admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-06T15:00:19.326711+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-06 15:00:23 +00:00
parent 488c6361a0
commit 45198d9aef
117 changed files with 1838 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2017/CVE-2017-201xx/CVE-2017-20187.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2017-20187",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-05T21:15:09.190",
"lastModified": "2023-11-05T21:15:09.190",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad en Magnesium-PHP hasta 0.3.0. Ha sido clasificada como problem\u00e1tica. La funci\u00f3n formatEmailString del archivo src/Magnesium/Message/Base.php es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento correo electr\u00f3nico/nombre conduce a la inyecci\u00f3n. La actualizaci\u00f3n a la versi\u00f3n 0.3.1 puede solucionar este problema. El parche se identifica como 500d340e1f6421007413cc08a8383475221c2604. Se recomienda actualizar el componente afectado. VDB-244482 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor."
}
],
"metrics": {

8
CVE-2018/CVE-2018-250xx/CVE-2018-25092.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2018-25092",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-05T21:15:09.357",
"lastModified": "2023-11-05T21:15:09.357",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Vaerys-Dawn DiscordSailv2 hasta 2.10.2. Que ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del componente Command Mention Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. La actualizaci\u00f3n a la versi\u00f3n 2.10.3 puede solucionar este problema. El parche se llama cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-244483."
}
],
"metrics": {

4
CVE-2018/CVE-2018-250xx/CVE-2018-25093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-25093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-06T01:15:08.690",
"lastModified": "2023-11-06T01:15:08.690",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-44xx/CVE-2021-4430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4430",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-06T08:15:21.343",
"lastModified": "2023-11-06T08:15:21.343",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2022/CVE-2022-31xx/CVE-2022-3172.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-3172",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-11-03T20:15:08.550",
"lastModified": "2023-11-03T20:15:08.550",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL. This could\n lead to the client performing unexpected actions as well as forwarding \nthe client's API server credentials to third parties.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de seguridad en kube-apiserver que permite que un servidor API agregado redirija el tr\u00e1fico del cliente a cualquier URL. Esto podr\u00eda llevar a que el cliente realice acciones inesperadas, as\u00ed como a que reenv\u00ede las credenciales del servidor API del cliente a terceros."
}
],
"metrics": {

8
CVE-2022/CVE-2022-435xx/CVE-2022-43554.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43554",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:08.690",
"lastModified": "2023-11-03T20:15:08.690",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios locales de autenticaci\u00f3n faltante de Ivanti Avalanche Smart Device Service"
}
],
"metrics": {

8
CVE-2022/CVE-2022-435xx/CVE-2022-43555.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43555",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:08.757",
"lastModified": "2023-11-03T20:15:08.757",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios locales sin autenticaci\u00f3n de Ivanti Avalanche Printer Device Service"
}
],
"metrics": {

8
CVE-2022/CVE-2022-445xx/CVE-2022-44569.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-44569",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:08.813",
"lastModified": "2023-11-03T20:15:08.813",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication."
},
{
"lang": "es",
"value": "Un atacante autenticado localmente con pocos privilegios puede omitir la autenticaci\u00f3n debido a una comunicaci\u00f3n insegura entre procesos."
}
],
"metrics": {

4
CVE-2022/CVE-2022-453xx/CVE-2022-45373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45373",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.547",
"lastModified": "2023-11-06T08:15:21.547",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-468xx/CVE-2022-46849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46849",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.623",
"lastModified": "2023-11-06T08:15:21.623",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2022/CVE-2022-468xx/CVE-2022-46860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-46860",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.690",
"lastModified": "2023-11-06T08:15:21.690",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en KaizenCoders Short URL permite la inyecci\u00f3n SQL. Este problema afecta Short URL: desde n/a hasta 1.6.4."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-474xx/CVE-2022-47420.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-47420",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.757",
"lastModified": "2023-11-06T08:15:21.757",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Online ADA Accessibility Suite de Online ADA permite la inyecci\u00f3n de SQL. Este problema afecta a Accessibility Suite de Online ADA: desde n/a hasta 4.11."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-474xx/CVE-2022-47428.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-47428",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.830",
"lastModified": "2023-11-06T08:15:21.830",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en WpDevArt Booking calendar, Appointment Booking System permite la inyecci\u00f3n de SQL. Este problema afecta Booking calendar, Appointment Booking System: desde n/a hasta 3.2.7."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-474xx/CVE-2022-47430.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-47430",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.893",
"lastModified": "2023-11-06T08:15:21.893",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management \u2013 Education & Learning Management allows SQL Injection.This issue affects The School Management \u2013 Education & Learning Management: from n/a through 4.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Weblizar The School Management \u2013 Education & Learning Management permite la inyecci\u00f3n SQL. Este problema afecta a The School Management \u2013 Education & Learning Management: desde n/a hasta 4.1."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-474xx/CVE-2022-47432.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-47432",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.963",
"lastModified": "2023-11-06T08:15:21.963",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Kemal YAZICI - PluginPress Shortcode IMDB permite la inyecci\u00f3n SQL. Este problema afecta a Shortcode IMDB: desde n/a hasta 6.0.8."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-207xx/CVE-2023-20702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20702",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.653",
"lastModified": "2023-11-06T04:15:07.653",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

68
CVE-2023/CVE-2023-213xx/CVE-2023-21327.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21327",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:49.113",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T14:47:48.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Permission Manager, existe una manera posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-237xx/CVE-2023-23702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23702",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:07.827",
"lastModified": "2023-11-06T10:15:07.827",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-276xx/CVE-2023-27605.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27605",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:07.717",
"lastModified": "2023-11-06T09:15:07.717",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Sajjad Hossain WP Reroute Email permite la inyecci\u00f3n SQL. Este problema afecta a WP Reroute Email: desde n/a hasta 1.4.6."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-287xx/CVE-2023-28748.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28748",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:07.790",
"lastModified": "2023-11-06T09:15:07.790",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Biztechc Copy or Move Comments permite la inyecci\u00f3n SQL. Este problema afecta Copy or Move Comments: desde n/a hasta 5.0.4."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-287xx/CVE-2023-28794.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28794",
"sourceIdentifier": "cve@zscaler.com",
"published": "2023-11-06T08:15:22.037",
"lastModified": "2023-11-06T08:15:22.037",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de error de validaci\u00f3n de origen en Zscaler Client Connector en Linux permite el abuso de privilegios. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6."
}
],
"metrics": {

8
CVE-2023/CVE-2023-327xx/CVE-2023-32741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32741",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-04T00:15:08.573",
"lastModified": "2023-11-04T00:15:08.573",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en IT Path Solutions PVT LTD El formulario de contacto para cualquier API permite la inyecci\u00f3n de SQL. Este problema afecta el formulario de contacto para cualquier API: desde n/a hasta 1.1.2."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-328xx/CVE-2023-32818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32818",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.713",
"lastModified": "2023-11-06T04:15:07.713",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32825",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.757",
"lastModified": "2023-11-06T04:15:07.757",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32832.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32832",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.797",
"lastModified": "2023-11-06T04:15:07.797",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32834",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.843",
"lastModified": "2023-11-06T04:15:07.843",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32835",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.887",
"lastModified": "2023-11-06T04:15:07.887",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32836",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.930",
"lastModified": "2023-11-06T04:15:07.930",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32837.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32837",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:07.973",
"lastModified": "2023-11-06T04:15:07.973",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32838",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:08.013",
"lastModified": "2023-11-06T04:15:08.013",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32839",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:08.053",
"lastModified": "2023-11-06T04:15:08.053",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-328xx/CVE-2023-32840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32840",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-11-06T04:15:08.097",
"lastModified": "2023-11-06T04:15:08.097",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-32xx/CVE-2023-3246.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3246",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-11-06T13:15:09.397",
"lastModified": "2023-11-06T13:15:52.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415371",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2014157",
"source": "cve@gitlab.com"
}
]
}

8
CVE-2023/CVE-2023-339xx/CVE-2023-33924.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33924",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:07.870",
"lastModified": "2023-11-06T09:15:07.870",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Felix Welberg SIS Handball permite la inyecci\u00f3n SQL. Este problema afecta a SIS Handball: desde n/a hasta 1.0.45."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-33xx/CVE-2023-3399.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3399",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-11-06T13:15:09.503",
"lastModified": "2023-11-06T13:15:52.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416244",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2021616",
"source": "cve@gitlab.com"
}
]
}

8
CVE-2023/CVE-2023-359xx/CVE-2023-35910.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35910",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-04T00:15:08.657",
"lastModified": "2023-11-04T00:15:08.657",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free \u2013 Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free \u2013 Contact Form Builder for WordPress: from n/a through 6.0.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Nucleus_genius Quasar form free \u2013 Contact Form Builder para WordPress permite la inyecci\u00f3n SQL. Este problema afecta a Quasar form free \u2013 Contact Form Builder para WordPress: desde n/a hasta 6.0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-359xx/CVE-2023-35911.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35911",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:07.947",
"lastModified": "2023-11-06T09:15:07.947",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Creative Solutions Contact Form Generator: el creador de formularios creativos para WordPress permite la inyecci\u00f3n SQL. Este problema afecta al Contact Form Generator: creador de formularios creativos para WordPress: de n/a hasta 2.6.0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-366xx/CVE-2023-36677.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36677",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-03T23:15:08.417",
"lastModified": "2023-11-03T23:15:08.417",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Smartypants SP Project & Document Manager permite la inyecci\u00f3n SQL. Este problema afecta a SP Project & Document Manager: desde n/a hasta 4.67."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38382.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38382",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.123",
"lastModified": "2023-11-06T09:15:08.123",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel S\u00f6derstr\u00f6m / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Daniel S\u00f6derstr\u00f6m / Sidney van de Stouwe Subscribe to Category permite la inyecci\u00f3n SQL. Este problema afecta Subscribe to Category: desde n/a hasta 2.7.4."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38391.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38391",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-04T00:15:08.730",
"lastModified": "2023-11-04T00:15:08.730",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Themesgrove Onepage Builder permite la inyecci\u00f3n SQL. Este problema afecta a Onepage Builder: desde n/a hasta 2.4.1."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-384xx/CVE-2023-38406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38406",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T06:15:40.850",
"lastModified": "2023-11-06T06:15:40.850",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-384xx/CVE-2023-38407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38407",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T06:15:40.907",
"lastModified": "2023-11-06T06:15:40.907",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-39xx/CVE-2023-3909.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3909",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-11-06T13:15:09.653",
"lastModified": "2023-11-06T13:15:52.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418763",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2050269",
"source": "cve@gitlab.com"
}
]
}

8
CVE-2023/CVE-2023-402xx/CVE-2023-40207.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40207",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.237",
"lastModified": "2023-11-06T09:15:08.237",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy \u2013 Smart Donations allows SQL Injection.This issue affects Donations Made Easy \u2013 Smart Donations: from n/a through 4.0.12.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en RedNao Donations Made Easy \u2013 Smart Donations permite la inyecci\u00f3n de SQL. Este problema afecta a Donations Made Easy \u2013 Smart Donations: desde n/a hasta 4.0.12."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40215.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40215",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-04T00:15:08.797",
"lastModified": "2023-11-04T00:15:08.797",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en la anotaci\u00f3n Demonisblack demon image permite la inyecci\u00f3n SQL. Este problema afecta a la anotaci\u00f3n demon image : desde n/a hasta 5.1."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-406xx/CVE-2023-40609.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40609",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.307",
"lastModified": "2023-11-06T09:15:08.307",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en la validaci\u00f3n Aiyaz, maheshpatel Contact form 7 Custom personalizada permite la inyecci\u00f3n de SQL. Este problema afecta la validaci\u00f3n de Contact form 7 Custom: desde n/a hasta 1.1.3."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-409xx/CVE-2023-40922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40922",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:07.807",
"lastModified": "2023-11-04T23:15:07.807",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que kerawen anterior a v2.5.1 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro ocs_id_cart en KerawenDeliveryModuleFrontController::initContent()."
}
],
"metrics": {},

123
CVE-2023/CVE-2023-412xx/CVE-2023-41255.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41255",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:30.737",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T14:33:10.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-416xx/CVE-2023-41685.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41685",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.367",
"lastModified": "2023-11-06T09:15:08.367",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en ilGhera Woocommerce Support System permite la inyecci\u00f3n de SQL. Este problema afecta Woocommerce Support System: desde n/a hasta 1.2.1."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-417xx/CVE-2023-41725.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41725",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:09.093",
"lastModified": "2023-11-03T20:15:09.093",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios locales de carga de archivos sin restricciones de Ivanti Avalanche EnterpriseServer Service"
}
],
"metrics": {

8
CVE-2023/CVE-2023-417xx/CVE-2023-41726.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41726",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:09.143",
"lastModified": "2023-11-03T20:15:09.143",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability"
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos de Ivanti Avalanche permiten una vulnerabilidad de escalada de privilegios locales"
}
],
"metrics": {

4
CVE-2023/CVE-2023-426xx/CVE-2023-42669.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42669",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T07:15:09.137",
"lastModified": "2023-11-06T07:15:09.137",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

123
CVE-2023/CVE-2023-434xx/CVE-2023-43488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43488",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:31.800",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T14:41:18.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-450xx/CVE-2023-45001.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45001",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.427",
"lastModified": "2023-11-06T09:15:08.427",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Castos Seriously Simple Stats permite la inyecci\u00f3n SQL. Este problema afecta a Seriously Simple Stats: desde n/a hasta 1.5.0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-450xx/CVE-2023-45046.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45046",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.493",
"lastModified": "2023-11-06T09:15:08.493",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Pressference Pressference Exporter permite la inyecci\u00f3n SQL. Este problema afecta a Pressference Exporter: desde n/a hasta 1.0.3."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-450xx/CVE-2023-45055.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45055",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.553",
"lastModified": "2023-11-06T09:15:08.553",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en la API MStore de InspireUI permite la inyecci\u00f3n SQL. Este problema afecta a la API MStore: desde n/a hasta 4.0.6."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-450xx/CVE-2023-45069.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45069",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.617",
"lastModified": "2023-11-06T09:15:08.617",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery \u2013 Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery \u2013 Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Video Gallery de Total-Soft Video Gallery - Best WordPress YouTube Gallery Plugin permite la inyecci\u00f3n de SQL. Este problema afecta a Video Gallery \u2013 Best WordPress YouTube Gallery Plugin para WordPress desde n /a hasta 2.1.3."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-450xx/CVE-2023-45074.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45074",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.673",
"lastModified": "2023-11-06T09:15:08.673",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin para WordPress permite la inyecci\u00f3n SQL. Este problema afecta Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin para WordPress : desde n/a hasta 7.1.1."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-451xx/CVE-2023-45161.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45161",
"sourceIdentifier": "security@1e.com",
"published": "2023-11-06T13:15:09.730",
"lastModified": "2023-11-06T13:15:52.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@1e.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@1e.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.1e.com/product-packs/network/",
"source": "security@1e.com"
},
{
"url": "https://www.1e.com/trust-security-compliance/cve-info/",
"source": "security@1e.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45163.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45163",
"sourceIdentifier": "security@1e.com",
"published": "2023-11-06T13:15:09.807",
"lastModified": "2023-11-06T13:15:52.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nThe 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@1e.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@1e.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://https://exchange.1e.com/product-packs/network/",
"source": "security@1e.com"
},
{
"url": "https://www.1e.com/trust-security-compliance/cve-info/",
"source": "security@1e.com"
}
]
}

8
CVE-2023/CVE-2023-451xx/CVE-2023-45189.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45189",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-03T23:15:08.617",
"lastModified": "2023-11-03T23:15:08.617",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752."
},
{
"lang": "es",
"value": "Una vulnerabilidad en IBM Robotic Process Automation e IBM Robotic Process Automation para Cloud Pak 21.0.0 a 21.0.7.10, 23.0.0 a 23.0.10 puede provocar acceso a las credenciales de la b\u00f3veda del cliente. Esta vulnerabilidad dif\u00edcil de explotar podr\u00eda permitir que un atacante con pocos privilegios acceda mediante programaci\u00f3n a las credenciales de la b\u00f3veda del cliente. ID de IBM X-Force: 268752."
}
],
"metrics": {

123
CVE-2023/CVE-2023-452xx/CVE-2023-45220.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45220",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:33.107",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T14:42:32.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

123
CVE-2023/CVE-2023-453xx/CVE-2023-45321.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45321",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:33.183",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T14:44:12.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-456xx/CVE-2023-45657.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45657",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.730",
"lastModified": "2023-11-06T09:15:08.730",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en POSIMYTH Nexter permite la inyecci\u00f3n SQL. Este problema afecta a Nexter: desde n/a hasta 2.0.3."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-458xx/CVE-2023-45830.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T09:15:08.790",
"lastModified": "2023-11-06T09:15:08.790",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Online ADA Accessibility Suite de Online ADA permite la inyecci\u00f3n de SQL. Este problema afecta a Accessibility Suite de Online ADA: desde n/a hasta 4.11."
}
],
"metrics": {},

125
CVE-2023/CVE-2023-458xx/CVE-2023-45844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45844",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:35.347",
"lastModified": "2023-10-25T20:31:55.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T14:39:14.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "psirt@bosch.com",
@ -39,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +82,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

123
CVE-2023/CVE-2023-458xx/CVE-2023-45851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45851",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:35.427",
"lastModified": "2023-10-25T20:31:55.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T14:33:29.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-45xx/CVE-2023-4586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4586",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T11:15:10.500",
"lastModified": "2023-10-23T18:57:20.287",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-06T13:15:09.880",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -134,14 +134,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268",
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-460xx/CVE-2023-46072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46072",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-26T12:15:08.613",
"lastModified": "2023-10-26T12:58:59.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T14:42:49.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:add_shortcodes_actions_and_filters_project:add_shortcodes_actions_and_filters:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.9",
"matchCriteriaId": "50924A41-8AA1-4D8D-88A0-B32B5D0D1A6F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-460xx/CVE-2023-46084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46084",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:07.917",
"lastModified": "2023-11-06T10:15:07.917",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

123
CVE-2023/CVE-2023-461xx/CVE-2023-46102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46102",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:36.033",
"lastModified": "2023-10-25T20:31:55.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T14:33:08.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-463xx/CVE-2023-46380.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46380",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:07.910",
"lastModified": "2023-11-04T23:15:07.910",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP."
},
{
"lang": "es",
"value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 env\u00edan solicitudes de cambio de contrase\u00f1a a trav\u00e9s de HTTP de texto plano."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-463xx/CVE-2023-46381.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46381",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:07.957",
"lastModified": "2023-11-04T23:15:07.957",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
},
{
"lang": "es",
"value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 carecen de autenticaci\u00f3n para la versi\u00f3n preinstalada de LWEB-802 a trav\u00e9s de un URI lweb802_pre/. Un atacante no autenticado puede editar cualquier proyecto (o crear un proyecto nuevo) y controlar su GUI."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-463xx/CVE-2023-46382.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:08.003",
"lastModified": "2023-11-04T23:15:08.003",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login."
},
{
"lang": "es",
"value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 utilizan HTTP de texto plano para iniciar sesi\u00f3n."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-467xx/CVE-2023-46775.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T11:15:09.347",
"lastModified": "2023-11-06T11:15:09.347",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46776",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.380",
"lastModified": "2023-11-06T12:15:08.380",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.450",
"lastModified": "2023-11-06T12:15:08.450",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46778.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46778",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.513",
"lastModified": "2023-11-06T12:15:08.513",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46779",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.573",
"lastModified": "2023-11-06T12:15:08.573",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46780",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.637",
"lastModified": "2023-11-06T12:15:08.637",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46781",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.700",
"lastModified": "2023-11-06T12:15:08.700",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46782",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:07.987",
"lastModified": "2023-11-06T10:15:07.987",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46783",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.060",
"lastModified": "2023-11-06T10:15:08.060",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-468xx/CVE-2023-46802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46802",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-06T02:15:07.333",
"lastModified": "2023-11-06T02:15:07.333",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-468xx/CVE-2023-46821.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46821",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.130",
"lastModified": "2023-11-06T10:15:08.130",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-468xx/CVE-2023-46822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46822",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.200",
"lastModified": "2023-11-06T10:15:08.200",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-468xx/CVE-2023-46823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46823",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.263",
"lastModified": "2023-11-06T10:15:08.263",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-468xx/CVE-2023-46824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46824",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.330",
"lastModified": "2023-11-06T10:15:08.330",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-469xx/CVE-2023-46963.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46963",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:08.100",
"lastModified": "2023-11-04T23:15:08.100",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function."
},
{
"lang": "es",
"value": "Un problema en Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s del par\u00e1metro de contrase\u00f1a en la funci\u00f3n de inicio de sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-469xx/CVE-2023-46964.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46964",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-05T00:15:08.527",
"lastModified": "2023-11-05T00:15:08.527",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante el uso de filtrado front-end en lugar de filtrado back-end."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-469xx/CVE-2023-46981.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46981",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-05T00:15:08.580",
"lastModified": "2023-11-05T00:15:08.580",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Novel-Plus v.4.2.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro sort en /common/log/list."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-46xx/CVE-2023-4625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4625",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-06T05:15:15.187",
"lastModified": "2023-11-06T06:15:41.487",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-46xx/CVE-2023-4699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4699",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-06T06:15:41.563",
"lastModified": "2023-11-06T06:15:41.563",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-471xx/CVE-2023-47177.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47177",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.403",
"lastModified": "2023-11-06T10:15:08.403",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-471xx/CVE-2023-47182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47182",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.470",
"lastModified": "2023-11-06T10:15:08.470",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-471xx/CVE-2023-47184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47184",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.577",
"lastModified": "2023-11-06T10:15:08.577",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-471xx/CVE-2023-47185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47185",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T11:15:09.497",
"lastModified": "2023-11-06T11:15:09.497",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-471xx/CVE-2023-47186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47186",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T12:15:08.760",
"lastModified": "2023-11-06T12:15:08.760",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-472xx/CVE-2023-47233.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47233",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T21:15:17.360",
"lastModified": "2023-11-04T22:15:08.517",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
},
{
"lang": "es",
"value": "El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un c\u00f3digo brcmf_cfg80211_detach use after free en el c\u00f3digo de desconexi\u00f3n del dispositivo (desconectar el USB mediante conexi\u00f3n en caliente). Para los atacantes f\u00edsicamente pr\u00f3ximos con acceso local, esto \"podr\u00eda explotarse en un escenario del mundo real\". Esto est\u00e1 relacionado con brcmf_cfg80211_escan_timeout_worker en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-472xx/CVE-2023-47234.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47234",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T21:15:17.420",
"lastModified": "2023-11-03T21:15:17.420",
"vulnStatus": "Received",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir un bloqueo al procesar un mensaje BGP UPDATE manipulado con un atributo MP_UNREACH_NLRI y datos NLRI adicionales (que carecen de atributos de ruta obligatorios)."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More