admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-19T21:00:24.455304+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-19 21:00:28 +00:00
parent f5d8924066
commit 3cfdbc45a2
51 changed files with 3211 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
CVE-2023/CVE-2023-256xx/CVE-2023-25648.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25648",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T07:15:07.180",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:25:23.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL\u00a0to execute command to escalate local privileges.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de permiso de carpeta d\u00e9bil en el producto ZXCLOUD iRAI de ZTE. Debido a un permiso de carpeta d\u00e9bil, un atacante con privilegios de usuario normales podr\u00eda construir una DLL falsa para ejecutar un comando para escalar los privilegios locales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.23.21",
"matchCriteriaId": "7D77687B-1273-46FC-8753-F7D351F3A9A3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584",
"source": "psirt@zte.com.cn"
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-256xx/CVE-2023-25650.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25650",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T07:15:07.783",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:24:52.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThere is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de descarga de archivos arbitrarios en ZXCLOUD iRAI. Dado que el backend no escapa a cadenas especiales ni restringe rutas, un atacante con permiso del usuario podr\u00eda acceder a la interfaz de descarga modificando el par\u00e1metro de solicitud, provocando descargas de archivos arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.23.30",
"matchCriteriaId": "07F5720E-BB8D-4E13-B24B-A5C61E435BDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032904",
"source": "psirt@zte.com.cn"
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-273xx/CVE-2023-27317.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27317",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-12-15T23:15:07.140",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:00:14.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a \nvulnerability which will cause all SAS-attached FIPS 140-2 drives to \nbecome unlocked after a system reboot or power cycle or a single \nSAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This\n could lead to disclosure of sensitive information to an attacker with \nphysical access to the unlocked drives. \n\n"
},
{
"lang": "es",
"value": "ONTAP 9 versiones 9.12.1P8, 9.13.1P4 y 9.13.1P5 son susceptibles a una vulnerabilidad que har\u00e1 que todas las unidades FIPS 140-2 conectadas a SAS se desbloqueen despu\u00e9s de reiniciar el sistema o reiniciar el sistema o un \u00fanico FIPS 140 conectado a SAS. -2 unidad para desbloquearse despu\u00e9s de la reinserci\u00f3n. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial a un atacante con acceso f\u00edsico a las unidades desbloqueadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -46,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.12.1:p8:*:*:*:*:*:*",
"matchCriteriaId": "2D9A4188-F120-4A47-BF32-5114D2782225"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.13.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "0FD66569-CEF3-480B-9234-DB0A32F20667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.13.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "54AABC18-1136-438F-AA7E-4D408347224D"
}
]
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20231215-0001/",
"source": "security-alert@netapp.com"
"source": "security-alert@netapp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-340xx/CVE-2023-34027.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34027",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.140",
"lastModified": "2023-12-19T20:15:07.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34382.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34382",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.340",
"lastModified": "2023-12-19T20:15:07.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in weDevs Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy.This issue affects Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-19-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

40
CVE-2023/CVE-2023-368xx/CVE-2023-36878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36878",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-15T01:15:07.780",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:31:24.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.2210.77",
"matchCriteriaId": "2B485672-68D3-43BE-8C01-9DF7FBF6E4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-384xx/CVE-2023-38478.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38478",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.527",
"lastModified": "2023-12-19T20:15:07.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-384xx/CVE-2023-38481.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38481",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.717",
"lastModified": "2023-12-19T20:15:07.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-406xx/CVE-2023-40602.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40602",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.920",
"lastModified": "2023-12-19T20:15:07.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-for-woocommerce-plugin-1-5-49-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

67
CVE-2023/CVE-2023-40xx/CVE-2023-4020.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4020",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-12-15T21:15:08.560",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:37:21.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory."
},
{
"lang": "es",
"value": "Una entrada no validada en una funci\u00f3n de librer\u00eda responsable de la comunicaci\u00f3n entre la memoria segura y no segura en la implementaci\u00f3n TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la regi\u00f3n segura de la memoria desde la regi\u00f3n no segura de la memoria."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "product-security@silabs.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "product-security@silabs.com",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "4.4.0",
"matchCriteriaId": "1CCF9CCF-153F-40B5-941A-A430C146C3BA"
}
]
}
]
}
],
"references": [
{
"url": "https://community.silabs.com/069Vm0000004b95IAA",
"source": "product-security@silabs.com"
"source": "product-security@silabs.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases",
"source": "product-security@silabs.com"
"source": "product-security@silabs.com",
"tags": [
"Release Notes"
]
}
]
}

92
CVE-2023/CVE-2023-411xx/CVE-2023-41151.json
View File

@ -2,19 +2,103 @@
"id": "CVE-2023-41151",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T19:15:16.193",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:48:30.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing."
},
{
"lang": "es",
"value": "Un problema de excepci\u00f3n no detectado descubierto en Softing OPC UA C++ SDK anterior a 6.30 para el sistema operativo Windows puede causar que la aplicaci\u00f3n falle cuando el servidor quiere enviar un paquete de error, mientras el socket est\u00e1 bloqueado al escribir."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.30",
"matchCriteriaId": "75A9054D-8442-4675-B4B3-CAD84C536C7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.20.1",
"matchCriteriaId": "F6E709EE-31CB-4788-9D60-F05A7BE1211D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.22",
"matchCriteriaId": "788D765F-4A20-49CC-BC97-483E69AB63C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-413xx/CVE-2023-41337.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41337",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:07.477",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:10:12.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent.\n\nThe attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening.\n\nOnce a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server.\n\nAn H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities.\n\nA patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones."
},
{
"lang": "es",
"value": "h2o es un servidor HTTP compatible con HTTP/1.x, HTTP/2 y HTTP/3. En la versi\u00f3n 2.3.0-beta2 y anteriores, cuando h2o est\u00e1 configurado para escuchar m\u00faltiples direcciones o puertos y cada uno de ellos usa diferentes servidores backend administrados por m\u00faltiples entidades, una entidad backend maliciosa que tambi\u00e9n tiene la oportunidad de observar o inyectar paquetes intercambiados entre el cliente y h2o pueden desviar las solicitudes HTTPS que van a otros backends y observar el contenido de esa solicitud HTTPS que se env\u00eda. El ataque implica que un cliente v\u00edctima intenta reanudar una conexi\u00f3n TLS y un atacante redirige los paquetes a una direcci\u00f3n o puerto diferente al previsto por el cliente. El atacante ya debe haber sido configurado por el administrador de h2o para actuar como backend de una de las direcciones o puertos que escucha la instancia de h2o. Los ID de sesi\u00f3n y los tickets generados por h2o no est\u00e1n vinculados a informaci\u00f3n espec\u00edfica de la direcci\u00f3n del servidor, el puerto o el certificado X.509 y, por lo tanto, es posible que un atacante fuerce la conexi\u00f3n de la v\u00edctima a reanudarse incorrectamente en una direcci\u00f3n de servidor o puerto diferente. en el que est\u00e1 escuchando la misma instancia de h2o. Una vez que una sesi\u00f3n TLS se dirige err\u00f3neamente para reanudarse a una direcci\u00f3n/puerto de servidor que est\u00e1 configurado para usar un servidor controlado por el atacante como backend, dependiendo de la configuraci\u00f3n, las solicitudes HTTPS del cliente v\u00edctima pueden reenviarse al servidor del atacante. Una instancia H2O es vulnerable a este ataque solo si la instancia est\u00e1 configurada para escuchar diferentes direcciones o puertos usando la directiva de escucha en el nivel de host y la instancia est\u00e1 configurada para conectarse a servidores backend administrados por m\u00faltiples entidades. Hay un parche disponible en el commit 35760540337a47e5150da0f4a66a609fad2ef0ab. Como workaround, se pueden dejar de utilizar directivas de escucha a nivel de host en favor de las de nivel global."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.6",
"matchCriteriaId": "3C540EDB-1F68-47E9-A457-B6BC1EB805D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "128D1D5E-4E71-4ABB-B580-F17E2B74B5F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E69DE676-300A-4A95-A04D-7463CA372799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/h2o/commit/35760540337a47e5150da0f4a66a609fad2ef0ab",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-5v5r-rghf-rm6q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41648.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41648",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:08.113",
"lastModified": "2023-12-19T20:15:08.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/login-and-logout-redirect/wordpress-login-and-logout-redirect-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-438xx/CVE-2023-43826.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43826",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T20:15:08.300",
"lastModified": "2023-12-19T20:15:08.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@apache.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6",
"source": "security@apache.org"
}
]
}

73
CVE-2023/CVE-2023-447xx/CVE-2023-44709.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-44709",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T06:15:42.743",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:09:19.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit PlutoSVG 336c02997277a1888e6ccbbbe674551a0582e5c4 y anteriores conten\u00eda un desbordamiento de enteros a trav\u00e9s del componente plutosvg_load_from_memory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sammycage:plutosvg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93DFAB49-4564-4F0C-8CFD-AF6696E7123C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2023-44709",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/sammycage/plutosvg/issues/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

55
CVE-2023/CVE-2023-451xx/CVE-2023-45105.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45105",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:08.530",
"lastModified": "2023-12-19T20:15:08.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n/a through 3.3.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-wordpress-affiliate-plugin-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

64
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48795",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T16:15:10.897",
"lastModified": "2023-12-19T05:15:08.540",
"lastModified": "2023-12-19T19:15:07.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31."
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31."
},
{
"lang": "es",
"value": "El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\u00f3n de extensi\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\u00f3n para la cual algunas caracter\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\u00eda haber efectos en Bitvise SSH hasta la versi\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023."
}
],
"metrics": {},
@ -32,6 +36,10 @@
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"source": "cve@mitre.org"
},
{
"url": "https://crates.io/crates/thrussh/versions",
"source": "cve@mitre.org"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"source": "cve@mitre.org"
@ -40,14 +48,30 @@
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"source": "cve@mitre.org"
@ -76,6 +100,14 @@
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mwiede/jsch/issues/457",
"source": "cve@mitre.org"
@ -92,6 +124,14 @@
"url": "https://github.com/paramiko/paramiko/issues/2337",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases",
"source": "cve@mitre.org"
@ -128,6 +168,10 @@
"url": "https://matt.ucc.asn.au/dropbear/CHANGES",
"source": "cve@mitre.org"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=38684904",
"source": "cve@mitre.org"
@ -136,6 +180,10 @@
"url": "https://news.ycombinator.com/item?id=38685286",
"source": "cve@mitre.org"
},
{
"url": "https://oryx-embedded.com/download/#changelog",
"source": "cve@mitre.org"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795",
"source": "cve@mitre.org"
@ -168,6 +216,14 @@
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"source": "cve@mitre.org"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/",
"source": "cve@mitre.org"
},
{
"url": "https://www.openssh.com/openbsd.html",
"source": "cve@mitre.org"
@ -180,6 +236,10 @@
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2",
"source": "cve@mitre.org"
},
{
"url": "https://www.paramiko.org/changelog.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"source": "cve@mitre.org"

51
CVE-2023/CVE-2023-491xx/CVE-2023-49151.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49151",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.450",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:15:38.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar \u2013 Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar \u2013 Google Calendar Plugin: from n/a through 3.2.6.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Simple Calendar Simple Calendar \u2013 Google Calendar Plugin permite almacenar XSS. Este problema afecta a Simple Calendar \u2013 Google Calendar Plugin: desde n/a hasta 3.2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sureswiftcapital:simple_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.8",
"matchCriteriaId": "D2525B82-663D-4869-A397-92E6BBCE16FE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49152.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49152",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.683",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:17:16.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Labs64 Credit Tracker permite almacenar XSS. Este problema afecta a Credit Tracker: desde n/a hasta 1.1.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:labs64:credit_tracker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.17",
"matchCriteriaId": "7D55D877-B298-4126-8B87-8B7C92799189"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/credit-tracker/wordpress-credit-tracker-plugin-1-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49157.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49157",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.877",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:19:07.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas M\u00fcnch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Andreas M\u00fcnch Multiple Post Passwords permite almacenar XSS. Este problema afecta a Multiple Post Passwords: desde n/a hasta 1.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:andreasmuench:multiple_post_passwords:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.2",
"matchCriteriaId": "8078EA3B-0A34-4B14-8FCE-7C045D1FF962"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multiple-post-passwords/wordpress-multiple-post-passwords-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49174.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49174",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.090",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:49:53.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en dFactory Responsive Lightbox & Gallery permite almacenar XSS. Este problema afecta a Responsive Lightbox & Gallery: desde n/a hasta 2.4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dfactory:responsive_lightbox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.6",
"matchCriteriaId": "1230E312-AFC3-464B-BEAC-3199C57758C3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/responsive-lightbox/wordpress-responsive-lightbox-plugin-2-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-491xx/CVE-2023-49175.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49175",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.287",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:50:17.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Kreativo Pro KP Fastest Tawk.To Chat permite almacenar XSS. Este problema afecta a KP Fastest Tawk.To Chat: desde n/a hasta 1.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kreativopro:kp_fastest_tawk.to_chat:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.1",
"matchCriteriaId": "06598788-9A41-4304-8624-E49CE247EDEA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kp-fastest-tawk-to-chat/wordpress-kp-fastest-tawk-to-chat-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49176.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49176",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.483",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:49:35.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en las URL de CodeRevolution WP Pocket permite el XSS reflejado. Este problema afecta a las URL de WP Pocket: desde n/a hasta 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coderevolution:wp_pocket_urls:1.0.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CD47A85C-8020-4DC4-A72E-988DBA290FE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coderevolution:wp_pocket_urls:1.0.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B986D04C-B2D1-4CA9-BA37-8FC038DED51E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-pocket-urls/wordpress-wp-pocket-urls-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49177.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49177",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.667",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:24:01.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Gilles Dumas, cuyo archivo de plantilla permite XSS Reflejado. Este problema afecta a qu\u00e9 archivo de plantilla: desde n/a hasta 4.9.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gillesdumas:which_template_file:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.9.0",
"matchCriteriaId": "67B3B5BC-6553-484E-8E49-87A74E5AE217"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/which-template-file/wordpress-which-template-file-plugin-4-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49180.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49180",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.240",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:47:54.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Ternstyle LLC Automatic Youtube Video Posts Plugin permite almacenar XSS. Este problema afecta a Automatic Youtube Video Posts Plugin: desde n/a hasta 5.2.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ternstyle:automatic_youtube_video_posts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.2.2",
"matchCriteriaId": "7BA2F847-C8D8-4B50-8A6B-10E025B103F7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/automatic-youtube-video-posts/wordpress-automatic-youtube-video-posts-plugin-plugin-5-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49181.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49181",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.430",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:25:34.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Event Manager WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce permite almacenar XSS. Este problema afecta a WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce: desde n/a hasta el 3.1.40."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-eventmanager:wp_event_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.40",
"matchCriteriaId": "AA604C1C-75D2-40D1-B523-AACE8CD4B1AA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49182.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49182",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.620",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:36:56.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Fabio Marzocca List all posts by Authors, nested Categories and Titles permite XSS reflejado. Este problema afecta a List all posts by Authors, nested Categories and Titles: desde n /a hasta el 2.7.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:marzocca:list_all_posts_by_authors_nested_categories_and_titles:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.7.10",
"matchCriteriaId": "9EDABE55-B2AC-42E4-967B-F464B4E53199"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/list-all-posts-by-authors-nested-categories-and-titles/wordpress-list-all-posts-by-authors-nested-categories-and-title-plugin-2-7-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49183.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49183",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.817",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:41:36.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NextScripts NextScripts: Social Networks Auto-Poster permite Reflected XSS. Este problema afecta a NextScripts: Social Networks Auto-Poster: desde n/a hasta 4.4.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextscripts:social_networks_auto_poster:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.4.2",
"matchCriteriaId": "023A6062-8005-4F22-B556-5D2A3BA4C065"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/social-networks-auto-poster-facebook-twitter-g/wordpress-nextscripts-social-networks-auto-poster-plugin-4-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49184.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49184",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.013",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:43:19.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WPDeveloper Parallax Slider Block permite almacenar XSS. Este problema afecta el Parallax Slider Block: desde n/a hasta 1.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:parallax_slider_block:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.4",
"matchCriteriaId": "136E1048-0E6A-486C-B8A4-23EDB60569CC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/parallax-slider-block/wordpress-parallax-slider-block-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-491xx/CVE-2023-49185.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49185",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.207",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:45:06.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Doofinder Doofinder WP & WooCommerce Search permite XSS Reflejado. Este problema afecta a Doofinder WP & WooCommerce Search: desde n/a hasta 2.1.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:doofinder:doofinder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.7",
"matchCriteriaId": "3E41287A-3D81-4BBC-AFDD-DF6FE5EDC878"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-wp-woocommerce-search-plugin-2-0-33-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49187.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49187",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.403",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:22:11.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Spoonthemes Adifier - Classified Ads WordPress Theme permite XSS reflejado. Este problema afecta a Adifier - Classified Ads WordPress Theme: desde n/a antes de 3.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spoonthemes:adifier:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "FA8FC617-4A22-443D-AF0B-9BE2C62040FE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/adifier/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49188.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49188",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:10.600",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:20:29.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en ZealousWeb Track Geolocation Of Users Using Contact Form 7 permite almacenar XSS. Este problema afecta a Track Geolocation Of Users Using Contact Form 7: desde n/a hasta 1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zealousweb:track_geolocation_of_users_using_contact_form_7:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4",
"matchCriteriaId": "F0221E43-234C-4894-B0F8-79B7587EBA67"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/track-geolocation-of-users-using-contact-form-7/wordpress-track-geolocation-of-users-using-contact-form-7-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-497xx/CVE-2023-49706.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-49706",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T19:15:07.800",
"lastModified": "2023-12-19T19:50:29.320",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal."
}
],
"metrics": {},
"references": [
{
"url": "https://linotp.org/CVE-2023-49706.txt",
"source": "cve@mitre.org"
},
{
"url": "https://linotp.org/security-update-linotp3-selfservice.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.linotp.org/news.html",
"source": "cve@mitre.org"
}
]
}

85
CVE-2023/CVE-2023-500xx/CVE-2023-50089.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-50089",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T17:15:12.780",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:51:17.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en NETGEAR WNR2000v4 versi\u00f3n 1.0.0.70. Cuando se utiliza HTTP para la autenticaci\u00f3n SOAP, la ejecuci\u00f3n del comando se produce durante el proceso despu\u00e9s de una autenticaci\u00f3n exitosa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:wnr2000_firmware:1.0.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "8B60ABCD-0AA5-480D-B56C-DAB3DE808729"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:wnr2000:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2913468-C442-48A3-8AD9-A2F3CCDD7952"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-502xx/CVE-2023-50264.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50264",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T21:15:08.753",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:37:45.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1."
},
{
"lang": "es",
"value": "Bazarr gestiona y descarga subt\u00edtulos. Antes de 1.3.1, Bazarr contiene un archivo arbitrario le\u00eddo en /system/backup/download/ endpoint en bazarr/app/ui.py no valida la variable de nombre de archivo controlada por el usuario y la usa en la funci\u00f3n send_file, lo que conduce a un archivo arbitrario le\u00eddo en el sistema. Este problema se solucion\u00f3 en la versi\u00f3n 1.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bazarr:bazarr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1",
"matchCriteriaId": "747D6F06-5FF5-45FD-A7BB-6C040B44B048"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-502xx/CVE-2023-50265.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50265",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T21:15:08.943",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:37:58.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1."
},
{
"lang": "es",
"value": "Bazarr gestiona y descarga subt\u00edtulos. Antes de 1.3.1, el endpoint /api/swaggerui/static en bazarr/app/ui.py no valida la variable de nombre de archivo controlada por el usuario y la usa en la funci\u00f3n send_file, lo que conduce a una lectura de archivo arbitraria en el sistema. Este problema se solucion\u00f3 en la versi\u00f3n 1.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bazarr:bazarr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1",
"matchCriteriaId": "747D6F06-5FF5-45FD-A7BB-6C040B44B048"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-502xx/CVE-2023-50266.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50266",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T21:15:09.147",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:38:21.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols."
},
{
"lang": "es",
"value": "Bazarr gestiona y descarga subt\u00edtulos. En la versi\u00f3n 1.2.4, el m\u00e9todo proxy en bazarr/bazarr/app/ui.py no valida el protocolo controlado por el usuario y las variables de URL y las pasa a request.get() sin ninguna sanitizaci\u00f3n, lo que conduce a blind server-side request forgery (SSRF). Este problema permite elaborar solicitudes GET a recursos internos y externos en nombre del servidor. 1.3.1 contiene una soluci\u00f3n parcial que limita la vulnerabilidad a los protocolos HTTP/HTTPS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bazarr:bazarr:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D263E03A-1B55-46E6-A55C-9B9EC77AA07E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-504xx/CVE-2023-50469.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-50469",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T21:15:09.353",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:43:15.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro ApCliEncrypType en /apply.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:szlbt:lbt-t300-t310_firmware:2.2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F69BCC70-7917-4625-B03A-C0EA49819AB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:szlbt:lbt-t300-t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A05E178-573F-4CEE-897D-FC72415CB0F7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/forever-more-cjy/overflow/blob/main/LBT-T310%20Buffer%20overflow.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

70
CVE-2023/CVE-2023-504xx/CVE-2023-50471.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-50471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T20:15:53.130",
"lastModified": "2023-12-14T22:44:49.057",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:51:50.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que cJSON v1.7.16 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n cJSON_InsertItemInArray en cJSON.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjson_project:cjson:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F689CECB-A7D0-4802-9315-356204983428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DaveGamble/cJSON/issues/802",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-504xx/CVE-2023-50472.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-50472",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T20:15:53.180",
"lastModified": "2023-12-14T22:44:49.057",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:53:28.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que cJSON v1.7.16 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n cJSON_SetValuestring en cJSON.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjson_project:cjson:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F689CECB-A7D0-4802-9315-356204983428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DaveGamble/cJSON/issues/803",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-507xx/CVE-2023-50710.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50710",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T18:15:45.270",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:44:37.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly."
},
{
"lang": "es",
"value": "Hono es un framework web escrito en TypeScript. Antes de la versi\u00f3n 3.11.7, los clientes pueden anular los valores de los par\u00e1metros de ruta con nombre de solicitudes anteriores si la aplicaci\u00f3n utiliza TrieRouter. Por lo tanto, existe el riesgo de que un usuario privilegiado utilice par\u00e1metros no deseados al eliminar recursos de la API REST. TrieRouter se usa expl\u00edcitamente o cuando la aplicaci\u00f3n coincide con un patr\u00f3n que no es compatible con el RegExpRouter predeterminado. La versi\u00f3n 3.11.7 incluye el cambio para solucionar este problema. Como workaround, evite utilizar TrieRouter directamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "3.11.7",
"matchCriteriaId": "74A7A157-DE4D-4445-9670-2EBF795FAB11"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/honojs/hono/releases/tag/v3.11.7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-507xx/CVE-2023-50719.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50719",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T19:15:09.247",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:51:50.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica. A partir de 7.2-milestone-2 y antes de las versiones 14.10.15, 15.5.2 y 15.7-rc-1, la b\u00fasqueda basada en Solr en XWiki revela los hashes de contrase\u00f1as de todos los usuarios a cualquier persona con acceso directo a los respectivos perfiles de usuario. De forma predeterminada, todos los perfiles de usuario son p\u00fablicos. Esta vulnerabilidad tambi\u00e9n afecta cualquier configuraci\u00f3n utilizada por extensiones que contengan contrase\u00f1as como claves API que sean visibles para el atacante. Normalmente, no se puede acceder a dichas contrase\u00f1as, pero esta vulnerabilidad las revelar\u00eda como texto plano. Esto ha sido parcheado en XWiki 14.10.15, 15.5.2 y 15.7RC1. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +84,80 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3",
"versionEndExcluding": "14.10.5",
"matchCriteriaId": "3B63FE1F-306B-4F87-B6A3-6976E761D911"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.2",
"matchCriteriaId": "1EF6C37A-D19A-4179-8DBA-2573A61E73CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:7.2:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "C2A06C6F-1DBA-4E6D-901A-096F16C08D49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:7.2:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "470D146C-5EBF-4399-BF0C-26D9CC48DE0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E0E3BBA4-5DBC-45F8-ACD2-1969FB3098FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96F8B723-5227-4590-8626-C9CF0D3BC2B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC6DB176-8A0C-4BB3-8C97-0CDBC52F1810"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21208",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

98
CVE-2023/CVE-2023-507xx/CVE-2023-50720.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50720",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T19:15:09.463",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:52:05.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": " XWiki Platform es una plataforma wiki gen\u00e9rica. Antes de las versiones 14.10.15, 15.5.2 y 15.7-rc-1, la b\u00fasqueda basada en Solr en XWiki revela las direcciones de correo electr\u00f3nico de los usuarios incluso cuando la ofuscaci\u00f3n de direcciones de correo electr\u00f3nico est\u00e1 habilitada. Para demostrar la vulnerabilidad, busque `objcontent:email*` usando la interfaz de b\u00fasqueda habitual de XWiki. Esto se solucion\u00f3 en XWiki 14.10.15, 15.5.2 y 15.7RC1 al no indexar las propiedades de la direcci\u00f3n de correo electr\u00f3nico cuando la ofuscaci\u00f3n est\u00e1 habilitada. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.10.5",
"matchCriteriaId": "3070B0F0-AD5E-4694-BDA2-DA8AA8200DDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.2",
"matchCriteriaId": "1EF6C37A-D19A-4179-8DBA-2573A61E73CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E0E3BBA4-5DBC-45F8-ACD2-1969FB3098FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96F8B723-5227-4590-8626-C9CF0D3BC2B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC6DB176-8A0C-4BB3-8C97-0CDBC52F1810"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20371",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-507xx/CVE-2023-50721.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50721",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T19:15:09.667",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:52:23.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`."
},
{
"lang": "es",
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica. A partir de 4.5-rc-1 y anteriores a las versiones 14.10.15, 15.5.2 y 15.7-rc-1, la interfaz de administraci\u00f3n de b\u00fasqueda no escapa correctamente a la identificaci\u00f3n y la etiqueta de las extensiones de la interfaz de usuario de b\u00fasqueda, lo que permite la inyecci\u00f3n de XWiki. sintaxis que contiene macros de script, incluidas macros Groovy que permiten la ejecuci\u00f3n remota de c\u00f3digo, lo que afecta la confidencialidad, integridad y disponibilidad de toda la instancia de XWiki. Este ataque puede ser ejecutado por cualquier usuario que pueda editar alguna p\u00e1gina wiki como el perfil del usuario (editable de forma predeterminada), ya que cualquier usuario puede agregar extensiones de interfaz de usuario que se mostrar\u00e1n en la administraci\u00f3n de b\u00fasqueda en cualquier documento. El escape necesario se agreg\u00f3 en XWiki 14.10.15, 15.5.2 y 15.7RC1. Como workaround, el parche se puede aplicar manualmente a la p\u00e1gina `XWiki.SearchAdmin`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +84,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "14.10.5",
"matchCriteriaId": "B917F625-7880-48D6-B7B8-B501022DCF96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.2",
"matchCriteriaId": "1EF6C37A-D19A-4179-8DBA-2573A61E73CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E0E3BBA4-5DBC-45F8-ACD2-1969FB3098FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96F8B723-5227-4590-8626-C9CF0D3BC2B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC6DB176-8A0C-4BB3-8C97-0CDBC52F1810"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21200",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-507xx/CVE-2023-50722.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50722",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T19:15:09.870",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:33:20.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.\n"
},
{
"lang": "es",
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica. A partir de la versi\u00f3n 2.3 y anteriores a las versiones 14.10.15, 15.5.2 y 15.7-rc-1, hay una vulnerabilidad XSS reflejada o tambi\u00e9n de ejecuci\u00f3n remota directa de c\u00f3digo en el c\u00f3digo para mostrar secciones de administraci\u00f3n configurables. El c\u00f3digo que se puede pasar a trav\u00e9s de un par\u00e1metro de URL solo se ejecuta cuando el usuario que visita la URL manipulada tiene derecho de edici\u00f3n en al menos una secci\u00f3n de configuraci\u00f3n. Si bien cualquier usuario de la wiki podr\u00eda crear f\u00e1cilmente una secci\u00f3n de este tipo, esta vulnerabilidad no requiere que el atacante tenga una cuenta ni acceso a la wiki. Es suficiente enga\u00f1ar a cualquier usuario administrador de la instalaci\u00f3n de XWiki para que visite la URL manipulada. Esta vulnerabilidad permite la ejecuci\u00f3n remota completa de c\u00f3digo con derechos de programaci\u00f3n y, por lo tanto, afecta la confidencialidad, integridad y disponibilidad de toda la instalaci\u00f3n de XWiki. Esto se solucion\u00f3 en XWiki 14.10.15, 15.5.2 y 15.7RC1. El parche se puede aplicar manualmente al documento `XWiki.ConfigurableClass`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +88,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3",
"versionEndExcluding": "14.10.5",
"matchCriteriaId": "2503AFD2-8705-405C-BBA7-273F644C0AA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.2",
"matchCriteriaId": "1EF6C37A-D19A-4179-8DBA-2573A61E73CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E0E3BBA4-5DBC-45F8-ACD2-1969FB3098FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96F8B723-5227-4590-8626-C9CF0D3BC2B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC6DB176-8A0C-4BB3-8C97-0CDBC52F1810"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21167",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

125
CVE-2023/CVE-2023-507xx/CVE-2023-50723.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50723",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T19:15:10.073",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:33:39.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages."
},
{
"lang": "es",
"value": " XWiki Platform es una plataforma wiki gen\u00e9rica. A partir de 2.3 y antes de las versiones 14.10.15, 15.5.2 y 15.7-rc-1, cualquiera que pueda editar una p\u00e1gina wiki arbitraria en una instalaci\u00f3n de XWiki puede obtener programaci\u00f3n en varios casos en los que faltan escapes en el c\u00f3digo para mostrar secciones. en la interfaz de administraci\u00f3n. Esto afecta la confidencialidad, integridad y disponibilidad de toda la instalaci\u00f3n de XWiki. Normalmente, todos los usuarios pueden editar su propio perfil de usuario, por lo que todos los usuarios de la instancia XWiki deber\u00edan poder explotarlo. Esto se solucion\u00f3 en XWiki 14.10.15, 15.5.2 y 15.7RC1. Los parches se pueden aplicar manualmente a las p\u00e1ginas `XWiki.ConfigurableClassMacros` y `XWiki.ConfigurableClass`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,38 +84,107 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3",
"versionEndExcluding": "14.10.5",
"matchCriteriaId": "2503AFD2-8705-405C-BBA7-273F644C0AA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.2",
"matchCriteriaId": "1EF6C37A-D19A-4179-8DBA-2573A61E73CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E0E3BBA4-5DBC-45F8-ACD2-1969FB3098FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96F8B723-5227-4590-8626-C9CF0D3BC2B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC6DB176-8A0C-4BB3-8C97-0CDBC52F1810"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21121",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21122",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21194",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

134
CVE-2023/CVE-2023-507xx/CVE-2023-50728.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50728",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-15T22:15:07.160",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:43:55.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3."
},
{
"lang": "es",
"value": "octokit/webhooks es un conjunto de herramientas de eventos de webhook de GitHub para Node.js. A partir de 9.26.0 y anteriores a 9.26.3, 10.9.2, 11.1.2 y 12.0.4, hay un problema causado por un problema con el manejo de errores en la librer\u00eda @octokit/webhooks porque el error puede no estar definido en algunos casos. Se descubri\u00f3 que la solicitud resultante provoca una excepci\u00f3n no detectada que finaliza el proceso de nodejs. El error se solucion\u00f3 en octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2 y 12.0.4, app.js 14.02, octokit.js 3.1.2 y Protobot 12.3.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,38 +70,128 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octokit:app:14.0.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6D8BE8ED-7684-4F25-AE87-1739F1432742"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octokit:octokit:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "3.1.2",
"matchCriteriaId": "A734E79A-E7A2-4A97-B875-DCCBCBB226F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "9.26.3",
"matchCriteriaId": "57318B95-09DC-4A5B-AA66-F8911722138D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.9.2",
"matchCriteriaId": "718FA3E2-34B9-4AB7-86E2-ED91BCDB5FEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.1.2",
"matchCriteriaId": "4B6206DA-B77A-47EB-98AE-B5B5D2B56E5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.0.4",
"matchCriteriaId": "0F1F07B3-C4E0-4E7E-934A-A0C57EA8A246"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:probot:probot:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "12.3.3",
"matchCriteriaId": "84995A76-C69A-400C-B668-87394E5BE7B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/octokit/app.js/releases/tag/v14.0.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/octokit/octokit.js/releases/tag/v3.1.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/octokit/webhooks.js/releases/tag/v10.9.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/octokit/webhooks.js/releases/tag/v11.1.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/octokit/webhooks.js/releases/tag/v12.0.4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/octokit/webhooks.js/releases/tag/v9.26.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/probot/probot/releases/tag/v12.3.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}
]
}

73
CVE-2023/CVE-2023-509xx/CVE-2023-50917.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50917",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T17:15:12.840",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:20:43.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager."
},
{
"lang": "es",
"value": "MajorDoMo (tambi\u00e9n conocido como Major Domestic Module) anterior a 0662e5e permite la ejecuci\u00f3n de comandos a trav\u00e9s de metacaracteres del shell thumb.php. NOTA: esto no est\u00e1 relacionado con el administrador de listas de correo de Majordomo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mjdm:majordomo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-11-15",
"matchCriteriaId": "B47943C3-4EC3-479D-B949-C2702BD92B39"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

100
CVE-2023/CVE-2023-60xx/CVE-2023-6051.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6051",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:46.490",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:46:20.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.4.4, todas las versiones desde 15.5 anteriores a 16.5.4, todas las versiones desde 16.6 anteriores a 16.6.2. La integridad del archivo puede verse comprometida cuando el c\u00f3digo fuente o los paquetes de instalaci\u00f3n se extraen de una etiqueta espec\u00edfica."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "7A118925-6ADE-455D-BACF-62FF89F2460D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "8C804A75-C14D-4AD1-8347-3F85B8889C5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "3C213E8A-B47E-4D1F-8253-90CB866744F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "E6EBFF85-99EE-48D7-8991-02AA59E78374"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "17596227-79F6-439A-89EC-B87F03EF73AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "53E94AC5-C346-4511-B68C-DC0D86E575FC"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431345",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2237165",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

76
CVE-2023/CVE-2023-66xx/CVE-2023-6680.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6680",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:46.737",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:51:03.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator."
},
{
"lang": "es",
"value": "Un problema de validaci\u00f3n de certificado incorrecto en la autenticaci\u00f3n de tarjeta inteligente en GitLab EE que afecta a todas las versiones desde 11.6 anterior a 16.4.4, 16.5 anterior a 16.5.4 y 16.6 anterior a 16.6.2 permite a un atacante autenticarse como otro usuario dada su clave p\u00fablica si utilizar la autenticaci\u00f3n con tarjeta inteligente. La autenticaci\u00f3n con tarjeta inteligente es una funci\u00f3n experimental y un administrador debe habilitarla manualmente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,10 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.6",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "289EDE8D-E3DC-4000-A0BD-71E7389F631F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "B9D88266-872E-4BD9-B3DF-D1C540E66AFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "D5C45787-C8C9-432E-8DAF-6F5264BBE0B3"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421607",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

69
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-19T19:00:24.767656+00:00
2023-12-19T21:00:24.455304+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-19T18:59:02.837000+00:00
2023-12-19T20:53:28.300000+00:00
```
### Last Data Feed Release
@ -29,44 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233751
233760
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `9`
* [CVE-2023-49706](CVE-2023/CVE-2023-497xx/CVE-2023-49706.json) (`2023-12-19T19:15:07.800`)
* [CVE-2023-34027](CVE-2023/CVE-2023-340xx/CVE-2023-34027.json) (`2023-12-19T20:15:07.140`)
* [CVE-2023-34382](CVE-2023/CVE-2023-343xx/CVE-2023-34382.json) (`2023-12-19T20:15:07.340`)
* [CVE-2023-38478](CVE-2023/CVE-2023-384xx/CVE-2023-38478.json) (`2023-12-19T20:15:07.527`)
* [CVE-2023-38481](CVE-2023/CVE-2023-384xx/CVE-2023-38481.json) (`2023-12-19T20:15:07.717`)
* [CVE-2023-40602](CVE-2023/CVE-2023-406xx/CVE-2023-40602.json) (`2023-12-19T20:15:07.920`)
* [CVE-2023-41648](CVE-2023/CVE-2023-416xx/CVE-2023-41648.json) (`2023-12-19T20:15:08.113`)
* [CVE-2023-43826](CVE-2023/CVE-2023-438xx/CVE-2023-43826.json) (`2023-12-19T20:15:08.300`)
* [CVE-2023-45105](CVE-2023/CVE-2023-451xx/CVE-2023-45105.json) (`2023-12-19T20:15:08.530`)
### CVEs modified in the last Commit
Recently modified CVEs: `33`
Recently modified CVEs: `41`
* [CVE-2023-6366](CVE-2023/CVE-2023-63xx/CVE-2023-6366.json) (`2023-12-19T17:30:45.493`)
* [CVE-2023-46279](CVE-2023/CVE-2023-462xx/CVE-2023-46279.json) (`2023-12-19T17:40:49.427`)
* [CVE-2023-6367](CVE-2023/CVE-2023-63xx/CVE-2023-6367.json) (`2023-12-19T17:44:03.543`)
* [CVE-2023-6368](CVE-2023/CVE-2023-63xx/CVE-2023-6368.json) (`2023-12-19T17:48:19.703`)
* [CVE-2023-6595](CVE-2023/CVE-2023-65xx/CVE-2023-6595.json) (`2023-12-19T17:51:54.827`)
* [CVE-2023-48780](CVE-2023/CVE-2023-487xx/CVE-2023-48780.json) (`2023-12-19T17:54:07.470`)
* [CVE-2023-48671](CVE-2023/CVE-2023-486xx/CVE-2023-48671.json) (`2023-12-19T18:01:42.870`)
* [CVE-2023-48765](CVE-2023/CVE-2023-487xx/CVE-2023-48765.json) (`2023-12-19T18:04:34.990`)
* [CVE-2023-47261](CVE-2023/CVE-2023-472xx/CVE-2023-47261.json) (`2023-12-19T18:06:10.213`)
* [CVE-2023-49739](CVE-2023/CVE-2023-497xx/CVE-2023-49739.json) (`2023-12-19T18:06:46.643`)
* [CVE-2023-49149](CVE-2023/CVE-2023-491xx/CVE-2023-49149.json) (`2023-12-19T18:21:57.330`)
* [CVE-2023-49150](CVE-2023/CVE-2023-491xx/CVE-2023-49150.json) (`2023-12-19T18:26:48.597`)
* [CVE-2023-6572](CVE-2023/CVE-2023-65xx/CVE-2023-6572.json) (`2023-12-19T18:29:36.817`)
* [CVE-2023-49842](CVE-2023/CVE-2023-498xx/CVE-2023-49842.json) (`2023-12-19T18:31:01.960`)
* [CVE-2023-6545](CVE-2023/CVE-2023-65xx/CVE-2023-6545.json) (`2023-12-19T18:35:44.263`)
* [CVE-2023-48084](CVE-2023/CVE-2023-480xx/CVE-2023-48084.json) (`2023-12-19T18:41:44.493`)
* [CVE-2023-48085](CVE-2023/CVE-2023-480xx/CVE-2023-48085.json) (`2023-12-19T18:41:59.183`)
* [CVE-2023-49860](CVE-2023/CVE-2023-498xx/CVE-2023-49860.json) (`2023-12-19T18:42:39.760`)
* [CVE-2023-49160](CVE-2023/CVE-2023-491xx/CVE-2023-49160.json) (`2023-12-19T18:44:14.747`)
* [CVE-2023-25651](CVE-2023/CVE-2023-256xx/CVE-2023-25651.json) (`2023-12-19T18:46:27.270`)
* [CVE-2023-50870](CVE-2023/CVE-2023-508xx/CVE-2023-50870.json) (`2023-12-19T18:48:01.647`)
* [CVE-2023-50871](CVE-2023/CVE-2023-508xx/CVE-2023-50871.json) (`2023-12-19T18:50:30.227`)
* [CVE-2023-50247](CVE-2023/CVE-2023-502xx/CVE-2023-50247.json) (`2023-12-19T18:56:13.660`)
* [CVE-2023-1904](CVE-2023/CVE-2023-19xx/CVE-2023-1904.json) (`2023-12-19T18:57:53.073`)
* [CVE-2023-46713](CVE-2023/CVE-2023-467xx/CVE-2023-46713.json) (`2023-12-19T18:59:02.837`)
* [CVE-2023-49188](CVE-2023/CVE-2023-491xx/CVE-2023-49188.json) (`2023-12-19T20:20:29.910`)
* [CVE-2023-49187](CVE-2023/CVE-2023-491xx/CVE-2023-49187.json) (`2023-12-19T20:22:11.963`)
* [CVE-2023-49181](CVE-2023/CVE-2023-491xx/CVE-2023-49181.json) (`2023-12-19T20:25:34.397`)
* [CVE-2023-36878](CVE-2023/CVE-2023-368xx/CVE-2023-36878.json) (`2023-12-19T20:31:24.683`)
* [CVE-2023-50722](CVE-2023/CVE-2023-507xx/CVE-2023-50722.json) (`2023-12-19T20:33:20.713`)
* [CVE-2023-50723](CVE-2023/CVE-2023-507xx/CVE-2023-50723.json) (`2023-12-19T20:33:39.183`)
* [CVE-2023-49182](CVE-2023/CVE-2023-491xx/CVE-2023-49182.json) (`2023-12-19T20:36:56.557`)
* [CVE-2023-4020](CVE-2023/CVE-2023-40xx/CVE-2023-4020.json) (`2023-12-19T20:37:21.960`)
* [CVE-2023-50264](CVE-2023/CVE-2023-502xx/CVE-2023-50264.json) (`2023-12-19T20:37:45.463`)
* [CVE-2023-50265](CVE-2023/CVE-2023-502xx/CVE-2023-50265.json) (`2023-12-19T20:37:58.280`)
* [CVE-2023-50266](CVE-2023/CVE-2023-502xx/CVE-2023-50266.json) (`2023-12-19T20:38:21.357`)
* [CVE-2023-49183](CVE-2023/CVE-2023-491xx/CVE-2023-49183.json) (`2023-12-19T20:41:36.987`)
* [CVE-2023-50469](CVE-2023/CVE-2023-504xx/CVE-2023-50469.json) (`2023-12-19T20:43:15.477`)
* [CVE-2023-49184](CVE-2023/CVE-2023-491xx/CVE-2023-49184.json) (`2023-12-19T20:43:19.030`)
* [CVE-2023-50728](CVE-2023/CVE-2023-507xx/CVE-2023-50728.json) (`2023-12-19T20:43:55.837`)
* [CVE-2023-49185](CVE-2023/CVE-2023-491xx/CVE-2023-49185.json) (`2023-12-19T20:45:06.317`)
* [CVE-2023-6051](CVE-2023/CVE-2023-60xx/CVE-2023-6051.json) (`2023-12-19T20:46:20.970`)
* [CVE-2023-41151](CVE-2023/CVE-2023-411xx/CVE-2023-41151.json) (`2023-12-19T20:48:30.317`)
* [CVE-2023-6680](CVE-2023/CVE-2023-66xx/CVE-2023-6680.json) (`2023-12-19T20:51:03.237`)
* [CVE-2023-50089](CVE-2023/CVE-2023-500xx/CVE-2023-50089.json) (`2023-12-19T20:51:17.553`)
* [CVE-2023-50471](CVE-2023/CVE-2023-504xx/CVE-2023-50471.json) (`2023-12-19T20:51:50.550`)
* [CVE-2023-50719](CVE-2023/CVE-2023-507xx/CVE-2023-50719.json) (`2023-12-19T20:51:50.893`)
* [CVE-2023-50720](CVE-2023/CVE-2023-507xx/CVE-2023-50720.json) (`2023-12-19T20:52:05.350`)
* [CVE-2023-50721](CVE-2023/CVE-2023-507xx/CVE-2023-50721.json) (`2023-12-19T20:52:23.670`)
* [CVE-2023-50472](CVE-2023/CVE-2023-504xx/CVE-2023-50472.json) (`2023-12-19T20:53:28.300`)
## Download and Usage