admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-01T17:00:18.687743+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-01 17:00:22 +00:00
parent 9524509a77
commit 42b4426a7e
18 changed files with 712 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023/CVE-2023-244xx/CVE-2023-24415.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24415",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-02-23T16:15:11.700",
"lastModified": "2023-11-07T04:08:28.580",
"lastModified": "2023-12-01T15:15:07.503",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot \ud83d\ude80 plugin <=\u00a04.2.8 versions."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <=\u00a04.2.8 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Request Forgery (CSRF) en versiones 4.2.8 y anteriores del plugin QuantumCloud ChatBot ?."
}
],
"metrics": {
@ -33,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "21595511-bba5-4825-b968-b78d1f9984a3",
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +70,7 @@
]
},
{
"source": "21595511-bba5-4825-b968-b78d1f9984a3",
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{

68
CVE-2023/CVE-2023-24xx/CVE-2023-2438.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2438",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.207",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T16:07:56.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable a la Cross-Site Request Forgery en versiones hasta la 5.1.0 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'userpro_save_userdata'. Esto hace posible que atacantes no autenticados actualicen el meta del usuario e inyecten JavaScript malicioso a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "43123A51-AEF0-437C-9AEA-8653C22CC9E3"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d30adc5-27a5-4549-84fc-b930f27f03e5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-24xx/CVE-2023-2440.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2440",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.367",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T16:11:41.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable a la Cross-Site Request Forgery en versiones hasta la 5.1.1 incluida. Esto se debe a que falta la validaci\u00f3n nonce en las funciones 'admin_page', 'userpro_verify_user' y 'verifyUnverifyAllUsers'. Esto hace posible que atacantes no autenticados modifiquen la funci\u00f3n de los usuarios verificados para elevar los privilegios de los usuarios verificados a los de cualquier usuario, como \"administrador\", a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "E30F7B1B-A4E6-4C8F-ACA8-0A9B16EED37B"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-384xx/CVE-2023-38435.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38435",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-25T16:15:11.500",
"lastModified": "2023-08-02T15:11:25.040",
"lastModified": "2023-12-01T16:28:34.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,9 +65,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:felix_health_checks:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.2",
"matchCriteriaId": "5AD42A62-B2BB-4A4A-8C29-F897B3C32274"
"criteria": "cpe:2.3:a:apache:felix_health_check_webconsole:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.0",
"matchCriteriaId": "676D826F-DC6D-4356-9B94-8FEB2EB4F9DB"
}
]
}
@ -79,7 +79,9 @@
"url": "http://seclists.org/fulldisclosure/2023/Jul/43",
"source": "security@apache.org",
"tags": [
"Not Applicable"
"Mailing List",
"Not Applicable",
"Third Party Advisory"
]
},
{

116
CVE-2023/CVE-2023-414xx/CVE-2023-41442.json
View File

@ -2,19 +2,127 @@
"id": "CVE-2023-41442",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T22:15:27.673",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T16:56:41.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component."
},
{
"lang": "es",
"value": "Un problema en Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 a 3.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al componente MQTT."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kloudq:tor_loco_min:*:*:*:*:*:mqtt:*:*",
"versionStartIncluding": "1.0",
"versionEndIncluding": "3.1",
"matchCriteriaId": "D55E79A2-1846-47C8-AE85-2957D47816F7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kloudq:tor_equip_gateway:1.0:*:*:*:*:mqtt:*:*",
"matchCriteriaId": "FE9D8773-B3A7-417B-8EF6-C5E4B58A3057"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kloudq:tor_shield:1.0:*:*:*:*:mqtt:*:*",
"matchCriteriaId": "7874F634-A4EB-40E5-ADC9-BACB2B6727A8"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kloudq:tor_lenz:0.0.1:*:*:*:*:mqtt:*:*",
"matchCriteriaId": "DD85D06E-CD88-4B25-B879-B4F6973B26FB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://writeups.ayyappan.me/v/tor-iot-mqtt/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Press/Media Coverage",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45168.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45168",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T15:15:07.623",
"lastModified": "2023-12-01T15:15:07.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267966",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7086090",
"source": "psirt@us.ibm.com"
}
]
}

55
CVE-2023/CVE-2023-45xx/CVE-2023-4518.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4518",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-01T15:15:07.860",
"lastModified": "2023-12-01T15:15:07.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured.\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47630.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47630",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T21:15:13.037",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T16:24:28.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then return an vulnerable image to the the user and leverage that to further escalate their position. As such, the attacker would need to know which images the Kyverno user consumes and know of one of multiple exploitable vulnerabilities in previous digests of the images. Alternatively, if the attacker has compromised the registry, they could craft a malicious image with a different digest with intentionally placed vulnerabilities and deliver the image to the user. Users pulling their images by digests and from trusted registries are not impacted by this vulnerability. There is no evidence of this being exploited in the wild. The issue has been patched in 1.10.5. All users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Kyverno es un motor de pol\u00edticas manipulado para Kubernetes. Se encontr\u00f3 un problema en Kyverno que permiti\u00f3 a un atacante controlar el resumen de im\u00e1genes utilizadas por los usuarios de Kyverno. El problema requerir\u00eda que el atacante comprometiera el registro del que los usuarios de Kyverno obtienen sus im\u00e1genes. Luego, el atacante podr\u00eda devolver una imagen vulnerable al usuario y aprovecharla para escalar a\u00fan m\u00e1s su posici\u00f3n. Como tal, el atacante necesitar\u00eda saber qu\u00e9 im\u00e1genes consume el usuario de Kyverno y conocer una de las m\u00faltiples vulnerabilidades explotables en res\u00famenes anteriores de las im\u00e1genes. Alternativamente, si el atacante ha comprometido el registro, podr\u00eda crear una imagen maliciosa con un resumen diferente con vulnerabilidades colocadas intencionalmente y entregar la imagen al usuario. Los usuarios que extraen sus im\u00e1genes de res\u00famenes y de registros confiables no se ven afectados por esta vulnerabilidad. No hay evidencia de que esto haya sido explotado en la naturaleza. El problema se solucion\u00f3 en 1.10.5. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.5",
"matchCriteriaId": "6FFC1CCB-8B49-48E4-8061-C7E17C6CD091"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-3hfq-cx9j-923w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

120
CVE-2023/CVE-2023-483xx/CVE-2023-48304.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48304",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T22:15:08.087",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T15:08:42.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y anteriores a las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y a partir de la versi\u00f3n 22.0.0 y anteriores a las versiones 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0. 11, 26.0.6 y 27.1.0 de Nextcloud Enterprise Server, un atacante podr\u00eda habilitar y deshabilitar el calendario de cumplea\u00f1os para cualquier usuario en el mismo servidor. Nextcloud Server 25.0.11, 26.0.6 y 27.1.0 y Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6 y 27.1.0 contienen parches para este problema. No hay workarounds conocidos disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,104 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "22.0.0",
"versionEndIncluding": "22.2.10.16",
"matchCriteriaId": "A4B4DC01-30FF-4D19-9C92-CFFF639C6C49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.11",
"matchCriteriaId": "465AAFF0-9D24-451A-AAAE-9340A8BE1EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.7",
"matchCriteriaId": "040721D3-7E8A-4DC2-978D-9AE6D5A606F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "CFCB9CDB-F661-496E-86B7-25B228A3C90E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "37949CD5-0B2D-40BE-83C8-E6A03CD0F7C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "9E2008E1-AFAE-40F5-8D64-A019F2222AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "4C98058B-06EF-446E-A39D-F436627469C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "B8F5C07F-E133-4C54-B9A7-95A38086B28A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "E29703CE-0A92-47F3-96AE-0AC27641ECDF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8jwv-c8c8-9fr3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/40292",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2112973",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-488xx/CVE-2023-48813.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48813",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T16:15:07.487",
"lastModified": "2023-12-01T16:15:07.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-fines_report.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/slims/slims9_bulian/issues/217",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-488xx/CVE-2023-48842.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48842",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T16:15:07.550",
"lastModified": "2023-12-01T16:15:07.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi."
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1y5om__f2SAhNmcPqDxC_SRTvJVAWwPcH/view?usp=drive_link",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-488xx/CVE-2023-48893.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48893",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T16:15:07.607",
"lastModified": "2023-12-01T16:15:07.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-staff_act.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/slims/slims9_bulian/issues/209",
"source": "cve@mitre.org"
}
]
}

68
CVE-2023/CVE-2023-491xx/CVE-2023-49104.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49104",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-21T22:15:08.450",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T16:03:59.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ownCloud owncloud/oauth2 anterior a 0.6.1, cuando Permitir subdominios est\u00e1 habilitado. Un atacante puede pasar una URL de redireccionamiento manipulada que omite la validaci\u00f3n y, en consecuencia, le permite redirigir las devoluciones de llamada a un Dominio de Nivel Superior controlado por el atacante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:oauth2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.6.1",
"matchCriteriaId": "80530F13-F31C-4FAB-A032-170D5CC124A4"
}
]
}
]
}
],
"references": [
{
"url": "https://owncloud.com/security-advisories/subdomain-validation-bypass/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://owncloud.org/security",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49371.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T15:15:07.817",
"lastModified": "2023-12-01T15:15:07.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Maverickfir/RuoYi-v4.6-vulnerability/blob/main/Ruoyiv4.6.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-60xx/CVE-2023-6019.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6019",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:08.830",
"lastModified": "2023-11-30T10:15:07.410",
"vulnStatus": "Modified",
"lastModified": "2023-12-01T15:22:26.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-60xx/CVE-2023-6020.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6020",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T21:15:09.443",
"lastModified": "2023-11-29T10:15:07.507",
"vulnStatus": "Modified",
"lastModified": "2023-12-01T15:22:23.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-60xx/CVE-2023-6021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6021",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:09.020",
"lastModified": "2023-11-29T10:15:07.707",
"vulnStatus": "Modified",
"lastModified": "2023-12-01T15:22:19.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-01T15:00:49.539629+00:00
2023-12-01T17:00:18.687743+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-01T14:53:38.313000+00:00
2023-12-01T16:56:41.467000+00:00
```
### Last Data Feed Release
@ -29,51 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231949
231955
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `6`
* [CVE-2023-28895](CVE-2023/CVE-2023-288xx/CVE-2023-28895.json) (`2023-12-01T14:15:07.540`)
* [CVE-2023-28896](CVE-2023/CVE-2023-288xx/CVE-2023-28896.json) (`2023-12-01T14:15:07.747`)
* [CVE-2023-5634](CVE-2023/CVE-2023-56xx/CVE-2023-5634.json) (`2023-12-01T14:15:07.967`)
* [CVE-2023-5635](CVE-2023/CVE-2023-56xx/CVE-2023-5635.json) (`2023-12-01T14:15:08.190`)
* [CVE-2023-5636](CVE-2023/CVE-2023-56xx/CVE-2023-5636.json) (`2023-12-01T14:15:08.393`)
* [CVE-2023-5637](CVE-2023/CVE-2023-56xx/CVE-2023-5637.json) (`2023-12-01T14:15:08.607`)
* [CVE-2023-6461](CVE-2023/CVE-2023-64xx/CVE-2023-6461.json) (`2023-12-01T14:15:08.807`)
* [CVE-2023-45168](CVE-2023/CVE-2023-451xx/CVE-2023-45168.json) (`2023-12-01T15:15:07.623`)
* [CVE-2023-49371](CVE-2023/CVE-2023-493xx/CVE-2023-49371.json) (`2023-12-01T15:15:07.817`)
* [CVE-2023-4518](CVE-2023/CVE-2023-45xx/CVE-2023-4518.json) (`2023-12-01T15:15:07.860`)
* [CVE-2023-48813](CVE-2023/CVE-2023-488xx/CVE-2023-48813.json) (`2023-12-01T16:15:07.487`)
* [CVE-2023-48842](CVE-2023/CVE-2023-488xx/CVE-2023-48842.json) (`2023-12-01T16:15:07.550`)
* [CVE-2023-48893](CVE-2023/CVE-2023-488xx/CVE-2023-48893.json) (`2023-12-01T16:15:07.607`)
### CVEs modified in the last Commit
Recently modified CVEs: `28`
Recently modified CVEs: `11`
* [CVE-2021-31511](CVE-2021/CVE-2021-315xx/CVE-2021-31511.json) (`2023-12-01T14:22:59.927`)
* [CVE-2021-31512](CVE-2021/CVE-2021-315xx/CVE-2021-31512.json) (`2023-12-01T14:23:12.870`)
* [CVE-2021-31513](CVE-2021/CVE-2021-315xx/CVE-2021-31513.json) (`2023-12-01T14:23:17.387`)
* [CVE-2021-31514](CVE-2021/CVE-2021-315xx/CVE-2021-31514.json) (`2023-12-01T14:23:23.593`)
* [CVE-2023-49068](CVE-2023/CVE-2023-490xx/CVE-2023-49068.json) (`2023-12-01T13:53:23.050`)
* [CVE-2023-48016](CVE-2023/CVE-2023-480xx/CVE-2023-48016.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-45252](CVE-2023/CVE-2023-452xx/CVE-2023-45252.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-45253](CVE-2023/CVE-2023-452xx/CVE-2023-45253.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-3443](CVE-2023/CVE-2023-34xx/CVE-2023-3443.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-3949](CVE-2023/CVE-2023-39xx/CVE-2023-3949.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-3964](CVE-2023/CVE-2023-39xx/CVE-2023-3964.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-4317](CVE-2023/CVE-2023-43xx/CVE-2023-4317.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-4658](CVE-2023/CVE-2023-46xx/CVE-2023-4658.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-4912](CVE-2023/CVE-2023-49xx/CVE-2023-4912.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-5226](CVE-2023/CVE-2023-52xx/CVE-2023-5226.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-5915](CVE-2023/CVE-2023-59xx/CVE-2023-5915.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-5995](CVE-2023/CVE-2023-59xx/CVE-2023-5995.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-6033](CVE-2023/CVE-2023-60xx/CVE-2023-6033.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-5427](CVE-2023/CVE-2023-54xx/CVE-2023-5427.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-6449](CVE-2023/CVE-2023-64xx/CVE-2023-6449.json) (`2023-12-01T13:54:29.567`)
* [CVE-2023-20084](CVE-2023/CVE-2023-200xx/CVE-2023-20084.json) (`2023-12-01T14:02:48.813`)
* [CVE-2023-20240](CVE-2023/CVE-2023-202xx/CVE-2023-20240.json) (`2023-12-01T14:19:07.907`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-12-01T14:22:19.683`)
* [CVE-2023-4586](CVE-2023/CVE-2023-45xx/CVE-2023-4586.json) (`2023-12-01T14:49:56.000`)
* [CVE-2023-5055](CVE-2023/CVE-2023-50xx/CVE-2023-5055.json) (`2023-12-01T14:53:38.313`)
* [CVE-2023-48304](CVE-2023/CVE-2023-483xx/CVE-2023-48304.json) (`2023-12-01T15:08:42.693`)
* [CVE-2023-24415](CVE-2023/CVE-2023-244xx/CVE-2023-24415.json) (`2023-12-01T15:15:07.503`)
* [CVE-2023-6021](CVE-2023/CVE-2023-60xx/CVE-2023-6021.json) (`2023-12-01T15:22:19.813`)
* [CVE-2023-6020](CVE-2023/CVE-2023-60xx/CVE-2023-6020.json) (`2023-12-01T15:22:23.380`)
* [CVE-2023-6019](CVE-2023/CVE-2023-60xx/CVE-2023-6019.json) (`2023-12-01T15:22:26.807`)
* [CVE-2023-49104](CVE-2023/CVE-2023-491xx/CVE-2023-49104.json) (`2023-12-01T16:03:59.827`)
* [CVE-2023-2438](CVE-2023/CVE-2023-24xx/CVE-2023-2438.json) (`2023-12-01T16:07:56.973`)
* [CVE-2023-2440](CVE-2023/CVE-2023-24xx/CVE-2023-2440.json) (`2023-12-01T16:11:41.727`)
* [CVE-2023-47630](CVE-2023/CVE-2023-476xx/CVE-2023-47630.json) (`2023-12-01T16:24:28.727`)
* [CVE-2023-38435](CVE-2023/CVE-2023-384xx/CVE-2023-38435.json) (`2023-12-01T16:28:34.823`)
* [CVE-2023-41442](CVE-2023/CVE-2023-414xx/CVE-2023-41442.json) (`2023-12-01T16:56:41.467`)
## Download and Usage