428xx/CVE-2023-42824.json) (`2023-10-07T03:10:55.283`)
* [CVE-2023-43877](CVE-2023/CVE-2023-438xx/CVE-2023-43877.json) (`2023-10-07T03:11:45.713`)
* [CVE-2023-44828](CVE-2023/CVE-2023-448xx/CVE-2023-44828.json) (`2023-10-07T03:15:05.237`)
* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-10-07T03:15:10.747`)
* [CVE-2023-44829](CVE-2023/CVE-2023-448xx/CVE-2023-44829.json) (`2023-10-07T03:15:25.163`)
* [CVE-2023-44832](CVE-2023/CVE-2023-448xx/CVE-2023-44832.json) (`2023-10-07T03:15:46.517`)
* [CVE-2023-44831](CVE-2023/CVE-2023-448xx/CVE-2023-44831.json) (`2023-10-07T03:16:56.033`)
* [CVE-2023-44833](CVE-2023/CVE-2023-448xx/CVE-2023-44833.json) (`2023-10-07T03:17:11.587`)
* [CVE-2023-44835](CVE-2023/CVE-2023-448xx/CVE-2023-44835.json) (`2023-10-07T03:17:27.913`)
* [CVE-2023-44834](CVE-2023/CVE-2023-448xx/CVE-2023-44834.json) (`2023-10-07T03:17:41.593`)
* [CVE-2023-5346](CVE-2023/CVE-2023-53xx/CVE-2023-5346.json) (`2023-10-07T03:18:22.887`)
* [CVE-2023-44830](CVE-2023/CVE-2023-448xx/CVE-2023-44830.json) (`2023-10-07T03:18:38.277`)
* [CVE-2023-32485](CVE-2023/CVE-2023-324xx/CVE-2023-32485.json) (`2023-10-07T03:19:10.777`)
## Download and Usage