admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-18T19:00:24.329154+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-18 19:00:28 +00:00
parent 8af49e4687
commit 397cbc1350
84 changed files with 3786 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
CVE-2022/CVE-2022-229xx/CVE-2022-22942.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-22942",
"sourceIdentifier": "security@vmware.com",
"published": "2023-12-13T09:15:33.890",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:27:31.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -38,18 +58,62 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:vmware:photon_os:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "ED9EFBB8-05C9-4F2E-A1E2-C39456CE31BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:vmware:photon_os:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8F4B4064-D515-49C6-A772-D01AFA2828EF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-356",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-148",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/01/27/4",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-403xx/CVE-2022-40312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40312",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:08.623",
"lastModified": "2023-12-18T15:15:08.623",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

86
CVE-2023/CVE-2023-312xx/CVE-2023-31210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31210",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-12-13T09:15:34.080",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:31:51.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@checkmk.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "security@checkmk.com",
"type": "Secondary",
@ -50,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "5D3DFD03-89BF-433F-B14C-8B46AD5146F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "50D06254-A368-4DE1-8734-1DC49002FBB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "489B86C6-FDD3-4569-B330-86CF51B533B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "50456E0E-0597-4E90-9BFC-1384800ED073"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "0A7E61FE-E2B2-434F-8DFB-BF6AB78B8DE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "D5FDDC0D-52AA-419C-84CF-48B608B976E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "DC948630-1F71-4441-B842-29974C2D4C1B"
}
]
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/16226",
"source": "security@checkmk.com"
"source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-332xx/CVE-2023-33214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33214",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T16:15:09.597",
"lastModified": "2023-12-18T16:15:09.597",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2023/CVE-2023-341xx/CVE-2023-34194.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-34194",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:43.680",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:31:41.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\\0' located after whitespace."
},
{
"lang": "es",
"value": "StringEqual en TiXmlDeclaration::Parse en tinyxmlparser.cpp en TinyXML hasta 2.6.2 tiene una aserci\u00f3n accesible (y una salida de la aplicaci\u00f3n) a trav\u00e9s de un documento XML manipulado con un '\\0' ubicado despu\u00e9s del espacio en blanco."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.6.2",
"matchCriteriaId": "F15EC263-5CCC-47B7-BBEB-2F14AEBE8BEA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-35xx/CVE-2023-3517.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3517",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-12T23:15:07.003",
"lastModified": "2023-12-13T01:50:36.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:51:42.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nHitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including \n8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.\n\n"
},
{
"lang": "es",
"value": "Las versiones de Hitachi Vantara Pentaho Data Integration & Analytics anteriores a 9.5.0.1 y 9.3.0.5, incluida 8.3.x, no restringen los identificadores JNDI durante la creaci\u00f3n de XActions, lo que permite el control de las fuentes de datos a nivel del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "9.3.0.5",
"matchCriteriaId": "CB3D7328-8002-4EC0-BF92-3A189F227A36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.4.0.0",
"versionEndExcluding": "9.5.0.1",
"matchCriteriaId": "C6232023-AFC6-4D71-AF25-8E975DCE75D9"
}
]
}
]
}
],
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/19668665099533",
"source": "security.vulnerabilities@hitachivantara.com"
"source": "security.vulnerabilities@hitachivantara.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43813.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43813",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T19:15:07.587",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:59:53.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue."
},
{
"lang": "es",
"value": "GLPI es un paquete de software gratuito de gesti\u00f3n de activos y TI. A partir de la versi\u00f3n 10.0.0 y anteriores a la versi\u00f3n 10.0.11, la funci\u00f3n de b\u00fasqueda guardada se puede utilizar para realizar una inyecci\u00f3n SQL. La versi\u00f3n 10.0.11 contiene un parche para el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.11",
"matchCriteriaId": "26DF2F46-6455-4440-BB5D-75FEB6798705"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-442xx/CVE-2023-44251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44251",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T09:15:34.280",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:34:13.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C010221E-9BAF-41DC-B352-5941D38C8FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7944DB8-76F2-40B9-97E2-D14A1EBF6286"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE7940-6D64-43BE-92AF-3EB86F4D0B3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8034DF-A33B-4B49-9448-6AD1DFAB27D5"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-265",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-442xx/CVE-2023-44252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44252",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T09:15:34.473",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:34:39.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C010221E-9BAF-41DC-B352-5941D38C8FEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7944DB8-76F2-40B9-97E2-D14A1EBF6286"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE7940-6D64-43BE-92AF-3EB86F4D0B3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8034DF-A33B-4B49-9448-6AD1DFAB27D5"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-061",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-458xx/CVE-2023-45866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45866",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T06:15:45.690",
"lastModified": "2023-12-15T11:15:09.683",
"vulnStatus": "Modified",
"lastModified": "2023-12-18T18:41:28.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"impactScore": 3.4
}
]
},
@ -355,6 +355,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -405,7 +420,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/",

4
CVE-2023/CVE-2023-461xx/CVE-2023-46177.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46177",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-18T15:15:08.920",
"lastModified": "2023-12-18T15:15:08.920",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-464xx/CVE-2023-46446.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-46446",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T03:15:09.573",
"lastModified": "2023-12-18T16:15:10.017",
"lastModified": "2023-12-18T17:15:09.410",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka \"Rogue Extension Negotiation.\""
"value": "An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a \"Rogue Session Attack.\""
},
{
"lang": "es",
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-c35q-ffpf-5qpm",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"source": "cve@mitre.org"

55
CVE-2023/CVE-2023-466xx/CVE-2023-46617.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46617",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T17:15:09.823",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/adfoxly/wordpress-adfoxly-ad-manager-adsense-ads-ads-txt-plugin-1-8-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-466xx/CVE-2023-46671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46671",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-13T07:15:22.013",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:01:00.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,10 +80,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.11.1",
"matchCriteriaId": "EDC4443D-DC1A-41CB-A1BC-817A15246F81"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-466xx/CVE-2023-46675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46675",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-13T07:15:23.077",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:59:39.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.13.0",
"versionEndExcluding": "7.17.16",
"matchCriteriaId": "E2637EAD-4E01-41A7-B156-65490431F21E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.11.2",
"matchCriteriaId": "CABAA148-5196-401E-A56F-874D12A3E8B7"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-467xx/CVE-2023-46726.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46726",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T19:15:07.830",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:59:15.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue."
},
{
"lang": "es",
"value": "GLPI es un paquete de software gratuito de gesti\u00f3n de activos y TI. A partir de la versi\u00f3n 10.0.0 y anteriores a la versi\u00f3n 10.0.11, solo en PHP 7.4, el formulario de configuraci\u00f3n del servidor LDAP se puede utilizar para ejecutar c\u00f3digo arbitrario cargado previamente como un documento GLPI. La versi\u00f3n 10.0.11 contiene un parche para el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.11",
"matchCriteriaId": "26DF2F46-6455-4440-BB5D-75FEB6798705"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-467xx/CVE-2023-46727.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46727",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T19:15:08.047",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:57:31.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory."
},
{
"lang": "es",
"value": "GLPI es un paquete de software gratuito de gesti\u00f3n de activos y TI. A partir de la versi\u00f3n 10.0.0 y anteriores a la versi\u00f3n 10.0.11, el endpoint del inventario GLPI se puede utilizar para impulsar un ataque de inyecci\u00f3n SQL. La versi\u00f3n 10.0.11 contiene un parche para el problema. Como workaround, deshabilite el inventario nativo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.11",
"matchCriteriaId": "26DF2F46-6455-4440-BB5D-75FEB6798705"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

33
CVE-2023/CVE-2023-470xx/CVE-2023-47064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47064",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-15T11:15:09.817",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:47:57.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.18.0",
"matchCriteriaId": "FA275504-C2EE-42D5-AC1B-01DC1DAC1CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*",
"matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

33
CVE-2023/CVE-2023-470xx/CVE-2023-47065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47065",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-15T11:15:10.050",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:47:46.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.18.0",
"matchCriteriaId": "FA275504-C2EE-42D5-AC1B-01DC1DAC1CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*",
"matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-473xx/CVE-2023-47327.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-47327",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.487",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T19:00:10.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The \"Create a Space\" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL."
},
{
"lang": "es",
"value": "La funci\u00f3n \"Crear un espacio\" en Silverpeas Core 6.3.1 est\u00e1 reservada para uso de administradores. Esta funci\u00f3n sufre un control de acceso roto, lo que permite a cualquier usuario autenticado crear un espacio navegando a la URL correcta."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverpeas:silverpeas:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "F4C6E996-03CD-4BD3-A74F-A450CA1B0C0B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47327",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-475xx/CVE-2023-47536.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47536",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T08:15:50.920",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:19:51.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +70,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "2.0.12",
"matchCriteriaId": "7C1D5E6B-A23E-4A92-B53C-720AFEB1B951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "DAC18F7E-5242-4F36-BB42-FEC33B3AC075"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "3A99FF48-370E-4D2A-B5CC-889EA21AB213"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.14",
"matchCriteriaId": "A2B52E22-C64D-4142-885E-6C44FA670574"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.13",
"matchCriteriaId": "DF27CA2F-3F4C-4CCB-B832-0E792673C429"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B87A2A-4C83-448B-8009-AD20214D58CB"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-432",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-477xx/CVE-2023-47787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47787",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T16:15:10.097",
"lastModified": "2023-12-18T16:15:10.097",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-477xx/CVE-2023-47789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47789",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T16:15:10.313",
"lastModified": "2023-12-18T16:15:10.313",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-478xx/CVE-2023-47806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47806",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T16:15:10.510",
"lastModified": "2023-12-18T16:15:10.510",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

33
CVE-2023/CVE-2023-484xx/CVE-2023-48440.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48440",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-15T11:15:10.260",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:47:36.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.18.0",
"matchCriteriaId": "FA275504-C2EE-42D5-AC1B-01DC1DAC1CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*",
"matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

33
CVE-2023/CVE-2023-484xx/CVE-2023-48441.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48441",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-15T11:15:10.463",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:47:25.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.18.0",
"matchCriteriaId": "FA275504-C2EE-42D5-AC1B-01DC1DAC1CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*",
"matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

33
CVE-2023/CVE-2023-484xx/CVE-2023-48442.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48442",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-15T11:15:10.673",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:47:00.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.18.0",
"matchCriteriaId": "FA275504-C2EE-42D5-AC1B-01DC1DAC1CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*",
"matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-484xx/CVE-2023-48443.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48443",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-15T11:15:10.870",
"lastModified": "2023-12-15T13:41:51.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:46:50.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +56,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.18.0",
"matchCriteriaId": "FA275504-C2EE-42D5-AC1B-01DC1DAC1CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*",
"matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

41
CVE-2023/CVE-2023-486xx/CVE-2023-48636.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48636",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.483",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:36:06.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 13.0.0 (y anteriores) y 13.1.0 (y anteriores) de Adobe Substance 3D Designer se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -35,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.0",
"matchCriteriaId": "53F2C3C2-4ABE-42F4-9F28-96F8AD77EF08"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-486xx/CVE-2023-48637.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48637",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.673",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:35:30.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 13.0.0 (y anteriores) y 13.1.0 (y anteriores) de Adobe Substance 3D Designer se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.0",
"matchCriteriaId": "53F2C3C2-4ABE-42F4-9F28-96F8AD77EF08"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-486xx/CVE-2023-48638.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48638",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.880",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:33:18.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 13.0.0 (y anteriores) y 13.1.0 (y anteriores) de Adobe Substance 3D Designer se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.0",
"matchCriteriaId": "53F2C3C2-4ABE-42F4-9F28-96F8AD77EF08"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-486xx/CVE-2023-48639.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48639",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:47.073",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:31:37.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 13.0.0 (y anteriores) y 13.1.0 (y anteriores) de Adobe Substance 3D Designer se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.0",
"matchCriteriaId": "53F2C3C2-4ABE-42F4-9F28-96F8AD77EF08"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-487xx/CVE-2023-48755.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48755",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T16:15:10.693",
"lastModified": "2023-12-18T16:15:10.693",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-487xx/CVE-2023-48762.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48762",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T17:15:10.033",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48766.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T17:15:10.583",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2013 Add Animated SVG Easily.This issue affects SVGator \u2013 Add Animated SVG Easily: from n/a through 1.2.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/svgator/wordpress-svgator-add-animated-svg-easily-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

54
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

@ -2,20 +2,32 @@
"id": "CVE-2023-48795",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T16:15:10.897",
"lastModified": "2023-12-18T16:15:10.897",
"vulnStatus": "Received",
"lastModified": "2023-12-18T18:15:08.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, and PuTTY before 0.80; and there could be effects on Bitvise SSH through 9.31, AsyncSSH through 2.14.1, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17."
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, and golang.org/x/crypto before 0.17.0; and there could be effects on Bitvise SSH through 9.31 and libssh through 0.10.5."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"source": "cve@mitre.org"
@ -24,10 +36,22 @@
"url": "https://github.com/openssh/openssh-portable/commits/master",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ronf/asyncssh/tags",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags",
"source": "cve@mitre.org"
@ -36,6 +60,10 @@
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"source": "cve@mitre.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"source": "cve@mitre.org"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"source": "cve@mitre.org"
@ -44,6 +72,22 @@
"url": "https://matt.ucc.asn.au/dropbear/CHANGES",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=38684904",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=38685286",
"source": "cve@mitre.org"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"source": "cve@mitre.org"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005",
"source": "cve@mitre.org"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history",
"source": "cve@mitre.org"
@ -60,6 +104,10 @@
"url": "https://www.openssh.com/txt/release-9.6",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2",
"source": "cve@mitre.org"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"source": "cve@mitre.org"

68
CVE-2023/CVE-2023-493xx/CVE-2023-49363.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T18:15:43.660",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:28:39.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php."
},
{
"lang": "es",
"value": "Rockoa en versiones &lt; 2.3.3 es vulnerable a la inyecci\u00f3n SQL. El problema existe en el m\u00e9todo indexAction en reimpAction.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockoa:rockoa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.3",
"matchCriteriaId": "27932691-DCE8-4BDA-88A5-C00B96388728"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/wednesdaygogo/Vulnerability-recurrence/blob/main/rockoa%20less%20than%202.3.3%20sql%20injection%20vulnerability.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49740.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49740",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T15:15:08.817",
"lastModified": "2023-12-14T15:20:34.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:29:26.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-Site Scripting') en Seraphinite Solutions Seraphinite Accelerator permite Reflected XSS. Este problema afecta a Seraphinite Accelerator: desde n/a hasta 2.20.28."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seraphinitesolutions:seraphinite_accelerator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.20.29",
"matchCriteriaId": "192EDEBE-9F34-426E-BB4A-E102B4B8111D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-28-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49743.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49743",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T15:15:09.067",
"lastModified": "2023-12-14T15:20:34.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:39:56.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Jeff Starr Dashboard Widgets Suite permite almacenar XSS. Este problema afecta a Dashboard Widgets Suite: desde n/a hasta 3.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plugin-planet:dashboard_widget_suite:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.2",
"matchCriteriaId": "6B998F0B-69E4-4820-AB91-4D1D66E541A4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dashboard-widgets-suite/wordpress-dashboard-widgets-suite-plugin-3-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49745.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49745",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T15:15:09.297",
"lastModified": "2023-12-14T15:20:34.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:40:10.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Spiffy Plugins Spiffy Calendar permite almacenar XSS. Este problema afecta a Spiffy Calendar: desde n/a hasta 4.9.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spiffyplugins:spiffy_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.9.6",
"matchCriteriaId": "7E118924-2B22-44DA-BDA3-A97B757EC20C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49836.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49836",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:43.903",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:19:51.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Brontobytes Cookie Bar permite almacenar XSS. Este problema afecta a Cookie Bar: desde n/a hasta 2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brontobytes:cookie_bar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1",
"matchCriteriaId": "7895984C-FC2E-4F97-AE3E-3C0FBF361F93"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cookie-bar/wordpress-cookie-bar-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-498xx/CVE-2023-49840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49840",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.130",
"lastModified": "2023-12-18T15:15:09.130",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-498xx/CVE-2023-49843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49843",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.330",
"lastModified": "2023-12-18T15:15:09.330",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-498xx/CVE-2023-49844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49844",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.510",
"lastModified": "2023-12-18T15:15:09.510",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2023/CVE-2023-498xx/CVE-2023-49846.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49846",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.113",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:20:32.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Paul Bearne Author Avatars List/Block permite almacenar XSS. Este problema afecta a Author Avatars List/Block: desde n/a hasta 2.1.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bearne:author_avatars_list\\/block:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.19",
"matchCriteriaId": "747A39D1-FEAD-4E6C-AF5F-48675391CE71"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/author-avatars/wordpress-author-avatars-list-block-plugin-2-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49847.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49847",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.320",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:21:09.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Twinpictures Annual Archive permite almacenar XSS. Este problema afecta a Annual Archive: desde n/a hasta 1.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twinpictures:annual_archive:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "3C37095A-DB29-47AD-B5B3-422B836742E8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/anual-archive/wordpress-annual-archive-plugin-1-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-498xx/CVE-2023-49853.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-49853",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.707",
"lastModified": "2023-12-18T15:15:09.707",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PayTR \u00d6deme ve Elektronik Para Kurulu\u015fu A.\u015e. PayTR Taksit Tablosu \u2013 WooCommerce.This issue affects PayTR Taksit Tablosu \u2013 WooCommerce: from n/a through 1.3.1.\n\n"
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PayTR \u00d6deme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu \u2013 WooCommerce.This issue affects PayTR Taksit Tablosu \u2013 WooCommerce: from n/a through 1.3.1.\n\n"
}
],
"metrics": {

16
CVE-2023/CVE-2023-499xx/CVE-2023-49990.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49990",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.553",
"lastModified": "2023-12-14T19:20:05.407",
"lastModified": "2023-12-18T18:29:41.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
"impactScore": 3.4
}
]
},

16
CVE-2023/CVE-2023-499xx/CVE-2023-49991.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49991",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.600",
"lastModified": "2023-12-14T19:19:27.523",
"lastModified": "2023-12-18T18:29:45.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
"impactScore": 3.4
}
]
},

16
CVE-2023/CVE-2023-499xx/CVE-2023-49992.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49992",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.653",
"lastModified": "2023-12-14T19:18:58.267",
"lastModified": "2023-12-18T18:29:59.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
"impactScore": 3.4
}
]
},

16
CVE-2023/CVE-2023-499xx/CVE-2023-49993.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49993",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.700",
"lastModified": "2023-12-14T19:18:23.463",
"lastModified": "2023-12-18T18:29:55.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
"impactScore": 3.4
}
]
},

95
CVE-2023/CVE-2023-502xx/CVE-2023-50263.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50263",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T23:15:07.270",
"lastModified": "2023-12-13T01:50:36.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:05:24.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red creada como una aplicaci\u00f3n web sobre el framework Django Python con una base de datos PostgreSQL o MySQL. En Nautobot 1.x y 2.0.x anteriores a 1.6.7 y 2.0.6, se utilizan las URL `/files/get/?name=...` y `/files/download/?name=...` para proporcionar acceso de administrador a los archivos que se han cargado como parte de una solicitud de ejecuci\u00f3n para un trabajo que tiene entradas FileVar. En condiciones normales de funcionamiento, estos archivos son ef\u00edmeros y se eliminan una vez que se ejecuta el trabajo en cuesti\u00f3n. En la implementaci\u00f3n predeterminada utilizada en Nautobot, proporcionada por `django-db-file-storage`, estas URL no requieren de forma predeterminada ninguna autenticaci\u00f3n de usuario para acceder; en su lugar, deber\u00edan restringirse \u00fanicamente a los usuarios que tengan permisos para ver las instancias del modelo `FileProxy` de Nautobot. Tenga en cuenta que no se proporciona ning\u00fan mecanismo de URL para enumerar o recorrer los valores de \"nombre\" de archivos disponibles, por lo que en la pr\u00e1ctica un usuario no autenticado tendr\u00eda que adivinar nombres para descubrir archivos arbitrarios para descargar, pero si un usuario conoce el nombre del archivo/valor de ruta, pueden acceder a \u00e9l sin autenticarse, por lo que consideramos esto una vulnerabilidad. Las correcciones se incluyen en Nautobot 1.6.7 y Nautobot 2.0.6. No hay workarounds disponibles aparte de aplicar los parches incluidos en esas versiones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,30 +80,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "1.6.7",
"matchCriteriaId": "BCAD089B-3887-4A3D-9CA2-E41E228AE00D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.6",
"matchCriteriaId": "CA18E157-199E-4267-9090-0C8390B1DB98"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nautobot/nautobot/pull/4959",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nautobot/nautobot/pull/4964",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

61
CVE-2023/CVE-2023-503xx/CVE-2023-50368.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50368",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.530",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:51:37.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Averta Shortcodes and extra features for Phlox theme permite almacenar XSS. Este problema afecta a Shortcodes and extra features for Phlox theme: desde n/a hasta 2.15.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:shortcodes_and_extra_features_for_phlox_theme:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.15.2",
"matchCriteriaId": "4D9223C8-D32F-426B-97B1-C5EB3D8A7076"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auxin-elements/wordpress-shortcodes-and-extra-features-for-phlox-theme-plugin-2-15-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-503xx/CVE-2023-50369.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50369",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.793",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:57:46.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma \u2013 Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma \u2013 Pay in installments or later for WooCommerce: from n/a through 5.1.3.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Alma Alma \u2013 Pay in installments or later for WooCommerce permite almacenar XSS. Este problema afecta a Alma \u2013 Pay in installments or later for WooCommerce: desde n/a hasta 5.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:almapay:alma:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.3",
"matchCriteriaId": "33A55A96-6FA8-4E5E-A50E-6A401DA2FCCD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/alma-gateway-for-woocommerce/wordpress-alma-plugin-5-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-504xx/CVE-2023-50495.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50495",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.867",
"lastModified": "2023-12-14T20:37:40.283",
"lastModified": "2023-12-18T18:30:24.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]

73
CVE-2023/CVE-2023-507xx/CVE-2023-50764.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50764",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.737",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:27:13.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system."
},
{
"lang": "es",
"value": "El complemento Jenkins Scriptler 342.v6a_89fd40f466 y anteriores no restringe un par\u00e1metro de consulta de nombre de archivo en un endpoint HTTP, lo que permite a atacantes con permiso Scriptler/Configure eliminar archivos arbitrarios en el sistema de archivos del controlador Jenkins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:scriptler:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "342.v6a_89fd40f466",
"matchCriteriaId": "1893B161-24C0-44C0-A7C7-15EA4B0485A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3205",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50765.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50765",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.797",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:22:39.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID."
},
{
"lang": "es",
"value": "Una verificaci\u00f3n de permiso faltante en el complemento Jenkins Scriptler 342.v6a_89fd40f466 y anteriores permite a atacantes con permiso general/lectura leer el contenido de un script Groovy conociendo su ID."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:scriptler:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "342.v6a_89fd40f466",
"matchCriteriaId": "1893B161-24C0-44C0-A7C7-15EA4B0485A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3206",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50766.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50766",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.840",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:20:37.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site request forgery (CSRF) en Jenkins Nexus Platform Plugin 3.18.0-03 y versiones anteriores permite a los atacantes enviar una solicitud HTTP a una URL especificada por el atacante y analizar la respuesta como XML."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:nexus_platform:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.18.0-03",
"matchCriteriaId": "3149703A-0161-4E92-8E3F-2F8B2B862EDE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3204",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50767.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50767",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.890",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:19:52.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML."
},
{
"lang": "es",
"value": "Las comprobaciones de permisos faltantes en el complemento de plataforma Jenkins Nexus 3.18.0-03 y versiones anteriores permiten a los atacantes con permiso general/lectura enviar una solicitud HTTP a una URL especificada por el atacante y analizar la respuesta como XML."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:nexus_platform:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.18.0-03",
"matchCriteriaId": "3149703A-0161-4E92-8E3F-2F8B2B862EDE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3204",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50768.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50768",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.943",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:18:11.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site request forgery (CSRF) en Jenkins Nexus Platform Plugin 3.18.0-03 y versiones anteriores permite a los atacantes conectarse a un servidor HTTP especificado por el atacante utilizando ID de credenciales especificadas por el atacante obtenidas a trav\u00e9s de otro m\u00e9todo, capturando las credenciales almacenadas en Jenkins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:nexus_platform:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.18.0-03",
"matchCriteriaId": "3149703A-0161-4E92-8E3F-2F8B2B862EDE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3203",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50769.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50769",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.990",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:17:24.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
},
{
"lang": "es",
"value": "Las comprobaciones de permisos faltantes en Jenkins Nexus Platform Plugin 3.18.0-03 y versiones anteriores permiten a los atacantes con permiso general/lectura conectarse a un servidor HTTP especificado por el atacante utilizando ID de credenciales especificadas por el atacante obtenidas a trav\u00e9s de otro m\u00e9todo, capturando las credenciales almacenadas en Jenkins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:nexus_platform:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.18.0-03",
"matchCriteriaId": "3149703A-0161-4E92-8E3F-2F8B2B862EDE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3203",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50770.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50770",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.040",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:08:39.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins."
},
{
"lang": "es",
"value": "El complemento de autenticaci\u00f3n OpenId Connect de Jenkins 2.6 y versiones anteriores almacena una contrase\u00f1a de una cuenta de usuario local utilizada como funci\u00f3n antibloqueo en un formato recuperable, lo que permite a los atacantes con acceso al sistema de archivos del controlador de Jenkins recuperar la contrase\u00f1a de texto plano de esa cuenta, probablemente obteniendo acceso de administrador a Jenkins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:openid:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.6",
"matchCriteriaId": "518C412D-D1E5-4921-8035-DC8709845CA9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50771.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50771",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.090",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:59:04.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks."
},
{
"lang": "es",
"value": "El complemento de autenticaci\u00f3n OpenId Connect de Jenkins 2.6 y versiones anteriores determina incorrectamente que una URL de redireccionamiento despu\u00e9s de iniciar sesi\u00f3n apunta leg\u00edtimamente a Jenkins, lo que permite a los atacantes realizar ataques de phishing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:openid:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.6",
"matchCriteriaId": "518C412D-D1E5-4921-8035-DC8709845CA9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-2979",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-507xx/CVE-2023-50772.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50772",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.137",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:12:57.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system."
},
{
"lang": "es",
"value": "Jenkins Dingding JSON Pusher Plugin 2.0 y versiones anteriores almacenan tokens de acceso sin cifrar en archivos job config.xml en el controlador Jenkins, donde pueden ser vistos por usuarios con el permiso de elemento/lectura extendida o acceso al sistema de archivos del controlador Jenkins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:dingding_json_pusher:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "1B26269C-45E4-4455-923A-013E6F36AAC1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-66xx/CVE-2023-6691.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6691",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-18T18:15:08.120",
"lastModified": "2023-12-18T18:15:08.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nCambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

71
CVE-2023/CVE-2023-67xx/CVE-2023-6710.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6710",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-12T22:15:22.950",
"lastModified": "2023-12-13T01:50:36.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:15:41.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en mod_proxy_cluster en el servidor Apache. Este problema puede permitir que un usuario malintencionado agregue un script en el par\u00e1metro 'alias' de la URL para activar la vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Al agregar un script en el par\u00e1metro alias en la URL, agrega un nuevo host virtual y agrega el script a la p\u00e1gina del administrador del cl\u00faster. El impacto de esta vulnerabilidad se considera bajo, ya que la URL cluster_manager no debe exponerse al exterior y est\u00e1 protegida por usuario/contrase\u00f1a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:modcluster:mod_proxy_cluster:-:*:*:*:*:*:*:*",
"matchCriteriaId": "372FE519-9030-408F-895D-750B210515F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6710",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254128",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-67xx/CVE-2023-6718.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6718",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T09:15:34.780",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:39:26.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:europeana:repox:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4CFB07-33A3-44FB-A484-9C23CD4AA5B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-67xx/CVE-2023-6719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6719",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.070",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:47:32.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:europeana:repox:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4CFB07-33A3-44FB-A484-9C23CD4AA5B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-67xx/CVE-2023-6720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6720",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.403",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:45:01.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:europeana:repox:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4CFB07-33A3-44FB-A484-9C23CD4AA5B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-67xx/CVE-2023-6721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6721",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.793",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:40:58.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:europeana:repox:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4CFB07-33A3-44FB-A484-9C23CD4AA5B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-67xx/CVE-2023-6722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6722",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:12.150",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T17:33:10.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:europeana:repox:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4CFB07-33A3-44FB-A484-9C23CD4AA5B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-67xx/CVE-2023-6771.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6771",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T19:15:08.257",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:57:14.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Simple Student Attendance System 1.0 y clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n save_attendance del archivo action.class.php. La manipulaci\u00f3n del argumento sid conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-247907."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247907",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.247907",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

66
CVE-2023/CVE-2023-67xx/CVE-2023-6772.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6772",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T19:15:08.513",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:56:31.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en OTCMS 7.01 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/ind_backstage.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento sqlContent conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247908."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otcms:otcms:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "18E47DA7-DFAF-4D23-A3F5-3C1631975FA1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Num-Nine/CVE/issues/8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247908",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.247908",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2023/CVE-2023-67xx/CVE-2023-6778.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6778",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-18T15:15:10.030",
"lastModified": "2023-12-18T16:15:10.970",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

97
CVE-2023/CVE-2023-67xx/CVE-2023-6789.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6789",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:08.777",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:54:39.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectura y escritura autenticado malicioso almacenar un payload de JavaScript mediante la interfaz web. Luego, cuando la ve un administrador autenticado correctamente, la payload de JavaScript se ejecuta y disfraza todas las acciones asociadas tal como las realiza ese administrador autenticado desprevenido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.26",
"matchCriteriaId": "E37C0550-B96B-4A7F-A330-F2D7F4756D8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.17",
"matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.17",
"matchCriteriaId": "9F9FFBA6-7008-422B-9CF1-E37CA62081EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.11",
"matchCriteriaId": "77695C8C-9732-4605-A160-A5159BD8B49C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"versionEndExcluding": "10.2.5",
"matchCriteriaId": "831B815F-436B-40D2-AFBA-9BE7275C2BEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.2",
"matchCriteriaId": "8A69845B-51CA-4612-BCBA-96EF92F01D2F"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6789",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-67xx/CVE-2023-6790.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6790",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.030",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:53:56.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator\u2019s browser when they view a specifically crafted link to the PAN-OS web interface."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace espec\u00edficamente manipulado a la interfaz web de PAN-OS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.25",
"matchCriteriaId": "5C73941F-EBEE-4A03-94A4-B4C7C96E4963"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.17",
"matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.16",
"matchCriteriaId": "56181B13-327B-4249-A7E8-246B2420CEFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.12",
"matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.9",
"matchCriteriaId": "18EE46C0-B863-4AE4-833C-05030D8AD1AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"versionEndExcluding": "10.2.4",
"matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3693A5-182E-4723-BE2A-062D0C9E736C"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6790",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-67xx/CVE-2023-6791.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6791",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.337",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:53:38.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de credenciales en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado de solo lectura obtener las credenciales en texto plano de integraciones de sistemas externos almacenados, como LDAP, SCP, RADIUS, TACACS+ y SNMP desde la interfaz web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.24",
"matchCriteriaId": "F7D77695-CFDE-4BAE-8C8B-E389CC5C7A3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.17",
"matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.16",
"matchCriteriaId": "56181B13-327B-4249-A7E8-246B2420CEFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.12",
"matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.9",
"matchCriteriaId": "18EE46C0-B863-4AE4-833C-05030D8AD1AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"versionEndExcluding": "10.2.4",
"matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3693A5-182E-4723-BE2A-062D0C9E736C"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6791",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-67xx/CVE-2023-6792.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6792",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.640",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:51:58.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la API XML del software PAN-OS de Palo Alto Networks permite a un usuario de API autenticado interrumpir los procesos del sistema y potencialmente ejecutar c\u00f3digo arbitrario con privilegios limitados en el firewall."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.24",
"matchCriteriaId": "F7D77695-CFDE-4BAE-8C8B-E389CC5C7A3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.17",
"matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.15",
"matchCriteriaId": "88CE0E44-13FF-4FD0-94D2-0C0823A7A70E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.12",
"matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.6",
"matchCriteriaId": "E6EB81D3-ADC7-4114-8FFB-C15780239391"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6792",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-67xx/CVE-2023-6793.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6793",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.937",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:45:24.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage."
},
{
"lang": "es",
"value": "Vulnerabilidad de administraci\u00f3n de privilegios inadecuada en el software PAN-OS de Palo Alto Networks permite a un administrador de solo lectura autenticado revocar claves API XML activas desde el firewall e interrumpir el uso de la API XML."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.17",
"matchCriteriaId": "9F9FFBA6-7008-422B-9CF1-E37CA62081EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndIncluding": "10.0.12",
"matchCriteriaId": "A053B9A3-9096-4B0D-B68A-CC1B920CFA08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.11",
"matchCriteriaId": "77695C8C-9732-4605-A160-A5159BD8B49C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"versionEndExcluding": "10.2.5",
"matchCriteriaId": "831B815F-436B-40D2-AFBA-9BE7275C2BEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.2",
"matchCriteriaId": "8A69845B-51CA-4612-BCBA-96EF92F01D2F"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6793",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-67xx/CVE-2023-6794.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6794",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:10.240",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:43:03.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos arbitraria en el software PAN-OS de Palo Alto Networks permite que un administrador de lectura y escritura autenticado con acceso a la interfaz web interrumpa los procesos del sistema y potencialmente ejecute c\u00f3digo arbitrario con privilegios limitados en el firewall."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.26",
"matchCriteriaId": "E37C0550-B96B-4A7F-A330-F2D7F4756D8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.17",
"matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.14",
"matchCriteriaId": "D457521C-1D9D-46C2-A1EE-3999A1F054A1"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6794",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-67xx/CVE-2023-6795.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6795",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:10.537",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-18T18:41:04.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado interrumpir los procesos del sistema y potencialmente ejecutar c\u00f3digo arbitrario con privilegios limitados en el firewall."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.24",
"matchCriteriaId": "F7D77695-CFDE-4BAE-8C8B-E389CC5C7A3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.17",
"matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.12",
"matchCriteriaId": "0140F71E-9AAC-4B20-BBFA-B8849549508F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.9",
"matchCriteriaId": "836DEF3F-FD44-40AD-83D3-E808AFEC3A4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.3",
"matchCriteriaId": "40AFDDF3-0AB4-4A18-93E9-01EE5BDE9D2E"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6795",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-68xx/CVE-2023-6817.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6817",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-18T15:15:10.210",
"lastModified": "2023-12-18T15:15:10.210",
"vulnStatus": "Received",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

15
CVE-2023/CVE-2023-69xx/CVE-2023-6920.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-6920",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T17:15:11.673",
"lastModified": "2023-12-18T17:15:11.673",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This flaw was found to be a duplicate of CVE-2023-6927. Please see https://access.redhat.com/security/cve/CVE-2023-6927 for information about affected products and security errata."
}
],
"metrics": {},
"references": []
}

90
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-18T17:00:25.230526+00:00
2023-12-18T19:00:24.329154+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-18T16:48:32.017000+00:00
2023-12-18T19:00:10.557000+00:00
```
### Last Data Feed Release
@ -29,69 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233618
233623
```
### CVEs added in the last Commit
Recently added CVEs: `46`
Recently added CVEs: `5`
* [CVE-2023-50979](CVE-2023/CVE-2023-509xx/CVE-2023-50979.json) (`2023-12-18T04:15:50.970`)
* [CVE-2023-50980](CVE-2023/CVE-2023-509xx/CVE-2023-50980.json) (`2023-12-18T04:15:51.067`)
* [CVE-2023-3430](CVE-2023/CVE-2023-34xx/CVE-2023-3430.json) (`2023-12-18T14:15:08.113`)
* [CVE-2023-3628](CVE-2023/CVE-2023-36xx/CVE-2023-3628.json) (`2023-12-18T14:15:08.323`)
* [CVE-2023-3629](CVE-2023/CVE-2023-36xx/CVE-2023-3629.json) (`2023-12-18T14:15:08.557`)
* [CVE-2023-47038](CVE-2023/CVE-2023-470xx/CVE-2023-47038.json) (`2023-12-18T14:15:08.933`)
* [CVE-2023-4320](CVE-2023/CVE-2023-43xx/CVE-2023-4320.json) (`2023-12-18T14:15:09.830`)
* [CVE-2023-5056](CVE-2023/CVE-2023-50xx/CVE-2023-5056.json) (`2023-12-18T14:15:10.133`)
* [CVE-2023-5115](CVE-2023/CVE-2023-51xx/CVE-2023-5115.json) (`2023-12-18T14:15:10.500`)
* [CVE-2023-5236](CVE-2023/CVE-2023-52xx/CVE-2023-5236.json) (`2023-12-18T14:15:10.917`)
* [CVE-2023-5384](CVE-2023/CVE-2023-53xx/CVE-2023-5384.json) (`2023-12-18T14:15:11.360`)
* [CVE-2023-6228](CVE-2023/CVE-2023-62xx/CVE-2023-6228.json) (`2023-12-18T14:15:11.840`)
* [CVE-2023-46177](CVE-2023/CVE-2023-461xx/CVE-2023-46177.json) (`2023-12-18T15:15:08.920`)
* [CVE-2023-49840](CVE-2023/CVE-2023-498xx/CVE-2023-49840.json) (`2023-12-18T15:15:09.130`)
* [CVE-2023-49843](CVE-2023/CVE-2023-498xx/CVE-2023-49843.json) (`2023-12-18T15:15:09.330`)
* [CVE-2023-49844](CVE-2023/CVE-2023-498xx/CVE-2023-49844.json) (`2023-12-18T15:15:09.510`)
* [CVE-2023-49853](CVE-2023/CVE-2023-498xx/CVE-2023-49853.json) (`2023-12-18T15:15:09.707`)
* [CVE-2023-6817](CVE-2023/CVE-2023-68xx/CVE-2023-6817.json) (`2023-12-18T15:15:10.210`)
* [CVE-2023-33214](CVE-2023/CVE-2023-332xx/CVE-2023-33214.json) (`2023-12-18T16:15:09.597`)
* [CVE-2023-47787](CVE-2023/CVE-2023-477xx/CVE-2023-47787.json) (`2023-12-18T16:15:10.097`)
* [CVE-2023-47789](CVE-2023/CVE-2023-477xx/CVE-2023-47789.json) (`2023-12-18T16:15:10.313`)
* [CVE-2023-47806](CVE-2023/CVE-2023-478xx/CVE-2023-47806.json) (`2023-12-18T16:15:10.510`)
* [CVE-2023-48755](CVE-2023/CVE-2023-487xx/CVE-2023-48755.json) (`2023-12-18T16:15:10.693`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-18T16:15:10.897`)
* [CVE-2023-6778](CVE-2023/CVE-2023-67xx/CVE-2023-6778.json) (`2023-12-18T15:15:10.030`)
* [CVE-2023-6920](CVE-2023/CVE-2023-69xx/CVE-2023-6920.json) (`2023-12-18T17:15:11.673`)
* [CVE-2023-46617](CVE-2023/CVE-2023-466xx/CVE-2023-46617.json) (`2023-12-18T17:15:09.823`)
* [CVE-2023-48762](CVE-2023/CVE-2023-487xx/CVE-2023-48762.json) (`2023-12-18T17:15:10.033`)
* [CVE-2023-48766](CVE-2023/CVE-2023-487xx/CVE-2023-48766.json) (`2023-12-18T17:15:10.583`)
* [CVE-2023-6691](CVE-2023/CVE-2023-66xx/CVE-2023-6691.json) (`2023-12-18T18:15:08.120`)
### CVEs modified in the last Commit
Recently modified CVEs: `130`
Recently modified CVEs: `78`
* [CVE-2023-47576](CVE-2023/CVE-2023-475xx/CVE-2023-47576.json) (`2023-12-18T15:01:53.273`)
* [CVE-2023-38380](CVE-2023/CVE-2023-383xx/CVE-2023-38380.json) (`2023-12-18T15:08:30.293`)
* [CVE-2023-47577](CVE-2023/CVE-2023-475xx/CVE-2023-47577.json) (`2023-12-18T15:08:42.737`)
* [CVE-2023-36019](CVE-2023/CVE-2023-360xx/CVE-2023-36019.json) (`2023-12-18T15:09:16.643`)
* [CVE-2023-36012](CVE-2023/CVE-2023-360xx/CVE-2023-36012.json) (`2023-12-18T15:09:36.337`)
* [CVE-2023-47578](CVE-2023/CVE-2023-475xx/CVE-2023-47578.json) (`2023-12-18T15:09:42.753`)
* [CVE-2023-36011](CVE-2023/CVE-2023-360xx/CVE-2023-36011.json) (`2023-12-18T15:09:56.443`)
* [CVE-2023-6263](CVE-2023/CVE-2023-62xx/CVE-2023-6263.json) (`2023-12-18T15:15:09.893`)
* [CVE-2023-6893](CVE-2023/CVE-2023-68xx/CVE-2023-6893.json) (`2023-12-18T15:15:10.420`)
* [CVE-2023-6894](CVE-2023/CVE-2023-68xx/CVE-2023-6894.json) (`2023-12-18T15:15:10.507`)
* [CVE-2023-6895](CVE-2023/CVE-2023-68xx/CVE-2023-6895.json) (`2023-12-18T15:15:10.583`)
* [CVE-2023-47579](CVE-2023/CVE-2023-475xx/CVE-2023-47579.json) (`2023-12-18T15:16:31.467`)
* [CVE-2023-28121](CVE-2023/CVE-2023-281xx/CVE-2023-28121.json) (`2023-12-18T15:22:19.917`)
* [CVE-2023-36010](CVE-2023/CVE-2023-360xx/CVE-2023-36010.json) (`2023-12-18T15:22:36.253`)
* [CVE-2023-36009](CVE-2023/CVE-2023-360xx/CVE-2023-36009.json) (`2023-12-18T15:22:46.367`)
* [CVE-2023-36006](CVE-2023/CVE-2023-360xx/CVE-2023-36006.json) (`2023-12-18T15:23:01.860`)
* [CVE-2023-36005](CVE-2023/CVE-2023-360xx/CVE-2023-36005.json) (`2023-12-18T15:23:15.270`)
* [CVE-2023-36004](CVE-2023/CVE-2023-360xx/CVE-2023-36004.json) (`2023-12-18T15:23:26.950`)
* [CVE-2023-36003](CVE-2023/CVE-2023-360xx/CVE-2023-36003.json) (`2023-12-18T15:23:44.260`)
* [CVE-2023-46156](CVE-2023/CVE-2023-461xx/CVE-2023-46156.json) (`2023-12-18T15:24:08.413`)
* [CVE-2023-2434](CVE-2023/CVE-2023-24xx/CVE-2023-2434.json) (`2023-12-18T15:32:39.347`)
* [CVE-2023-46445](CVE-2023/CVE-2023-464xx/CVE-2023-46445.json) (`2023-12-18T16:15:09.930`)
* [CVE-2023-46446](CVE-2023/CVE-2023-464xx/CVE-2023-46446.json) (`2023-12-18T16:15:10.017`)
* [CVE-2023-50774](CVE-2023/CVE-2023-507xx/CVE-2023-50774.json) (`2023-12-18T16:37:28.133`)
* [CVE-2023-50773](CVE-2023/CVE-2023-507xx/CVE-2023-50773.json) (`2023-12-18T16:48:32.017`)
* [CVE-2023-48636](CVE-2023/CVE-2023-486xx/CVE-2023-48636.json) (`2023-12-18T18:36:06.153`)
* [CVE-2023-49743](CVE-2023/CVE-2023-497xx/CVE-2023-49743.json) (`2023-12-18T18:39:56.250`)
* [CVE-2023-49745](CVE-2023/CVE-2023-497xx/CVE-2023-49745.json) (`2023-12-18T18:40:10.603`)
* [CVE-2023-6795](CVE-2023/CVE-2023-67xx/CVE-2023-6795.json) (`2023-12-18T18:41:04.070`)
* [CVE-2023-45866](CVE-2023/CVE-2023-458xx/CVE-2023-45866.json) (`2023-12-18T18:41:28.947`)
* [CVE-2023-6794](CVE-2023/CVE-2023-67xx/CVE-2023-6794.json) (`2023-12-18T18:43:03.610`)
* [CVE-2023-6793](CVE-2023/CVE-2023-67xx/CVE-2023-6793.json) (`2023-12-18T18:45:24.643`)
* [CVE-2023-48443](CVE-2023/CVE-2023-484xx/CVE-2023-48443.json) (`2023-12-18T18:46:50.087`)
* [CVE-2023-48442](CVE-2023/CVE-2023-484xx/CVE-2023-48442.json) (`2023-12-18T18:47:00.583`)
* [CVE-2023-48441](CVE-2023/CVE-2023-484xx/CVE-2023-48441.json) (`2023-12-18T18:47:25.233`)
* [CVE-2023-48440](CVE-2023/CVE-2023-484xx/CVE-2023-48440.json) (`2023-12-18T18:47:36.650`)
* [CVE-2023-47065](CVE-2023/CVE-2023-470xx/CVE-2023-47065.json) (`2023-12-18T18:47:46.973`)
* [CVE-2023-47064](CVE-2023/CVE-2023-470xx/CVE-2023-47064.json) (`2023-12-18T18:47:57.593`)
* [CVE-2023-50368](CVE-2023/CVE-2023-503xx/CVE-2023-50368.json) (`2023-12-18T18:51:37.847`)
* [CVE-2023-6792](CVE-2023/CVE-2023-67xx/CVE-2023-6792.json) (`2023-12-18T18:51:58.967`)
* [CVE-2023-6791](CVE-2023/CVE-2023-67xx/CVE-2023-6791.json) (`2023-12-18T18:53:38.087`)
* [CVE-2023-6790](CVE-2023/CVE-2023-67xx/CVE-2023-6790.json) (`2023-12-18T18:53:56.697`)
* [CVE-2023-6789](CVE-2023/CVE-2023-67xx/CVE-2023-6789.json) (`2023-12-18T18:54:39.670`)
* [CVE-2023-6772](CVE-2023/CVE-2023-67xx/CVE-2023-6772.json) (`2023-12-18T18:56:31.197`)
* [CVE-2023-6771](CVE-2023/CVE-2023-67xx/CVE-2023-6771.json) (`2023-12-18T18:57:14.040`)
* [CVE-2023-46727](CVE-2023/CVE-2023-467xx/CVE-2023-46727.json) (`2023-12-18T18:57:31.453`)
* [CVE-2023-50369](CVE-2023/CVE-2023-503xx/CVE-2023-50369.json) (`2023-12-18T18:57:46.290`)
* [CVE-2023-46726](CVE-2023/CVE-2023-467xx/CVE-2023-46726.json) (`2023-12-18T18:59:15.213`)
* [CVE-2023-43813](CVE-2023/CVE-2023-438xx/CVE-2023-43813.json) (`2023-12-18T18:59:53.300`)
* [CVE-2023-47327](CVE-2023/CVE-2023-473xx/CVE-2023-47327.json) (`2023-12-18T19:00:10.557`)
## Download and Usage