admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-06T00:55:18.005457+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-06 00:55:21 +00:00
parent f5308eabe5
commit 3a8866e551
24 changed files with 2105 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
CVE-2023/CVE-2023-22xx/CVE-2023-2264.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2264",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:07.787",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:37:45.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Schweitzer Engineering Laboratories SEL-411L podr\u00eda permitir que un actor malintencionado manipule a los usuarios autorizados para que hagan clic en un enlace que podr\u00eda permitir un comportamiento no deseado. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,10 +80,117 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r118-v0",
"versionEndExcluding": "r118-v4",
"matchCriteriaId": "49894C1C-F351-48C1-9B0C-ADEF9F15967F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r119-v0",
"versionEndExcluding": "r119-v5",
"matchCriteriaId": "D50FA357-FD76-4D6E-BE33-F023EF8EA6D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r120-v0",
"versionEndExcluding": "r120-v6",
"matchCriteriaId": "F2C5D52B-BE58-41ED-9660-88FCD87EBBBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r121-v0",
"versionEndExcluding": "r121-v3",
"matchCriteriaId": "97CF37D0-9DF4-4277-A948-57D0677361DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r122-v0",
"versionEndExcluding": "r122-v3",
"matchCriteriaId": "5E81C049-DCDA-46D7-A3FD-337663171A4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r123-v0",
"versionEndExcluding": "r123-v3",
"matchCriteriaId": "6B30BA03-4595-4537-B88A-7DB8D4E565F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r124-v0",
"versionEndExcluding": "r124-v3",
"matchCriteriaId": "4A5DE8B0-BB5F-49E5-8039-6A7466E3265C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r125-v0",
"versionEndExcluding": "r125-v3",
"matchCriteriaId": "622B4133-6FDE-49D6-A768-ADFB0AB829A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r126-v0",
"versionEndExcluding": "r126-v4",
"matchCriteriaId": "B913BE75-D4F1-40C9-9450-C195C84E7EAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r127-v0",
"versionEndExcluding": "r127-v2",
"matchCriteriaId": "90C6D8F0-54F0-46CD-994C-524E9593EEE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r128-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "80116398-08C8-4571-B90D-E96530E0A17D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r129-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB9510-A827-4E5C-B41F-CCB38837BCFB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-411l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "775B0B13-EF38-4AAE-892D-975374673480"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

147
CVE-2023/CVE-2023-22xx/CVE-2023-2265.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2265",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:07.973",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:35:41.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n"
},
{
"lang": "es",
"value": "Una restricci\u00f3n inadecuada de las capas o marcos de la interfaz de usuario renderizados en el SEL-411L de Schweitzer Engineering Laboratories podr\u00eda permitir que un atacante no autenticado realice ataques basados en clickjacking contra un usuario autenticado y autorizado. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,10 +80,117 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r118-v0",
"versionEndExcluding": "r118-v4",
"matchCriteriaId": "49894C1C-F351-48C1-9B0C-ADEF9F15967F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r119-v0",
"versionEndExcluding": "r119-v5",
"matchCriteriaId": "D50FA357-FD76-4D6E-BE33-F023EF8EA6D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r120-v0",
"versionEndExcluding": "r120-v6",
"matchCriteriaId": "F2C5D52B-BE58-41ED-9660-88FCD87EBBBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r121-v0",
"versionEndExcluding": "r121-v3",
"matchCriteriaId": "97CF37D0-9DF4-4277-A948-57D0677361DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r122-v0",
"versionEndExcluding": "r122-v3",
"matchCriteriaId": "5E81C049-DCDA-46D7-A3FD-337663171A4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r123-v0",
"versionEndExcluding": "r123-v3",
"matchCriteriaId": "6B30BA03-4595-4537-B88A-7DB8D4E565F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r124-v0",
"versionEndExcluding": "r124-v3",
"matchCriteriaId": "4A5DE8B0-BB5F-49E5-8039-6A7466E3265C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r125-v0",
"versionEndExcluding": "r125-v3",
"matchCriteriaId": "622B4133-6FDE-49D6-A768-ADFB0AB829A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r126-v0",
"versionEndExcluding": "r126-v4",
"matchCriteriaId": "B913BE75-D4F1-40C9-9450-C195C84E7EAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r127-v0",
"versionEndExcluding": "r127-v2",
"matchCriteriaId": "90C6D8F0-54F0-46CD-994C-524E9593EEE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r128-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "80116398-08C8-4571-B90D-E96530E0A17D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r129-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB9510-A827-4E5C-B41F-CCB38837BCFB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-411l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "775B0B13-EF38-4AAE-892D-975374673480"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

147
CVE-2023/CVE-2023-22xx/CVE-2023-2266.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2266",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.170",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:35:24.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de una p\u00e1gina web en Schweitzer Engineering Laboratories SEL-411L podr\u00eda permitir a un atacante generar ataques basados en cross site scripting contra un usuario autorizado y autenticado. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,10 +80,117 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r118-v0",
"versionEndExcluding": "r118-v4",
"matchCriteriaId": "49894C1C-F351-48C1-9B0C-ADEF9F15967F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r119-v0",
"versionEndExcluding": "r119-v5",
"matchCriteriaId": "D50FA357-FD76-4D6E-BE33-F023EF8EA6D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r120-v0",
"versionEndExcluding": "r120-v6",
"matchCriteriaId": "F2C5D52B-BE58-41ED-9660-88FCD87EBBBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r121-v0",
"versionEndExcluding": "r121-v3",
"matchCriteriaId": "97CF37D0-9DF4-4277-A948-57D0677361DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r122-v0",
"versionEndExcluding": "r122-v3",
"matchCriteriaId": "5E81C049-DCDA-46D7-A3FD-337663171A4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r123-v0",
"versionEndExcluding": "r123-v3",
"matchCriteriaId": "6B30BA03-4595-4537-B88A-7DB8D4E565F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r124-v0",
"versionEndExcluding": "r124-v3",
"matchCriteriaId": "4A5DE8B0-BB5F-49E5-8039-6A7466E3265C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r125-v0",
"versionEndExcluding": "r125-v3",
"matchCriteriaId": "622B4133-6FDE-49D6-A768-ADFB0AB829A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r126-v0",
"versionEndExcluding": "r126-v4",
"matchCriteriaId": "B913BE75-D4F1-40C9-9450-C195C84E7EAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r127-v0",
"versionEndExcluding": "r127-v2",
"matchCriteriaId": "90C6D8F0-54F0-46CD-994C-524E9593EEE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r128-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "80116398-08C8-4571-B90D-E96530E0A17D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r129-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB9510-A827-4E5C-B41F-CCB38837BCFB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-411l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "775B0B13-EF38-4AAE-892D-975374673480"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

147
CVE-2023/CVE-2023-22xx/CVE-2023-2267.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2267",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.347",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:35:10.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Schweitzer Engineering Laboratories SEL-411L podr\u00eda permitir a un atacante realizar ataques de reflexi\u00f3n contra un usuario autorizado y autenticado. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,10 +80,117 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r118-v0",
"versionEndExcluding": "r118-v4",
"matchCriteriaId": "49894C1C-F351-48C1-9B0C-ADEF9F15967F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r119-v0",
"versionEndExcluding": "r119-v5",
"matchCriteriaId": "D50FA357-FD76-4D6E-BE33-F023EF8EA6D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r120-v0",
"versionEndExcluding": "r120-v6",
"matchCriteriaId": "F2C5D52B-BE58-41ED-9660-88FCD87EBBBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r121-v0",
"versionEndExcluding": "r121-v3",
"matchCriteriaId": "97CF37D0-9DF4-4277-A948-57D0677361DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r122-v0",
"versionEndExcluding": "r122-v3",
"matchCriteriaId": "5E81C049-DCDA-46D7-A3FD-337663171A4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r123-v0",
"versionEndExcluding": "r123-v3",
"matchCriteriaId": "6B30BA03-4595-4537-B88A-7DB8D4E565F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r124-v0",
"versionEndExcluding": "r124-v3",
"matchCriteriaId": "4A5DE8B0-BB5F-49E5-8039-6A7466E3265C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r125-v0",
"versionEndExcluding": "r125-v3",
"matchCriteriaId": "622B4133-6FDE-49D6-A768-ADFB0AB829A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r126-v0",
"versionEndExcluding": "r126-v4",
"matchCriteriaId": "B913BE75-D4F1-40C9-9450-C195C84E7EAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r127-v0",
"versionEndExcluding": "r127-v2",
"matchCriteriaId": "90C6D8F0-54F0-46CD-994C-524E9593EEE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r128-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "80116398-08C8-4571-B90D-E96530E0A17D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r129-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB9510-A827-4E5C-B41F-CCB38837BCFB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-411l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "775B0B13-EF38-4AAE-892D-975374673480"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-245xx/CVE-2023-24547.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24547",
"sourceIdentifier": "psirt@arista.com",
"published": "2023-12-06T00:15:07.030",
"lastModified": "2023-12-06T00:15:07.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device\u2019s running config. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@arista.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090",
"source": "psirt@arista.com"
}
]
}

152
CVE-2023/CVE-2023-311xx/CVE-2023-31176.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31176",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.520",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:34:55.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.\u00a0\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de entrop\u00eda insuficiente en Schweitzer Engineering Laboratories SEL-451 podr\u00eda permitir que un atacante remoto no autenticado utilice tokens de sesi\u00f3n de fuerza bruta y eluda la autenticaci\u00f3n. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-331"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,14 +80,124 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r315-v0",
"versionEndExcluding": "r315-v4",
"matchCriteriaId": "567CA071-8A2D-40DD-A3DF-0FD73739476F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r316-v0",
"versionEndExcluding": "r316-v4",
"matchCriteriaId": "EE50B5EC-2A69-4EA9-A16D-5A0BF38D2861"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r317-v0",
"versionEndExcluding": "r317-v4",
"matchCriteriaId": "D9D6B6F3-8D35-46B5-879C-26F22ED4AA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r318-v0",
"versionEndExcluding": "r318-v5",
"matchCriteriaId": "5DC6FE46-8B20-47D6-8A88-1708978C49D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r320-v0",
"versionEndExcluding": "r320-v3",
"matchCriteriaId": "9E3E5B0A-E01A-4A5B-894C-DF83E4E5B23F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r321-v0",
"versionEndExcluding": "r321-v3",
"matchCriteriaId": "7505AF51-82AF-4145-B794-CA0B5048DD7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r322-v0",
"versionEndExcluding": "r322-v3",
"matchCriteriaId": "6F092F10-4440-4FC4-8B0B-44B86F1742B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r323-v0",
"versionEndExcluding": "r323-v5",
"matchCriteriaId": "B80DF635-298D-45B6-A5F7-71386587E6A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r324-v0",
"versionEndExcluding": "r324-v4",
"matchCriteriaId": "3E9473AE-F0E1-49A2-BD2E-CEAC21B5CF9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r325-v0",
"versionEndExcluding": "r325-v3",
"matchCriteriaId": "77E42746-C95B-476B-8734-0DE9FA1C611C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r326-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF1EF31-FFF7-4A3B-8A9F-2BD4CC355CD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r327-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C7EDD0-52E2-45E7-975C-B194F2902F5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-451:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBDB9B5-DAF0-4A78-88E3-1EB6486F8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

152
CVE-2023/CVE-2023-311xx/CVE-2023-31177.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31177",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:08.763",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:34:19.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Input During Web Page Generation\u00a0 ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\"Cross-site Scripting\") en Schweitzer Engineering Laboratories SEL-451 podr\u00eda permitir a un atacante crear un enlace que podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema de una v\u00edctima. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,14 +80,124 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r315-v0",
"versionEndExcluding": "r315-v4",
"matchCriteriaId": "567CA071-8A2D-40DD-A3DF-0FD73739476F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r316-v0",
"versionEndExcluding": "r316-v4",
"matchCriteriaId": "EE50B5EC-2A69-4EA9-A16D-5A0BF38D2861"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r317-v0",
"versionEndExcluding": "r317-v4",
"matchCriteriaId": "D9D6B6F3-8D35-46B5-879C-26F22ED4AA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r318-v0",
"versionEndExcluding": "r318-v5",
"matchCriteriaId": "5DC6FE46-8B20-47D6-8A88-1708978C49D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r320-v0",
"versionEndExcluding": "r320-v3",
"matchCriteriaId": "9E3E5B0A-E01A-4A5B-894C-DF83E4E5B23F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r321-v0",
"versionEndExcluding": "r321-v3",
"matchCriteriaId": "7505AF51-82AF-4145-B794-CA0B5048DD7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r322-v0",
"versionEndExcluding": "r322-v3",
"matchCriteriaId": "6F092F10-4440-4FC4-8B0B-44B86F1742B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r323-v0",
"versionEndExcluding": "r323-v5",
"matchCriteriaId": "B80DF635-298D-45B6-A5F7-71386587E6A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r324-v0",
"versionEndExcluding": "r324-v4",
"matchCriteriaId": "3E9473AE-F0E1-49A2-BD2E-CEAC21B5CF9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r325-v0",
"versionEndExcluding": "r325-v3",
"matchCriteriaId": "77E42746-C95B-476B-8734-0DE9FA1C611C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r326-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF1EF31-FFF7-4A3B-8A9F-2BD4CC355CD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r327-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C7EDD0-52E2-45E7-975C-B194F2902F5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-451:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBDB9B5-DAF0-4A78-88E3-1EB6486F8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-340xx/CVE-2023-34018.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34018",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T17:15:08.940",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:34:10.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en SoundCloud Inc. SoundCloud Shortcode permite almacenar XSS. Este problema afecta a SoundCloud Shortcode: desde n/a hasta 3.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:soundcloud:soundcloud_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "8B7FBD3A-834F-42A1-8DAA-DF814DE30C42"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/soundcloud-shortcode/wordpress-soundcloud-shortcode-plugin-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

152
CVE-2023/CVE-2023-343xx/CVE-2023-34388.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34388",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:09.133",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:33:56.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n incorrecta en Schweitzer Engineering Laboratories SEL-451 podr\u00eda permitir que un atacante remoto no autenticado realice potencialmente un ataque de secuestro de sesi\u00f3n y omita la autenticaci\u00f3n. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,14 +80,124 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r315-v0",
"versionEndExcluding": "r315-v4",
"matchCriteriaId": "567CA071-8A2D-40DD-A3DF-0FD73739476F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r316-v0",
"versionEndExcluding": "r316-v4",
"matchCriteriaId": "EE50B5EC-2A69-4EA9-A16D-5A0BF38D2861"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r317-v0",
"versionEndExcluding": "r317-v4",
"matchCriteriaId": "D9D6B6F3-8D35-46B5-879C-26F22ED4AA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r318-v0",
"versionEndExcluding": "r318-v5",
"matchCriteriaId": "5DC6FE46-8B20-47D6-8A88-1708978C49D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r320-v0",
"versionEndExcluding": "r320-v3",
"matchCriteriaId": "9E3E5B0A-E01A-4A5B-894C-DF83E4E5B23F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r321-v0",
"versionEndExcluding": "r321-v3",
"matchCriteriaId": "7505AF51-82AF-4145-B794-CA0B5048DD7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r322-v0",
"versionEndExcluding": "r322-v3",
"matchCriteriaId": "6F092F10-4440-4FC4-8B0B-44B86F1742B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r323-v0",
"versionEndExcluding": "r323-v5",
"matchCriteriaId": "B80DF635-298D-45B6-A5F7-71386587E6A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r324-v0",
"versionEndExcluding": "r324-v4",
"matchCriteriaId": "3E9473AE-F0E1-49A2-BD2E-CEAC21B5CF9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r325-v0",
"versionEndExcluding": "r325-v3",
"matchCriteriaId": "77E42746-C95B-476B-8734-0DE9FA1C611C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r326-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF1EF31-FFF7-4A3B-8A9F-2BD4CC355CD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r327-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C7EDD0-52E2-45E7-975C-B194F2902F5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-451:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBDB9B5-DAF0-4A78-88E3-1EB6486F8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

152
CVE-2023/CVE-2023-343xx/CVE-2023-34389.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34389",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:09.380",
"lastModified": "2023-11-30T17:30:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:33:35.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
},
{
"lang": "es",
"value": "Una asignaci\u00f3n de recursos sin l\u00edmites o vulnerabilidad de limitaci\u00f3n en Schweitzer Engineering Laboratories SEL-451 podr\u00eda permitir que un atacante autenticado remoto haga que el sistema no est\u00e9 disponible por un per\u00edodo de tiempo indefinido. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,14 +80,124 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r315-v0",
"versionEndExcluding": "r315-v4",
"matchCriteriaId": "567CA071-8A2D-40DD-A3DF-0FD73739476F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r316-v0",
"versionEndExcluding": "r316-v4",
"matchCriteriaId": "EE50B5EC-2A69-4EA9-A16D-5A0BF38D2861"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r317-v0",
"versionEndExcluding": "r317-v4",
"matchCriteriaId": "D9D6B6F3-8D35-46B5-879C-26F22ED4AA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r318-v0",
"versionEndExcluding": "r318-v5",
"matchCriteriaId": "5DC6FE46-8B20-47D6-8A88-1708978C49D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r320-v0",
"versionEndExcluding": "r320-v3",
"matchCriteriaId": "9E3E5B0A-E01A-4A5B-894C-DF83E4E5B23F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r321-v0",
"versionEndExcluding": "r321-v3",
"matchCriteriaId": "7505AF51-82AF-4145-B794-CA0B5048DD7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r322-v0",
"versionEndExcluding": "r322-v3",
"matchCriteriaId": "6F092F10-4440-4FC4-8B0B-44B86F1742B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r323-v0",
"versionEndExcluding": "r323-v5",
"matchCriteriaId": "B80DF635-298D-45B6-A5F7-71386587E6A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r324-v0",
"versionEndExcluding": "r324-v4",
"matchCriteriaId": "3E9473AE-F0E1-49A2-BD2E-CEAC21B5CF9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r325-v0",
"versionEndExcluding": "r325-v3",
"matchCriteriaId": "77E42746-C95B-476B-8734-0DE9FA1C611C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r326-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF1EF31-FFF7-4A3B-8A9F-2BD4CC355CD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r327-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C7EDD0-52E2-45E7-975C-B194F2902F5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-451:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBDB9B5-DAF0-4A78-88E3-1EB6486F8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

152
CVE-2023/CVE-2023-343xx/CVE-2023-34390.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34390",
"sourceIdentifier": "security@selinc.com",
"published": "2023-11-30T17:15:09.570",
"lastModified": "2023-11-30T17:30:19.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:33:16.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada en Schweitzer Engineering Laboratories SEL-451 podr\u00eda permitir que un atacante autenticado remoto cree una denegaci\u00f3n de servicio contra el sistema y bloquee los servicios. Consulte el Ap\u00e9ndice A del Manual de instrucciones del producto con fecha 20230830 para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@selinc.com",
"type": "Secondary",
@ -46,14 +80,124 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r315-v0",
"versionEndExcluding": "r315-v4",
"matchCriteriaId": "567CA071-8A2D-40DD-A3DF-0FD73739476F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r316-v0",
"versionEndExcluding": "r316-v4",
"matchCriteriaId": "EE50B5EC-2A69-4EA9-A16D-5A0BF38D2861"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r317-v0",
"versionEndExcluding": "r317-v4",
"matchCriteriaId": "D9D6B6F3-8D35-46B5-879C-26F22ED4AA2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r318-v0",
"versionEndExcluding": "r318-v5",
"matchCriteriaId": "5DC6FE46-8B20-47D6-8A88-1708978C49D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r320-v0",
"versionEndExcluding": "r320-v3",
"matchCriteriaId": "9E3E5B0A-E01A-4A5B-894C-DF83E4E5B23F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r321-v0",
"versionEndExcluding": "r321-v3",
"matchCriteriaId": "7505AF51-82AF-4145-B794-CA0B5048DD7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r322-v0",
"versionEndExcluding": "r322-v3",
"matchCriteriaId": "6F092F10-4440-4FC4-8B0B-44B86F1742B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r323-v0",
"versionEndExcluding": "r323-v5",
"matchCriteriaId": "B80DF635-298D-45B6-A5F7-71386587E6A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r324-v0",
"versionEndExcluding": "r324-v4",
"matchCriteriaId": "3E9473AE-F0E1-49A2-BD2E-CEAC21B5CF9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r325-v0",
"versionEndExcluding": "r325-v3",
"matchCriteriaId": "77E42746-C95B-476B-8734-0DE9FA1C611C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r326-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF1EF31-FFF7-4A3B-8A9F-2BD4CC355CD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:selinc:sel-451_firmware:r327-v0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C7EDD0-52E2-45E7-975C-B194F2902F5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:selinc:sel-451:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBDB9B5-DAF0-4A78-88E3-1EB6486F8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-378xx/CVE-2023-37890.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37890",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.267",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:40:24.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs.\u00a0Users with a role as low as a subscriber can view other customers.This issue affects KB Support \u2013 WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WPOmnia KB Support \u2013 WordPress Help Desk and Knowledge Base permite Accessing Functionality Not Properly Constrained by ACLs. Los usuarios con un rol tan bajo como suscriptor pueden ver a otros clientes. Este problema afecta a KB Support \u2013 WordPress Help Desk and Knowledge Base: desde n/a hasta 1.5.88."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liquidweb:kb_support:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.88",
"matchCriteriaId": "2F497D28-37E4-46DA-A55D-A1C21F137B60"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-399xx/CVE-2023-39921.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39921",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.463",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:40:06.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: from n/a through 4.6.19.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante Vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui permite XSS almacenado. Este problema afecta a Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: desde n/a hasta el 4.6.19."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amitzy:molongui:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.19",
"matchCriteriaId": "785B1705-9892-483D-BA4E-2DBEF0151642"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-author-box-for-authors-co-authors-multiple-authors-and-guest-authors-molongui-plugin-4-6-19-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-441xx/CVE-2023-44143.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44143",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.653",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:39:57.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.This issue affects Bamboo Columns: from n/a through 1.6.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en Bamboo Mcr Bamboo Columns permite almacenar XSS. Este problema afecta a Bamboo Columns: desde n/a hasta 1.6.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bamboo_mcr:bamboo_columns:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "D8D641C8-15EC-434C-A3B6-C59423FD4FE2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bamboo-columns/wordpress-bamboo-columns-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-456xx/CVE-2023-45609.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45609",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.843",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:39:46.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form \u2013 Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form \u2013 Custom Builder, Payment Form, and More: from n/a through 2.1.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en POWR.Io Contact Form \u2013 Custom Builder, Payment Form, and More permite almacenar XSS. Este problema afecta a POWR.Io Contact Form \u2013 Custom Builder, Payment Form, and More: desde n/a hasta 2.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:powr:powr_pack:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "F1362C9B-BE3B-489E-83D6-06414B51AD82"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/powr-pack/wordpress-powr-pack-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-460xx/CVE-2023-46086.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46086",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.037",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:39:07.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n/a through 3.4.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\"cross-site Scripting\") en SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin permite XSS reflejado. Este problema afecta a affiliate-toolkit \u2013 WordPress Affiliate Plugin: desde n/a hasta 3.4. 3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servit:affiliate-toolkit:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.4.3",
"matchCriteriaId": "D75FAB83-9E09-4536-9054-1661E0CA4274"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-plugin-3-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-483xx/CVE-2023-48328.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48328",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.227",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:38:56.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin \u2013 NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin \u2013 NextGEN Gallery: from n/a through 3.37.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Imagely WordPress Gallery Plugin \u2013 NextGEN Gallery permite Cross-Site Request Forgery. Este problema afecta a WordPress Gallery Plugin \u2013 NextGEN Gallery: desde n/a hasta 3.37."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.39",
"matchCriteriaId": "0BB8ED8B-A2AF-4B3F-BEF4-7735A33AF4A8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-487xx/CVE-2023-48754.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48754",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.420",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:38:46.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Wap Nepal Delete Post Revisions In WordPress permite Cross-Site Request Forgery. Este problema afecta a Delete Post Revisions In WordPress: desde n/a hasta 4.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wapnepal:delete_post_revisions:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6",
"matchCriteriaId": "BF153710-6560-4C8C-A1DF-CAC138769A3C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/delete-post-revisions-on-single-click/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-492xx/CVE-2023-49282.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-49282",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T23:15:07.063",
"lastModified": "2023-12-05T23:15:07.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application\u2019s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/microsoftgraph/msgraph-beta-sdk-php/compare/2.0.0...2.0.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/microsoftgraph/msgraph-sdk-php-core/compare/2.0.1...2.0.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/microsoftgraph/msgraph-sdk-php/compare/1.109.0...1.109.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/microsoftgraph/msgraph-sdk-php/security/advisories/GHSA-cgwq-6prq-8h9q",
"source": "security-advisories@github.com"
},
{
"url": "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-492xx/CVE-2023-49283.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-49283",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T23:15:07.323",
"lastModified": "2023-12-05T23:15:07.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php`. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application\u2019s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in version 2.0.2. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php` file, remove access to the /vendor directory, or disable the phpinfo function\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/microsoftgraph/msgraph-beta-sdk-php/compare/2.0.0...2.0.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/microsoftgraph/msgraph-sdk-php-core/compare/2.0.1...2.0.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/microsoftgraph/msgraph-sdk-php-core/security/advisories/GHSA-mhhp-c3cm-2r86",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/microsoftgraph/msgraph-sdk-php/compare/1.109.0...1.109.1",
"source": "security-advisories@github.com"
},
{
"url": "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"source": "security-advisories@github.com"
}
]
}

61
CVE-2023/CVE-2023-58xx/CVE-2023-5803.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5803",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.610",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:38:32.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin \u2013 Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin \u2013 Easy Listing Directories for WordPress: from n/a through 6.3.10.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Business Directory Team Business Directory Plugin \u2013 Easy Listing Directories for WordPress permite Cross-Site Request Forgery. Este problema afecta a Business Directory Plugin \u2013 Easy Listing Directories for WordPress: desde n/a hasta 6.3.10 ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.3.10",
"matchCriteriaId": "D3A354E8-4084-4CF7-B848-46A5DDB0D87A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-63xx/CVE-2023-6360.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6360",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-30T16:15:11.820",
"lastModified": "2023-11-30T17:12:39.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:38:20.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route."
},
{
"lang": "es",
"value": "El complemento 'My Calendar' de WordPress, versi\u00f3n &lt;3.4.22, se ve afectado por una vulnerabilidad de inyecci\u00f3n SQL no autenticada en los par\u00e1metros 'desde' y 'hasta' en la ruta de descanso '/my-calendar/v1/events'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joedolson:my_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.22",
"matchCriteriaId": "8BF95D5D-B9DB-43F5-B3AE-F2B13B491CE0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-40",
"source": "vulnreport@tenable.com"
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-64xx/CVE-2023-6461.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-6461",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-01T14:15:08.807",
"lastModified": "2023-12-01T14:49:03.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T00:32:46.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0."
},
{
"lang": "es",
"value": "Cross-site scripting (XSS) Reflejado en el repositorio de GitHub viliusle/minipaint antes de 4.14.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -46,14 +82,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:viliusle:minipaint:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.0",
"matchCriteriaId": "4BD5EC39-C1F0-4215-8BA2-67F68B35FD4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/viliusle/minipaint/commit/f22cb46515c91b1071d48fff3e6c9b92c9b3878c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/9a97d163-1738-4a09-b284-a04716e69dd0",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

45
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-05T23:00:18.343820+00:00
2023-12-06T00:55:18.005457+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-05T22:24:37.173000+00:00
2023-12-06T00:40:24.507000+00:00
```
### Last Data Feed Release
@ -29,31 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232366
232369
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `3`
* [CVE-2023-44221](CVE-2023/CVE-2023-442xx/CVE-2023-44221.json) (`2023-12-05T21:15:07.150`)
* [CVE-2023-46736](CVE-2023/CVE-2023-467xx/CVE-2023-46736.json) (`2023-12-05T21:15:07.243`)
* [CVE-2023-49297](CVE-2023/CVE-2023-492xx/CVE-2023-49297.json) (`2023-12-05T21:15:07.460`)
* [CVE-2023-5970](CVE-2023/CVE-2023-59xx/CVE-2023-5970.json) (`2023-12-05T21:15:07.667`)
* [CVE-2023-49282](CVE-2023/CVE-2023-492xx/CVE-2023-49282.json) (`2023-12-05T23:15:07.063`)
* [CVE-2023-49283](CVE-2023/CVE-2023-492xx/CVE-2023-49283.json) (`2023-12-05T23:15:07.323`)
* [CVE-2023-24547](CVE-2023/CVE-2023-245xx/CVE-2023-24547.json) (`2023-12-06T00:15:07.030`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `20`
* [CVE-2015-8751](CVE-2015/CVE-2015-87xx/CVE-2015-8751.json) (`2023-12-05T21:06:17.530`)
* [CVE-2023-45286](CVE-2023/CVE-2023-452xx/CVE-2023-45286.json) (`2023-12-05T21:06:03.273`)
* [CVE-2023-47848](CVE-2023/CVE-2023-478xx/CVE-2023-47848.json) (`2023-12-05T22:04:43.287`)
* [CVE-2023-47844](CVE-2023/CVE-2023-478xx/CVE-2023-47844.json) (`2023-12-05T22:05:16.770`)
* [CVE-2023-38400](CVE-2023/CVE-2023-384xx/CVE-2023-38400.json) (`2023-12-05T22:08:09.253`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-05T22:15:06.960`)
* [CVE-2023-4853](CVE-2023/CVE-2023-48xx/CVE-2023-4853.json) (`2023-12-05T22:15:07.133`)
* [CVE-2023-37868](CVE-2023/CVE-2023-378xx/CVE-2023-37868.json) (`2023-12-05T22:24:37.173`)
* [CVE-2023-6461](CVE-2023/CVE-2023-64xx/CVE-2023-6461.json) (`2023-12-06T00:32:46.240`)
* [CVE-2023-34390](CVE-2023/CVE-2023-343xx/CVE-2023-34390.json) (`2023-12-06T00:33:16.280`)
* [CVE-2023-34389](CVE-2023/CVE-2023-343xx/CVE-2023-34389.json) (`2023-12-06T00:33:35.097`)
* [CVE-2023-34388](CVE-2023/CVE-2023-343xx/CVE-2023-34388.json) (`2023-12-06T00:33:56.413`)
* [CVE-2023-34018](CVE-2023/CVE-2023-340xx/CVE-2023-34018.json) (`2023-12-06T00:34:10.727`)
* [CVE-2023-31177](CVE-2023/CVE-2023-311xx/CVE-2023-31177.json) (`2023-12-06T00:34:19.680`)
* [CVE-2023-31176](CVE-2023/CVE-2023-311xx/CVE-2023-31176.json) (`2023-12-06T00:34:55.520`)
* [CVE-2023-2267](CVE-2023/CVE-2023-22xx/CVE-2023-2267.json) (`2023-12-06T00:35:10.220`)
* [CVE-2023-2266](CVE-2023/CVE-2023-22xx/CVE-2023-2266.json) (`2023-12-06T00:35:24.197`)
* [CVE-2023-2265](CVE-2023/CVE-2023-22xx/CVE-2023-2265.json) (`2023-12-06T00:35:41.900`)
* [CVE-2023-2264](CVE-2023/CVE-2023-22xx/CVE-2023-2264.json) (`2023-12-06T00:37:45.223`)
* [CVE-2023-6360](CVE-2023/CVE-2023-63xx/CVE-2023-6360.json) (`2023-12-06T00:38:20.297`)
* [CVE-2023-5803](CVE-2023/CVE-2023-58xx/CVE-2023-5803.json) (`2023-12-06T00:38:32.907`)
* [CVE-2023-48754](CVE-2023/CVE-2023-487xx/CVE-2023-48754.json) (`2023-12-06T00:38:46.417`)
* [CVE-2023-48328](CVE-2023/CVE-2023-483xx/CVE-2023-48328.json) (`2023-12-06T00:38:56.337`)
* [CVE-2023-46086](CVE-2023/CVE-2023-460xx/CVE-2023-46086.json) (`2023-12-06T00:39:07.323`)
* [CVE-2023-45609](CVE-2023/CVE-2023-456xx/CVE-2023-45609.json) (`2023-12-06T00:39:46.357`)
* [CVE-2023-44143](CVE-2023/CVE-2023-441xx/CVE-2023-44143.json) (`2023-12-06T00:39:57.007`)
* [CVE-2023-39921](CVE-2023/CVE-2023-399xx/CVE-2023-39921.json) (`2023-12-06T00:40:06.827`)
* [CVE-2023-37890](CVE-2023/CVE-2023-378xx/CVE-2023-37890.json) (`2023-12-06T00:40:24.507`)
## Download and Usage