admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-29T15:00:24.757544+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-29 15:00:28 +00:00
parent eadd4fdb7a
commit 31be625343
142 changed files with 2352 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-445xx/CVE-2022-44589.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-44589",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:08.613",
"lastModified": "2023-12-29T10:15:08.613",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en miniOrange miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login. Este problema afecta a Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login: desde n/a hasta 5.6.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-226xx/CVE-2023-22676.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22676",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.057",
"lastModified": "2023-12-29T09:15:08.057",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Anders Thorborg. Este problema afecta a Anders Thorborg: desde n/a hasta 1.4.12."
}
],
"metrics": {

8
CVE-2023/CVE-2023-226xx/CVE-2023-22677.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22677",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.300",
"lastModified": "2023-12-29T09:15:08.300",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en BinaryStash WP Booklet. Este problema afecta a WP Booklet: desde n/a hasta 2.1.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23424.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23424",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:08.843",
"lastModified": "2023-12-29T03:15:08.843",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by file writing vulnerability, successful exploitation could cause code execution\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de escritura de archivos, una explotaci\u00f3n exitosa podr\u00eda provocar la ejecuci\u00f3n del c\u00f3digo"
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23426.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23426",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.040",
"lastModified": "2023-12-29T03:15:09.040",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de escritura de archivos; una explotaci\u00f3n exitosa podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23427.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23427",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.203",
"lastModified": "2023-12-29T03:15:09.203",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda causar excepciones en el servicio del dispositivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23428.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23428",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.403",
"lastModified": "2023-12-29T03:15:09.403",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda causar excepciones en el servicio del dispositivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23429.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23429",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.600",
"lastModified": "2023-12-29T03:15:09.600",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda causar excepciones en el servicio del dispositivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23430.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23430",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.813",
"lastModified": "2023-12-29T03:15:09.813",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions."
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda causar excepciones en el servicio del dispositivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23437.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23437",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.020",
"lastModified": "2023-12-29T03:15:10.020",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de fuga de informaci\u00f3n, una explotaci\u00f3n exitosa podr\u00eda causar la fuga de informaci\u00f3n"
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23438.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23438",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.190",
"lastModified": "2023-12-29T03:15:10.190",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda causar excepciones en el servicio del dispositivo"
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23439.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23439",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.353",
"lastModified": "2023-12-29T03:15:10.353",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de fuga de informaci\u00f3n; una explotaci\u00f3n exitosa podr\u00eda causar la fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23440.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23440",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.520",
"lastModified": "2023-12-29T03:15:10.520",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak."
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de fuga de informaci\u00f3n; una explotaci\u00f3n exitosa podr\u00eda causar la fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23441.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23441",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:08.547",
"lastModified": "2023-12-29T04:15:08.547",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23442.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23442",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:08.717",
"lastModified": "2023-12-29T04:15:08.717",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de confusi\u00f3n de tipos; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-234xx/CVE-2023-23443.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23443",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:08.883",
"lastModified": "2023-12-29T04:15:08.883",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de confusi\u00f3n de tipos; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-236xx/CVE-2023-23634.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23634",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T07:15:10.430",
"lastModified": "2023-12-29T07:15:10.430",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Documize versi\u00f3n 5.4.2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro user del endpoint /api/dashboard/activity."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-250xx/CVE-2023-25054.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-25054",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.523",
"lastModified": "2023-12-29T09:15:08.523",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en David F. Carr RSVPMaker. Este problema afecta a RSVPMaker: desde n/a hasta 10.6.6."
}
],
"metrics": {

8
CVE-2023/CVE-2023-287xx/CVE-2023-28786.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28786",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:08.973",
"lastModified": "2023-12-29T10:15:08.973",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza ('Open Redirect') en SolidWP Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection. Este problema afecta a Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection: desde n/a hasta 8.1.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-310xx/CVE-2023-31095.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31095",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.260",
"lastModified": "2023-12-29T10:15:09.260",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a sitio no confiable (\"Open Redirect\") en CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta a Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: desde n /a hasta 1.2.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-312xx/CVE-2023-31229.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31229",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.490",
"lastModified": "2023-12-29T10:15:09.490",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza (\"Open Redirect\") en WP Directory Kit. Este problema afecta a WP Directory Kit: desde n/a hasta 1.1.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-312xx/CVE-2023-31237.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31237",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.813",
"lastModified": "2023-12-29T10:15:09.813",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza (\"Open Redirect\") en Dylan James Zephyr Project Manager. Este problema afecta a Zephyr Project Manager: desde n/a hasta 3.3.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-312xx/CVE-2023-31293.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31293",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T03:15:10.690",
"lastModified": "2023-12-29T03:15:10.690",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), que permite a atacantes remotos obtener informaci\u00f3n confidencial y omitir la restricci\u00f3n de perfil mediante un control de acceso inadecuado en el navegador web del usuario del sistema Reader, permitiendo que el diario se muestre, a pesar de que la opci\u00f3n est\u00e1 desactivada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-312xx/CVE-2023-31294.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31294",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T03:15:10.740",
"lastModified": "2023-12-29T03:15:10.740",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CSV en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s del campo Delivery Name."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-312xx/CVE-2023-31295.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31295",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T06:15:43.563",
"lastModified": "2023-12-29T06:15:43.563",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CSV en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s del campo User Profile."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-312xx/CVE-2023-31296.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31296",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T04:15:09.053",
"lastModified": "2023-12-29T04:15:09.053",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CSV en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s del campo User Name."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-312xx/CVE-2023-31299.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31299",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T05:15:08.750",
"lastModified": "2023-12-29T05:15:08.750",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo Barcode de un contenedor."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-313xx/CVE-2023-31300.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T06:15:43.633",
"lastModified": "2023-12-29T06:15:43.633",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), que permite a atacantes remotos obtener informaci\u00f3n confidencial mediante la transmisi\u00f3n de credenciales de texto plano y sin cifrar durante la funci\u00f3n de Password Reset."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-313xx/CVE-2023-31302.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31302",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T06:15:43.677",
"lastModified": "2023-12-29T06:15:43.677",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo Teller."
}
],
"metrics": {},

10
CVE-2023/CVE-2023-320xx/CVE-2023-32095.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32095",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.750",
"lastModified": "2023-12-29T09:15:08.750",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dini\u0107 Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1.\n\n"
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dini? Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Milan Dini? Rename Media Files. Este problema afecta a Rename Media Files: desde n/a hasta 1.0.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-321xx/CVE-2023-32101.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32101",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.080",
"lastModified": "2023-12-29T10:15:10.080",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza (\"Open Redirect\") en Pexle Chris Library Viewer. Este problema afecta a Library Viewer: desde n/a hasta 2.0.6."
}
],
"metrics": {

8
CVE-2023/CVE-2023-325xx/CVE-2023-32517.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32517",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.390",
"lastModified": "2023-12-29T10:15:10.390",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza ('Open Redirect') en PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder. Este problema afecta a MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: desde n/a hasta 4.0. 9.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-406xx/CVE-2023-40606.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40606",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.977",
"lastModified": "2023-12-29T09:15:08.977",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Kanban for WordPress Kanban Boards for WordPress. Este problema afecta a Kanban Boards for WordPress: desde n/a hasta 2.5.21."
}
],
"metrics": {

8
CVE-2023/CVE-2023-418xx/CVE-2023-41813.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41813",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-12-29T12:15:43.250",
"lastModified": "2023-12-29T12:15:43.250",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0Allows you to edit the Web Console user notification options.\u00a0This issue affects Pandora FMS: from 700 through 774."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). Le permite editar las opciones de notificaci\u00f3n del usuario de la consola web. Este problema afecta a Pandora FMS: del 700 al 774."
}
],
"metrics": {

8
CVE-2023/CVE-2023-418xx/CVE-2023-41814.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41814",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-12-29T12:15:43.487",
"lastModified": "2023-12-29T12:15:43.487",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications.\u00a0This issue affects Pandora FMS: from 700 through 774."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). A trav\u00e9s de un paylaod HTML (etiqueta iframe) es posible realizar ataques XSS cuando el usuario que recibe los mensajes abre sus notificaciones. Este problema afecta a Pandora FMS: del 700 al 774."
}
],
"metrics": {

8
CVE-2023/CVE-2023-418xx/CVE-2023-41815.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41815",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-12-29T12:15:43.690",
"lastModified": "2023-12-29T12:15:43.690",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0Malicious code could be executed in the File Manager section.\u00a0This issue affects Pandora FMS: from 700 through 774."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). Se podr\u00eda ejecutar c\u00f3digo malicioso en la secci\u00f3n File Manager. Este problema afecta a Pandora FMS: del 700 al 774."
}
],
"metrics": {

8
CVE-2023/CVE-2023-440xx/CVE-2023-44088.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44088",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-12-29T12:15:43.883",
"lastModified": "2023-12-29T12:15:43.883",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection.\u00a0Arbitrary SQL queries were allowed to be executed using any account with low privileges.\u00a0This issue affects Pandora FMS: from 700 through 774."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de Comando SQL ('Inyecci\u00f3n SQL') en Pandora FMS on all permite la Inyecci\u00f3n SQL. Se permit\u00eda ejecutar consultas SQL arbitrarias utilizando cualquier cuenta con pocos privilegios. Este problema afecta a Pandora FMS: del 700 al 774."
}
],
"metrics": {

8
CVE-2023/CVE-2023-440xx/CVE-2023-44089.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44089",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-12-29T12:15:44.083",
"lastModified": "2023-12-29T12:15:44.083",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0It was possible to execute malicious JS code on Visual Consoles.\u00a0This issue affects Pandora FMS: from 700 through 774."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). Era posible ejecutar c\u00f3digo JS malicioso en consolas visuales. Este problema afecta a Pandora FMS: del 700 al 774."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4462.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.100",
"lastModified": "2023-12-29T10:15:11.100",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\u00e1tica. Una parte desconocida del componente Web Configuration Application afecta a una parte desconocida. La manipulaci\u00f3n conduce a valores insuficientemente aleatorios. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249255."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4463.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.413",
"lastModified": "2023-12-29T10:15:11.413",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\u00e1tica. C\u00f3digo desconocido del componente HTTP Header Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n del argumento Cookie conduce a la denegaci\u00f3n de servicio. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249256."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4464.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4464",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.750",
"lastModified": "2023-12-29T10:15:11.750",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60. Este problema afecta un procesamiento desconocido del componente Diagnostic Telnet Mode. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249257."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4465.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4465",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.133",
"lastModified": "2023-12-29T10:15:12.133",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60. Una funci\u00f3n desconocida del componente Configuration File Import es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento device.auth.localAdminPassword conduce a un cambio de contrase\u00f1a no verificado. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249258 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4466.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4466",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.470",
"lastModified": "2023-12-29T10:15:12.470",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Web Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n provoca el fallo del mecanismo de protecci\u00f3n. El ataque se puede lanzar de forma remota. El proveedor explica que no consideran esto como una vulnerabilidad, ya que es una caracter\u00edstica que ofrecen a sus clientes que tienen una variedad de necesidades ambientales que se satisfacen a trav\u00e9s de diferentes versiones de firmware. Para evitar posibles ataques de reversi\u00f3n, eliminan las compilaciones vulnerables de los servidores p\u00fablicos como esfuerzo de remediaci\u00f3n. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249259."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4467.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4467",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.783",
"lastModified": "2023-12-29T10:15:12.783",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Poly Trio 8800 7.2.6.0019 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente Test Automation Mode es afectada por este problema. La manipulaci\u00f3n conduce a una puerta trasera. Es posible lanzar el ataque al dispositivo f\u00edsico. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249260."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4468.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4468",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:13.140",
"lastModified": "2023-12-29T10:15:13.140",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Poly Trio 8800 y Trio C60. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del componente Poly Lens Management Cloud Registration. La manipulaci\u00f3n conduce a la falta de autorizaci\u00f3n. Es posible lanzar el ataque al dispositivo f\u00edsico. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249261."
}
],
"metrics": {

58
CVE-2023/CVE-2023-451xx/CVE-2023-45122.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45122",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T17:15:08.723",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T13:59:19.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'name' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'name' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

58
CVE-2023/CVE-2023-451xx/CVE-2023-45123.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45123",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T17:15:09.007",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T13:58:57.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'right' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'right' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

8
CVE-2023/CVE-2023-457xx/CVE-2023-45751.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45751",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.197",
"lastModified": "2023-12-29T09:15:09.197",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en POSIMYTH Nexter Extension. Este problema afecta a Nexter Extension: desde n/a hasta 2.0.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46623.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46623",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.410",
"lastModified": "2023-12-29T09:15:09.410",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en TienCOP WP EXtra. Este problema afecta a WP EXtra: desde n/a hasta 6.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47840.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47840",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.637",
"lastModified": "2023-12-29T09:15:09.637",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Qode Interactive Qode Essential Addons. Este problema afecta a Qode Essential Addons: desde n/a hasta 1.5.2."
}
],
"metrics": {

32
CVE-2023/CVE-2023-486xx/CVE-2023-48685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48685",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:09.867",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:09:02.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:railway_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFF349-37D8-4FF1-9587-F64007EEA3AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/barenboim/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-486xx/CVE-2023-48686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48686",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:10.200",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:09:18.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:railway_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFF349-37D8-4FF1-9587-F64007EEA3AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/barenboim/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-486xx/CVE-2023-48687.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48687",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:10.507",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:09:32.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:railway_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFF349-37D8-4FF1-9587-F64007EEA3AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/barenboim/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-486xx/CVE-2023-48688.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48688",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:10.830",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:08:27.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:railway_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFF349-37D8-4FF1-9587-F64007EEA3AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/barenboim/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-486xx/CVE-2023-48689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48689",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:11.130",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:07:40.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:railway_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFF349-37D8-4FF1-9587-F64007EEA3AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/barenboim/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-486xx/CVE-2023-48690.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48690",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:11.437",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:07:19.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:railway_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFF349-37D8-4FF1-9587-F64007EEA3AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/barenboim/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-487xx/CVE-2023-48716.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48716",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:11.710",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:05:07.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:student_result_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C819BC3-7144-443A-9D32-D6FA878D80CC"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/gilels/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-487xx/CVE-2023-48717.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48717",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:12.013",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T14:04:19.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:student_result_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C819BC3-7144-443A-9D32-D6FA878D80CC"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/gilels/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

8
CVE-2023/CVE-2023-498xx/CVE-2023-49830.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.783",
"lastModified": "2023-12-29T10:15:10.783",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Brainstorm Force Astra Pro. Este problema afecta a Astra Pro: desde n/a hasta 4.3.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-507xx/CVE-2023-50761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50761",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.033",
"lastModified": "2023-12-22T11:14:18.960",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-29T13:15:08.460",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -97,6 +97,10 @@
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-507xx/CVE-2023-50762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50762",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.093",
"lastModified": "2023-12-22T11:13:31.773",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-29T13:15:08.577",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -97,6 +97,10 @@
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-508xx/CVE-2023-50837.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50837",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:44.290",
"lastModified": "2023-12-29T12:15:44.290",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown \u2013 Protect Login Form.This issue affects Login Lockdown \u2013 Protect Login Form: from n/a through 2.06.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") en WebFactory Ltd Login Lockdown \u2013 Protect Login Form. Este problema afecta a Login Lockdown \u2013 Protect Login Form: desde n/a hasta 2.06."
}
],
"metrics": {

59
CVE-2023/CVE-2023-508xx/CVE-2023-50878.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50878",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:08.693",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en la API MStore de InspireUI. Este problema afecta a MStore API: desde n/a hasta 4.10.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mstore-api/wordpress-mstore-api-plugin-4-10-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-508xx/CVE-2023-50879.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50879",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:44.503",
"lastModified": "2023-12-29T12:15:44.503",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Automattic WordPress.Com Editing Toolkit permite XSS almacenado. Este problema afecta al WordPress.Com Editing Toolkit: desde n/a hasta 3.78784."
}
],
"metrics": {

8
CVE-2023/CVE-2023-508xx/CVE-2023-50880.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50880",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:44.717",
"lastModified": "2023-12-29T12:15:44.717",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en The BuddyPress Community BuddyPress permite XSS almacenado. Este problema afecta a BuddyPress: desde n/a hasta 11.3.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-508xx/CVE-2023-50881.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50881",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:44.927",
"lastModified": "2023-12-29T12:15:44.927",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More permite XSS almacenado. Este problema afecta a Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: desde n/a hasta 6.9.15."
}
],
"metrics": {

8
CVE-2023/CVE-2023-508xx/CVE-2023-50889.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50889",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:45.170",
"lastModified": "2023-12-29T12:15:45.170",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder \u2013 WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder \u2013 WordPress Page Builder: from n/a through 2.7.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en The Beaver Builder Team Beaver Builder \u2013 WordPress Page Builder permite XSS almacenado. Este problema afecta a Beaver Builder \u2013 WordPress Page Builder: desde n/a hasta 2.7.2 ."
}
],
"metrics": {

8
CVE-2023/CVE-2023-508xx/CVE-2023-50891.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50891",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:45.400",
"lastModified": "2023-12-29T12:15:45.400",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress \u2013 Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress \u2013 Zoho Forms: from n/a through 3.0.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento de formulario Zoho Forms Form plugin for WordPress \u2013 Zoho Forms permite XSS almacenado. Este problema afecta a Form plugin for WordPress \u2013 Zoho Forms: desde n/a hasta 3.0.1 ."
}
],
"metrics": {

8
CVE-2023/CVE-2023-508xx/CVE-2023-50892.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50892",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:45.620",
"lastModified": "2023-12-29T12:15:45.620",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme permite XSS reflejado. Este problema afecta a TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: desde n/ a hasta 5.9.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-508xx/CVE-2023-50893.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50893",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:45.837",
"lastModified": "2023-12-29T12:15:45.837",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza \u2013 WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza \u2013 WordPress Website and WooCommerce Builder: from n/a through 8.17.4.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en UpSolution Impreza \u2013 WordPress Website and WooCommerce Builder permite XSS reflejado. Este problema afecta a Impreza \u2013 WordPress Website and WooCommerce Builder: desde n/a hasta 8.17.4."
}
],
"metrics": {

4
CVE-2023/CVE-2023-508xx/CVE-2023-50896.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50896",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:08.363",
"lastModified": "2023-12-29T11:15:08.363",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-509xx/CVE-2023-50901.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50901",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:08.860",
"lastModified": "2023-12-29T11:15:08.860",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-509xx/CVE-2023-50902.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50902",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.230",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WPExpertsio New User Approve. Este problema afecta a New User Approve: desde n/a hasta 2.5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/new-user-approve/wordpress-new-user-approve-plugin-2-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-513xx/CVE-2023-51354.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51354",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.450",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin \u2013 Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin \u2013 Webba Booking: from n/a through 4.5.33.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WebbaPlugins Appointment & Event Booking Calendar Plugin \u2013 Webba Booking. Este problema afecta a Appointment & Event Booking Calendar Plugin \u2013 Webba Booking: desde n/a hasta 4.5.33."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webba-booking-lite/wordpress-webba-booking-plugin-4-5-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-513xx/CVE-2023-51358.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51358",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.663",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Bright Plugins Block IPs for Gravity Forms. Este problema afecta a Block IPs for Gravity Forms: desde n/a hasta 1.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gf-block-ips/wordpress-block-ips-for-gravity-forms-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-513xx/CVE-2023-51361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51361",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:09.117",
"lastModified": "2023-12-29T11:15:09.117",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-513xx/CVE-2023-51371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51371",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:09.383",
"lastModified": "2023-12-29T11:15:09.383",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-513xx/CVE-2023-51372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51372",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:09.607",
"lastModified": "2023-12-29T11:15:09.607",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-513xx/CVE-2023-51373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51373",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:09.860",
"lastModified": "2023-12-29T11:15:09.860",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-513xx/CVE-2023-51374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51374",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:10.093",
"lastModified": "2023-12-29T11:15:10.093",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ZeroBounce ZeroBounce Email Verification & Validation permite XSS almacenado. Este problema afecta a ZeroBounce Email Verification & Validation: desde n/a hasta 1.0.11."
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ZeroBounce ZeroBounce Email Verification & Validation permite XSS almacenado. Este problema afecta a ZeroBounce Email Verification & Validation: desde n/a hasta 1.0.11."
}
],
"metrics": {

59
CVE-2023/CVE-2023-513xx/CVE-2023-51378.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51378",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.930",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks \u2013 A Complete Gutenberg Page Builder.This issue affects Rise Blocks \u2013 A Complete Gutenberg Page Builder: from n/a through 3.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Rise Themes Rise Blocks \u2013 A Complete Gutenberg Page Builder. Este problema afecta a Rise Blocks \u2013 A Complete Gutenberg Page Builder: desde n/a hasta 3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rise-blocks/wordpress-rise-blocks-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2023/CVE-2023-513xx/CVE-2023-51396.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51396",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:10.357",
"lastModified": "2023-12-29T11:15:10.357",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Brizy.Io Brizy \u2013 Page Builder permite XSS almacenado. Este problema afecta a Brizy \u2013 Page Builder: desde n/a hasta 2.4.29."
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Brizy.Io Brizy \u2013 Page Builder permite XSS almacenado. Este problema afecta a Brizy \u2013 Page Builder: desde n/a hasta 2.4.29."
}
],
"metrics": {

4
CVE-2023/CVE-2023-513xx/CVE-2023-51397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51397",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:10.600",
"lastModified": "2023-12-29T11:15:10.600",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-513xx/CVE-2023-51399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51399",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T11:15:10.830",
"lastModified": "2023-12-29T11:15:10.830",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:23.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-514xx/CVE-2023-51402.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51402",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T12:15:46.043",
"lastModified": "2023-12-29T12:15:46.043",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Brain Storm Force Ultimate Addons for WPBakery Page Builder. Este problema afecta a Ultimate Addons for WPBakery Page Builder: desde n/a hasta 3.19.17."
}
],
"metrics": {

55
CVE-2023/CVE-2023-514xx/CVE-2023-51410.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51410",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T14:15:46.190",
"lastModified": "2023-12-29T14:46:03.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-mail-log/wordpress-wp-mail-log-plugin-1-1-2-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51411.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51411",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T14:15:46.437",
"lastModified": "2023-12-29T14:46:03.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/acf-frontend-form-element/wordpress-frontend-admin-by-dynamiapps-plugin-3-18-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51412.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51412",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T14:15:46.650",
"lastModified": "2023-12-29T14:46:03.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnetforms-plugin-1-0-25-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51414.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51414",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:10.180",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in EnvialoSimple Env\u00edaloSimple: Email Marketing y Newsletters.This issue affects Env\u00edaloSimple: Email Marketing y Newsletters: from n/a through 2.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en EnvialoSimple Env\u00edaloSimple: Email Marketing y Newsletters. Este problema afecta a Env\u00edaloSimple: Email Marketing y Newsletters: desde n/a hasta 2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51417.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51417",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T14:15:46.860",
"lastModified": "2023-12-29T14:46:03.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jvm-rich-text-icons/wordpress-jvm-rich-text-icons-plugin-1-2-3-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51419.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51419",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T14:15:47.063",
"lastModified": "2023-12-29T14:46:03.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bertha-ai-free/wordpress-bertha-ai-plugin-1-11-10-7-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-514xx/CVE-2023-51420.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51420",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:13.527",
"lastModified": "2023-12-29T10:15:13.527",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Soft8Soft LLC Verge3D Publishing and E-Commerce. Este problema afecta a Verge3D Publishing and E-Commerce: desde n/a hasta 4.5.2."
}
],
"metrics": {

55
CVE-2023/CVE-2023-514xx/CVE-2023-51421.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51421",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T14:15:47.270",
"lastModified": "2023-12-29T14:46:03.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51422.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51422",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:10.393",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. Este problema afecta a Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: desde n/a hasta 3.05.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-514xx/CVE-2023-51426.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51426",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.100",
"lastModified": "2023-12-29T04:15:09.100",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de confusi\u00f3n de tipos; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-514xx/CVE-2023-51427.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51427",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.300",
"lastModified": "2023-12-29T04:15:09.300",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de confusi\u00f3n de tipos; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-514xx/CVE-2023-51428.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51428",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.503",
"lastModified": "2023-12-29T04:15:09.503",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de confusi\u00f3n de tipos; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-514xx/CVE-2023-51429.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51429",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.690",
"lastModified": "2023-12-29T04:15:09.690",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-514xx/CVE-2023-51430.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51430",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.847",
"lastModified": "2023-12-29T04:15:09.847",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-514xx/CVE-2023-51431.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51431",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.010",
"lastModified": "2023-12-29T04:15:10.010",
"vulnStatus": "Received",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
},
{
"lang": "es",
"value": "Algunos productos Honor se ven afectados por una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta; una explotaci\u00f3n exitosa podr\u00eda causar excepciones en el servicio del dispositivo."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More