diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20187.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20187.json index a5e7a471ebe..c3bdbdc9eea 100644 --- a/CVE-2017/CVE-2017-201xx/CVE-2017-20187.json +++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20187.json @@ -2,12 +2,16 @@ "id": "CVE-2017-20187", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-05T21:15:09.190", - "lastModified": "2023-11-05T21:15:09.190", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "es", + "value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad en Magnesium-PHP hasta 0.3.0. Ha sido clasificada como problem\u00e1tica. La funci\u00f3n formatEmailString del archivo src/Magnesium/Message/Base.php es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento correo electr\u00f3nico/nombre conduce a la inyecci\u00f3n. La actualizaci\u00f3n a la versi\u00f3n 0.3.1 puede solucionar este problema. El parche se identifica como 500d340e1f6421007413cc08a8383475221c2604. Se recomienda actualizar el componente afectado. VDB-244482 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor." } ], "metrics": { diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json index 88886f3825b..c175f3f901e 100644 --- a/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json @@ -2,12 +2,16 @@ "id": "CVE-2018-25092", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-05T21:15:09.357", - "lastModified": "2023-11-05T21:15:09.357", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Vaerys-Dawn DiscordSailv2 hasta 2.10.2. Que ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del componente Command Mention Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. La actualizaci\u00f3n a la versi\u00f3n 2.10.3 puede solucionar este problema. El parche se llama cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-244483." } ], "metrics": { diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json index 924a2485813..973fd2d1b71 100644 --- a/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json @@ -2,8 +2,8 @@ "id": "CVE-2018-25093", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-06T01:15:08.690", - "lastModified": "2023-11-06T01:15:08.690", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4430.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4430.json index 673375aa7dc..e6e20f9ddac 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4430.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4430.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4430", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-06T08:15:21.343", - "lastModified": "2023-11-06T08:15:21.343", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json b/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json index c261d8e371b..11bbf5e96b9 100644 --- a/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json +++ b/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json @@ -2,12 +2,16 @@ "id": "CVE-2022-3172", "sourceIdentifier": "jordan@liggitt.net", "published": "2023-11-03T20:15:08.550", - "lastModified": "2023-11-03T20:15:08.550", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL. This could\n lead to the client performing unexpected actions as well as forwarding \nthe client's API server credentials to third parties.\n" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema de seguridad en kube-apiserver que permite que un servidor API agregado redirija el tr\u00e1fico del cliente a cualquier URL. Esto podr\u00eda llevar a que el cliente realice acciones inesperadas, as\u00ed como a que reenv\u00ede las credenciales del servidor API del cliente a terceros." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43554.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43554.json index 6dc5653ff62..6fbcacefc54 100644 --- a/CVE-2022/CVE-2022-435xx/CVE-2022-43554.json +++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43554.json @@ -2,12 +2,16 @@ "id": "CVE-2022-43554", "sourceIdentifier": "support@hackerone.com", "published": "2023-11-03T20:15:08.690", - "lastModified": "2023-11-03T20:15:08.690", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de escalada de privilegios locales de autenticaci\u00f3n faltante de Ivanti Avalanche Smart Device Service" } ], "metrics": { diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43555.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43555.json index 94b02912345..fbe29ab1365 100644 --- a/CVE-2022/CVE-2022-435xx/CVE-2022-43555.json +++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43555.json @@ -2,12 +2,16 @@ "id": "CVE-2022-43555", "sourceIdentifier": "support@hackerone.com", "published": "2023-11-03T20:15:08.757", - "lastModified": "2023-11-03T20:15:08.757", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de escalada de privilegios locales sin autenticaci\u00f3n de Ivanti Avalanche Printer Device Service" } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44569.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44569.json index c66e61e4412..e5bfd9410fc 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44569.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44569.json @@ -2,12 +2,16 @@ "id": "CVE-2022-44569", "sourceIdentifier": "support@hackerone.com", "published": "2023-11-03T20:15:08.813", - "lastModified": "2023-11-03T20:15:08.813", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication." + }, + { + "lang": "es", + "value": "Un atacante autenticado localmente con pocos privilegios puede omitir la autenticaci\u00f3n debido a una comunicaci\u00f3n insegura entre procesos." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json index f9ac79f9a50..35f047f54cd 100644 --- a/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json +++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45373", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.547", - "lastModified": "2023-11-06T08:15:21.547", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json index d96a780bca2..58a63d34e6f 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46849", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.623", - "lastModified": "2023-11-06T08:15:21.623", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json index 9870cf52ad9..77595d20fd3 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json @@ -2,12 +2,16 @@ "id": "CVE-2022-46860", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.690", - "lastModified": "2023-11-06T08:15:21.690", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en KaizenCoders Short URL permite la inyecci\u00f3n SQL. Este problema afecta Short URL: desde n/a hasta 1.6.4." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json index f0045b517bd..f43595ae281 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47420", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.757", - "lastModified": "2023-11-06T08:15:21.757", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Online ADA Accessibility Suite de Online ADA permite la inyecci\u00f3n de SQL. Este problema afecta a Accessibility Suite de Online ADA: desde n/a hasta 4.11." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json index e9a15faa72d..7d0d99f9b64 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47428", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.830", - "lastModified": "2023-11-06T08:15:21.830", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en WpDevArt Booking calendar, Appointment Booking System permite la inyecci\u00f3n de SQL. Este problema afecta Booking calendar, Appointment Booking System: desde n/a hasta 3.2.7." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json index 4e0b39d69a0..637c0eebacd 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47430", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.893", - "lastModified": "2023-11-06T08:15:21.893", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management \u2013 Education & Learning Management allows SQL Injection.This issue affects The School Management \u2013 Education & Learning Management: from n/a through 4.1.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Weblizar The School Management \u2013 Education & Learning Management permite la inyecci\u00f3n SQL. Este problema afecta a The School Management \u2013 Education & Learning Management: desde n/a hasta 4.1." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json index 827f5b3633c..686165be715 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47432", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.963", - "lastModified": "2023-11-06T08:15:21.963", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Kemal YAZICI - PluginPress Shortcode IMDB permite la inyecci\u00f3n SQL. Este problema afecta a Shortcode IMDB: desde n/a hasta 6.0.8." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20702.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20702.json index 92391e26645..0d2830f2205 100644 --- a/CVE-2023/CVE-2023-207xx/CVE-2023-20702.json +++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20702", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.653", - "lastModified": "2023-11-06T04:15:07.653", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21327.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21327.json index 45d3b390ed5..c4411a6d8e3 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21327.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21327.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21327", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:49.113", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T14:47:48.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Permission Manager, existe una manera posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json index 370fec647dc..f21e59f8a3d 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23702", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:07.827", - "lastModified": "2023-11-06T10:15:07.827", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27605.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27605.json index dd031d632e1..33ec4e91bf4 100644 --- a/CVE-2023/CVE-2023-276xx/CVE-2023-27605.json +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27605.json @@ -2,12 +2,16 @@ "id": "CVE-2023-27605", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:07.717", - "lastModified": "2023-11-06T09:15:07.717", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Sajjad Hossain WP Reroute Email permite la inyecci\u00f3n SQL. Este problema afecta a WP Reroute Email: desde n/a hasta 1.4.6." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28748.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28748.json index 4ea1c70a6bc..1abf2526cdd 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28748.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28748.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28748", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:07.790", - "lastModified": "2023-11-06T09:15:07.790", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Biztechc Copy or Move Comments permite la inyecci\u00f3n SQL. Este problema afecta Copy or Move Comments: desde n/a hasta 5.0.4." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json index 42525f2abbe..40f2a068e44 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28794", "sourceIdentifier": "cve@zscaler.com", "published": "2023-11-06T08:15:22.037", - "lastModified": "2023-11-06T08:15:22.037", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de error de validaci\u00f3n de origen en Zscaler Client Connector en Linux permite el abuso de privilegios. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32741.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32741.json index 7188b3a1137..ac36027c4d0 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32741.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32741.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32741", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-04T00:15:08.573", - "lastModified": "2023-11-04T00:15:08.573", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en IT Path Solutions PVT LTD El formulario de contacto para cualquier API permite la inyecci\u00f3n de SQL. Este problema afecta el formulario de contacto para cualquier API: desde n/a hasta 1.1.2." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32818.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32818.json index f5248689e71..7ded4fe68ce 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32818.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32818.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32818", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.713", - "lastModified": "2023-11-06T04:15:07.713", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32825.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32825.json index 87ceba72a55..ca9cc02a84b 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32825.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32825.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32825", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.757", - "lastModified": "2023-11-06T04:15:07.757", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32832.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32832.json index 7bd83ffecf5..ec049c652a3 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32832.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32832.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32832", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.797", - "lastModified": "2023-11-06T04:15:07.797", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32834.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32834.json index 789be865778..7a8e125adb7 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32834.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32834.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32834", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.843", - "lastModified": "2023-11-06T04:15:07.843", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32835.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32835.json index f92041d0d76..f7c63256924 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32835.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32835.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32835", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.887", - "lastModified": "2023-11-06T04:15:07.887", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32836.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32836.json index cd7031e81bc..557467fcc9b 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32836.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32836.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32836", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.930", - "lastModified": "2023-11-06T04:15:07.930", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32837.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32837.json index 77962fcaa88..5f37e23d33c 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32837.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32837.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32837", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:07.973", - "lastModified": "2023-11-06T04:15:07.973", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32838.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32838.json index db92857e8a8..6422de1af36 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32838.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32838.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32838", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:08.013", - "lastModified": "2023-11-06T04:15:08.013", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32839.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32839.json index 3b826a4324c..2df86f99bec 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32839.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32839.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32839", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:08.053", - "lastModified": "2023-11-06T04:15:08.053", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32840.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32840.json index 3ba60393b94..fe1748999ba 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32840.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32840.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32840", "sourceIdentifier": "security@mediatek.com", "published": "2023-11-06T04:15:08.097", - "lastModified": "2023-11-06T04:15:08.097", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3246.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3246.json new file mode 100644 index 00000000000..093af9eaae8 --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3246.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3246", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-11-06T13:15:09.397", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415371", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2014157", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33924.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33924.json index 04483fb586b..4f80df8df46 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33924.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33924.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33924", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:07.870", - "lastModified": "2023-11-06T09:15:07.870", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Felix Welberg SIS Handball permite la inyecci\u00f3n SQL. Este problema afecta a SIS Handball: desde n/a hasta 1.0.45." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3399.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3399.json new file mode 100644 index 00000000000..1fcb4538713 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3399.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3399", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-11-06T13:15:09.503", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416244", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2021616", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35910.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35910.json index d01b5da3e79..aa95e9aab2e 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35910.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35910.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35910", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-04T00:15:08.657", - "lastModified": "2023-11-04T00:15:08.657", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free \u2013 Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free \u2013 Contact Form Builder for WordPress: from n/a through 6.0.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Nucleus_genius Quasar form free \u2013 Contact Form Builder para WordPress permite la inyecci\u00f3n SQL. Este problema afecta a Quasar form free \u2013 Contact Form Builder para WordPress: desde n/a hasta 6.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35911.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35911.json index 03a74347b82..344b7718261 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35911.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35911.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35911", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:07.947", - "lastModified": "2023-11-06T09:15:07.947", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Creative Solutions Contact Form Generator: el creador de formularios creativos para WordPress permite la inyecci\u00f3n SQL. Este problema afecta al Contact Form Generator: creador de formularios creativos para WordPress: de n/a hasta 2.6.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36677.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36677.json index 724447fa585..d3ea07dfb01 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36677.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36677.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36677", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-03T23:15:08.417", - "lastModified": "2023-11-03T23:15:08.417", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Smartypants SP Project & Document Manager permite la inyecci\u00f3n SQL. Este problema afecta a SP Project & Document Manager: desde n/a hasta 4.67." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38382.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38382.json index d1dba351b30..ca8391d555f 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38382.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38382.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38382", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.123", - "lastModified": "2023-11-06T09:15:08.123", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel S\u00f6derstr\u00f6m / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Daniel S\u00f6derstr\u00f6m / Sidney van de Stouwe Subscribe to Category permite la inyecci\u00f3n SQL. Este problema afecta Subscribe to Category: desde n/a hasta 2.7.4." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38391.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38391.json index c796c57c296..ef96e79df81 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38391.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38391.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38391", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-04T00:15:08.730", - "lastModified": "2023-11-04T00:15:08.730", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Themesgrove Onepage Builder permite la inyecci\u00f3n SQL. Este problema afecta a Onepage Builder: desde n/a hasta 2.4.1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json index 3580e7d6db8..b162e5cb670 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38406", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T06:15:40.850", - "lastModified": "2023-11-06T06:15:40.850", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json index cf7bf8cbad6..c2a27807d47 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38407", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T06:15:40.907", - "lastModified": "2023-11-06T06:15:40.907", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3909.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3909.json new file mode 100644 index 00000000000..1d93ea54671 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3909.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3909", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-11-06T13:15:09.653", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418763", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2050269", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40207.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40207.json index c663817054e..e451bcec3c1 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40207.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40207.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40207", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.237", - "lastModified": "2023-11-06T09:15:08.237", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy \u2013 Smart Donations allows SQL Injection.This issue affects Donations Made Easy \u2013 Smart Donations: from n/a through 4.0.12.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en RedNao Donations Made Easy \u2013 Smart Donations permite la inyecci\u00f3n de SQL. Este problema afecta a Donations Made Easy \u2013 Smart Donations: desde n/a hasta 4.0.12." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40215.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40215.json index 365efcd5ea8..67ffa2eff16 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40215.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40215.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40215", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-04T00:15:08.797", - "lastModified": "2023-11-04T00:15:08.797", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en la anotaci\u00f3n Demonisblack demon image permite la inyecci\u00f3n SQL. Este problema afecta a la anotaci\u00f3n demon image : desde n/a hasta 5.1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40609.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40609.json index b71c61d114e..9992a654183 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40609.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40609.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40609", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.307", - "lastModified": "2023-11-06T09:15:08.307", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en la validaci\u00f3n Aiyaz, maheshpatel Contact form 7 Custom personalizada permite la inyecci\u00f3n de SQL. Este problema afecta la validaci\u00f3n de Contact form 7 Custom: desde n/a hasta 1.1.3." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40922.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40922.json index 99ab38535a3..85a8a96acec 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40922.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40922.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40922", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:07.807", - "lastModified": "2023-11-04T23:15:07.807", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent()." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que kerawen anterior a v2.5.1 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro ocs_id_cart en KerawenDeliveryModuleFrontController::initContent()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41255.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41255.json index d150542cdfb..1def9d5057f 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41255.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41255.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41255", "sourceIdentifier": "psirt@bosch.com", "published": "2023-10-25T18:17:30.737", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T14:33:10.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -50,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", + "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41685.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41685.json index 63e9ca0df63..645e19f2c71 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41685.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41685.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41685", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.367", - "lastModified": "2023-11-06T09:15:08.367", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en ilGhera Woocommerce Support System permite la inyecci\u00f3n de SQL. Este problema afecta Woocommerce Support System: desde n/a hasta 1.2.1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41725.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41725.json index 9cd48884992..425eb002167 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41725.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41725.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41725", "sourceIdentifier": "support@hackerone.com", "published": "2023-11-03T20:15:09.093", - "lastModified": "2023-11-03T20:15:09.093", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de escalada de privilegios locales de carga de archivos sin restricciones de Ivanti Avalanche EnterpriseServer Service" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41726.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41726.json index d7cd8bcd61d..1b773fb06db 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41726.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41726.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41726", "sourceIdentifier": "support@hackerone.com", "published": "2023-11-03T20:15:09.143", - "lastModified": "2023-11-03T20:15:09.143", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability" + }, + { + "lang": "es", + "value": "Los permisos predeterminados incorrectos de Ivanti Avalanche permiten una vulnerabilidad de escalada de privilegios locales" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-426xx/CVE-2023-42669.json b/CVE-2023/CVE-2023-426xx/CVE-2023-42669.json index b14c1f1ab7d..36ab26eb0f7 100644 --- a/CVE-2023/CVE-2023-426xx/CVE-2023-42669.json +++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42669.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42669", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-06T07:15:09.137", - "lastModified": "2023-11-06T07:15:09.137", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43488.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43488.json index b9e68e18b35..56271cb01e6 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43488.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43488.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43488", "sourceIdentifier": "psirt@bosch.com", "published": "2023-10-25T18:17:31.800", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T14:41:18.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -50,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", + "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45001.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45001.json index fbbaaecf2a2..f6fc6729d8c 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45001.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45001.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45001", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.427", - "lastModified": "2023-11-06T09:15:08.427", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Castos Seriously Simple Stats permite la inyecci\u00f3n SQL. Este problema afecta a Seriously Simple Stats: desde n/a hasta 1.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45046.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45046.json index 3a96c5f5570..f75d7775f1e 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45046.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45046.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45046", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.493", - "lastModified": "2023-11-06T09:15:08.493", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Pressference Pressference Exporter permite la inyecci\u00f3n SQL. Este problema afecta a Pressference Exporter: desde n/a hasta 1.0.3." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45055.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45055.json index df70e6599d7..5c680b194dc 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45055.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45055.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45055", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.553", - "lastModified": "2023-11-06T09:15:08.553", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en la API MStore de InspireUI permite la inyecci\u00f3n SQL. Este problema afecta a la API MStore: desde n/a hasta 4.0.6." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45069.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45069.json index 60dd852e61d..49fe3c39a8f 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45069.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45069.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45069", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.617", - "lastModified": "2023-11-06T09:15:08.617", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery \u2013 Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery \u2013 Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Video Gallery de Total-Soft Video Gallery - Best WordPress YouTube Gallery Plugin permite la inyecci\u00f3n de SQL. Este problema afecta a Video Gallery \u2013 Best WordPress YouTube Gallery Plugin para WordPress desde n /a hasta 2.1.3." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45074.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45074.json index de5f3a0f826..19ce56f3f0f 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45074.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45074.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45074", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.673", - "lastModified": "2023-11-06T09:15:08.673", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin para WordPress permite la inyecci\u00f3n SQL. Este problema afecta Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin para WordPress : desde n/a hasta 7.1.1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45161.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45161.json new file mode 100644 index 00000000000..5570037f0d6 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45161.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45161", + "sourceIdentifier": "security@1e.com", + "published": "2023-11-06T13:15:09.730", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@1e.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@1e.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.1e.com/product-packs/network/", + "source": "security@1e.com" + }, + { + "url": "https://www.1e.com/trust-security-compliance/cve-info/", + "source": "security@1e.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45163.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45163.json new file mode 100644 index 00000000000..2d430de27bf --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45163.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45163", + "sourceIdentifier": "security@1e.com", + "published": "2023-11-06T13:15:09.807", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nThe 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@1e.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@1e.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://https://exchange.1e.com/product-packs/network/", + "source": "security@1e.com" + }, + { + "url": "https://www.1e.com/trust-security-compliance/cve-info/", + "source": "security@1e.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45189.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45189.json index 6609f727028..9586085ffc2 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45189.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45189.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45189", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-11-03T23:15:08.617", - "lastModified": "2023-11-03T23:15:08.617", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en IBM Robotic Process Automation e IBM Robotic Process Automation para Cloud Pak 21.0.0 a 21.0.7.10, 23.0.0 a 23.0.10 puede provocar acceso a las credenciales de la b\u00f3veda del cliente. Esta vulnerabilidad dif\u00edcil de explotar podr\u00eda permitir que un atacante con pocos privilegios acceda mediante programaci\u00f3n a las credenciales de la b\u00f3veda del cliente. ID de IBM X-Force: 268752." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45220.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45220.json index 170cb12bce6..380c6885fd1 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45220.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45220.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45220", "sourceIdentifier": "psirt@bosch.com", "published": "2023-10-25T18:17:33.107", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T14:42:32.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -50,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", + "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45321.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45321.json index 57cb25be4a1..51fe0d17561 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45321.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45321.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45321", "sourceIdentifier": "psirt@bosch.com", "published": "2023-10-25T18:17:33.183", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T14:44:12.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -50,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", + "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json index 4769e4e4a11..01533fb9913 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45657", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.730", - "lastModified": "2023-11-06T09:15:08.730", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en POSIMYTH Nexter permite la inyecci\u00f3n SQL. Este problema afecta a Nexter: desde n/a hasta 2.0.3." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json index 790c81ac0b5..bd55511171c 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45830", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.790", - "lastModified": "2023-11-06T09:15:08.790", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Online ADA Accessibility Suite de Online ADA permite la inyecci\u00f3n de SQL. Este problema afecta a Accessibility Suite de Online ADA: desde n/a hasta 4.11." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45844.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45844.json index 0f8f2bca443..429eeaf8c68 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45844.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45844.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45844", "sourceIdentifier": "psirt@bosch.com", "published": "2023-10-25T18:17:35.347", - "lastModified": "2023-10-25T20:31:55.900", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T14:39:14.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "psirt@bosch.com", @@ -39,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -50,10 +82,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", + "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45851.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45851.json index 1fe598a9569..8ebd379aa8e 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45851.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45851.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45851", "sourceIdentifier": "psirt@bosch.com", "published": "2023-10-25T18:17:35.427", - "lastModified": "2023-10-25T20:31:55.900", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T14:33:29.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -50,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", + "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json index b62525312db..8249243815a 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4586.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4586", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T11:15:10.500", - "lastModified": "2023-10-23T18:57:20.287", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-06T13:15:09.880", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -134,14 +134,6 @@ "Issue Tracking", "Third Party Advisory" ] - }, - { - "url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268", - "source": "secalert@redhat.com", - "tags": [ - "Issue Tracking", - "Third Party Advisory" - ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46072.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46072.json index 6c08ca78078..34a4c37d020 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46072.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46072.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46072", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-26T12:15:08.613", - "lastModified": "2023-10-26T12:58:59.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T14:42:49.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:add_shortcodes_actions_and_filters_project:add_shortcodes_actions_and_filters:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.9", + "matchCriteriaId": "50924A41-8AA1-4D8D-88A0-B32B5D0D1A6F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json index 831128f5f78..10b3103b7bc 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46084", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:07.917", - "lastModified": "2023-11-06T10:15:07.917", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46102.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46102.json index 8380de9fd8f..21081bbe43e 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46102.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46102.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46102", "sourceIdentifier": "psirt@bosch.com", "published": "2023-10-25T18:17:36.033", - "lastModified": "2023-10-25T20:31:55.900", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T14:33:08.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -50,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", + "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json index a7d790b9bbd..50af3f4f468 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46380", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:07.910", - "lastModified": "2023-11-04T23:15:07.910", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP." + }, + { + "lang": "es", + "value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 env\u00edan solicitudes de cambio de contrase\u00f1a a trav\u00e9s de HTTP de texto plano." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json index 8674eb641d8..218a40e10f5 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46381", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:07.957", - "lastModified": "2023-11-04T23:15:07.957", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI." + }, + { + "lang": "es", + "value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 carecen de autenticaci\u00f3n para la versi\u00f3n preinstalada de LWEB-802 a trav\u00e9s de un URI lweb802_pre/. Un atacante no autenticado puede editar cualquier proyecto (o crear un proyecto nuevo) y controlar su GUI." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json index 0e2cfc53864..d5617e24af7 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46382", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:08.003", - "lastModified": "2023-11-04T23:15:08.003", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login." + }, + { + "lang": "es", + "value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 utilizan HTTP de texto plano para iniciar sesi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46775.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46775.json index 44a0c1ab314..c26422c8871 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46775.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46775.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46775", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T11:15:09.347", - "lastModified": "2023-11-06T11:15:09.347", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json index cd7ddcdc723..227cb841c6d 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46776", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.380", - "lastModified": "2023-11-06T12:15:08.380", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46777.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46777.json index 58e82813bd6..46ae13271ad 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46777.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46777.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46777", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.450", - "lastModified": "2023-11-06T12:15:08.450", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json index fbd1bf53e5a..5ec3602109e 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46778", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.513", - "lastModified": "2023-11-06T12:15:08.513", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json index 65dc6dfff2a..3629d9056d4 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46779", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.573", - "lastModified": "2023-11-06T12:15:08.573", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json index 58a972ff435..23f38ddc41a 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46780", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.637", - "lastModified": "2023-11-06T12:15:08.637", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json index 8c268deecda..52633161e32 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46781", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.700", - "lastModified": "2023-11-06T12:15:08.700", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json index 747a12a1895..03d9a690b28 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46782", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:07.987", - "lastModified": "2023-11-06T10:15:07.987", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json index 4fc49c1f061..e4aa62a54b1 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46783", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.060", - "lastModified": "2023-11-06T10:15:08.060", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json index 16a4bec3a38..2edb15058de 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46802", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-06T02:15:07.333", - "lastModified": "2023-11-06T02:15:07.333", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46821.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46821.json index da8421c6fc2..f39e75cac7d 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46821.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46821.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46821", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.130", - "lastModified": "2023-11-06T10:15:08.130", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46822.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46822.json index 880ae58c155..b9b74080425 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46822.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46822.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46822", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.200", - "lastModified": "2023-11-06T10:15:08.200", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46823.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46823.json index ef672b7e682..d50e0486769 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46823.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46823.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46823", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.263", - "lastModified": "2023-11-06T10:15:08.263", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46824.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46824.json index 6dc73bf439d..69b9ae864e5 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46824.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46824.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46824", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.330", - "lastModified": "2023-11-06T10:15:08.330", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46963.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46963.json index 0dee53dff3c..166e1aec1c5 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46963.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46963.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46963", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:08.100", - "lastModified": "2023-11-04T23:15:08.100", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function." + }, + { + "lang": "es", + "value": "Un problema en Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s del par\u00e1metro de contrase\u00f1a en la funci\u00f3n de inicio de sesi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46964.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46964.json index 546f6dc2e52..b20752c68e2 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46964.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46964.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46964", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-05T00:15:08.527", - "lastModified": "2023-11-05T00:15:08.527", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante el uso de filtrado front-end en lugar de filtrado back-end." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46981.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46981.json index 08dbba8b6ca..0f27df88d7a 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46981.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46981.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46981", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-05T00:15:08.580", - "lastModified": "2023-11-05T00:15:08.580", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Novel-Plus v.4.2.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro sort en /common/log/list." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json index 2823e5cda92..d135fd9a5e3 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4625", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2023-11-06T05:15:15.187", - "lastModified": "2023-11-06T06:15:41.487", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json index 49e4c0557d4..fa184d11e70 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4699", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2023-11-06T06:15:41.563", - "lastModified": "2023-11-06T06:15:41.563", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47177.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47177.json index 4a4eb59119e..cbf028aea52 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47177.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47177.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47177", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.403", - "lastModified": "2023-11-06T10:15:08.403", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47182.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47182.json index 17f0edae341..f14dc4227a2 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47182.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47182.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47182", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.470", - "lastModified": "2023-11-06T10:15:08.470", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47184.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47184.json index a15c8abb58a..22ef0b4a054 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47184.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47184.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47184", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.577", - "lastModified": "2023-11-06T10:15:08.577", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47185.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47185.json index 8f5134b74a6..06fa6018d40 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47185.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47185.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47185", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T11:15:09.497", - "lastModified": "2023-11-06T11:15:09.497", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json index cf7c621e1bc..162f4cc1d98 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47186", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.760", - "lastModified": "2023-11-06T12:15:08.760", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json index 39778f2affc..38b24512b23 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47233", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-03T21:15:17.360", - "lastModified": "2023-11-04T22:15:08.517", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c." + }, + { + "lang": "es", + "value": "El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un c\u00f3digo brcmf_cfg80211_detach use after free en el c\u00f3digo de desconexi\u00f3n del dispositivo (desconectar el USB mediante conexi\u00f3n en caliente). Para los atacantes f\u00edsicamente pr\u00f3ximos con acceso local, esto \"podr\u00eda explotarse en un escenario del mundo real\". Esto est\u00e1 relacionado con brcmf_cfg80211_escan_timeout_worker en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47234.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47234.json index 99db7d98047..0fca6d7da3e 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47234.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47234.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47234", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-03T21:15:17.420", - "lastModified": "2023-11-03T21:15:17.420", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes)." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir un bloqueo al procesar un mensaje BGP UPDATE manipulado con un atributo MP_UNREACH_NLRI y datos NLRI adicionales (que carecen de atributos de ruta obligatorios)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47235.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47235.json index 85893ffe72c..693f5c7a0fd 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47235.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47235.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47235", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-03T21:15:17.470", - "lastModified": "2023-11-03T21:15:17.470", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir una ca\u00edda cuando se procesa un mensaje malformado de BGP UPDATE con un EOR, porque la presencia de un EOR no conduce a un resultado de treat-as-withdraw." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47249.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47249.json index a3a549fa935..f5085378f5a 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47249.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47249.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47249", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-05T00:15:08.627", - "lastModified": "2023-11-05T00:15:08.627", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read." + }, + { + "lang": "es", + "value": "En International Color Consortium DemoIccMAX 79ecb74, una funci\u00f3n CIccXmlArrayType:::ParseText (para abreviatura sin firmar) en IccUtilXml.cpp en libIccXML.a tiene una lectura fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json index 87e98ce981d..650703362b5 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47253", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T06:15:40.957", - "lastModified": "2023-11-06T06:15:40.957", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47258.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47258.json index cf58dea83a4..13bfeecf9f8 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47258.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47258.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47258", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-05T04:15:10.000", - "lastModified": "2023-11-05T04:15:10.000", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter." + }, + { + "lang": "es", + "value": "Redmine anterior a 4.2.11 y 5.0.x anterior a 5.0.6 permite XSS en un formateador Markdown." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47259.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47259.json index 8ca05eff1de..6ea2eba02eb 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47259.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47259.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47259", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-05T04:15:10.453", - "lastModified": "2023-11-05T04:15:10.453", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter." + }, + { + "lang": "es", + "value": "Redmine anterior a 4.2.11 y 5.0.x anterior a 5.0.6 permite XSS en el formateador textil." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47260.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47260.json index 080afdb9f08..799ffa55c2e 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47260.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47260.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47260", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-05T04:15:10.513", - "lastModified": "2023-11-05T04:15:10.513", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails." + }, + { + "lang": "es", + "value": "Redmine anterior a 4.2.11 y 5.0.x anterior a 5.0.6 permite XSS mediante miniaturas." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json index 4537b4d5761..85c4a1b71ef 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47271", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T00:15:09.317", - "lastModified": "2023-11-06T00:15:09.317", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json index c03e07f4da8..30ff24d4eb2 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47272", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T00:15:09.380", - "lastModified": "2023-11-06T00:15:09.380", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4910.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4910.json new file mode 100644 index 00000000000..ae5857eec76 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4910.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-4910", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-06T13:15:10.033", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4910", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238498", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4996.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4996.json index 1e699c5fb31..c8fc81af98f 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4996.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4996.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4996", "sourceIdentifier": "psirt@netskope.com", "published": "2023-11-06T11:15:09.593", - "lastModified": "2023-11-06T11:15:09.593", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json index 27f1f16e0e4..5abc5a24482 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5090", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-06T11:15:09.670", - "lastModified": "2023-11-06T11:15:09.670", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json index 201aa59c1cf..37a79214db6 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5823", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.860", - "lastModified": "2023-11-06T12:15:08.860", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5825.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5825.json index 329054cebee..22027aa0d3f 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5825.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5825.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5825", "sourceIdentifier": "cve@gitlab.com", "published": "2023-11-06T11:15:09.740", - "lastModified": "2023-11-06T11:15:09.740", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json index 58b87ba9aab..a65ce0ad139 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5831", "sourceIdentifier": "cve@gitlab.com", "published": "2023-11-06T11:15:09.810", - "lastModified": "2023-11-06T11:15:09.810", - "vulnStatus": "Received", + "lastModified": "2023-11-06T13:00:43.923", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5963.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5963.json new file mode 100644 index 00000000000..2fcb778c35e --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5963.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5963", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-11-06T13:15:10.110", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423468", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5964.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5964.json new file mode 100644 index 00000000000..8560c5332cd --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5964.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5964", + "sourceIdentifier": "security@1e.com", + "published": "2023-11-06T13:15:10.187", + "lastModified": "2023-11-06T13:15:52.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nThe 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue DELETE the instruction\u00a0\u201cShow dialogue with caption %Caption% and message %Message%\u201d from the list of instructions in the Settings UI, and replace it with the new instruction\u00a01E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u00a0\u201cShow %Type% type notification with header %Header% and message %Message%\u201d with a version of 7.1 or above." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@1e.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@1e.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.1e.com/product-packs/end-user-interaction/", + "source": "security@1e.com" + }, + { + "url": "https://www.1e.com/trust-security-compliance/cve-info/", + "source": "security@1e.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9c3857ba5bf..e33258e0ab2 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-06T13:00:18.869297+00:00 +2023-11-06T15:00:19.326711+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-06T12:15:08.860000+00:00 +2023-11-06T14:47:48.253000+00:00 ``` ### Last Data Feed Release @@ -29,33 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229862 +229870 ``` ### CVEs added in the last Commit -Recently added CVEs: `14` +Recently added CVEs: `8` -* [CVE-2023-46775](CVE-2023/CVE-2023-467xx/CVE-2023-46775.json) (`2023-11-06T11:15:09.347`) -* [CVE-2023-47185](CVE-2023/CVE-2023-471xx/CVE-2023-47185.json) (`2023-11-06T11:15:09.497`) -* [CVE-2023-4996](CVE-2023/CVE-2023-49xx/CVE-2023-4996.json) (`2023-11-06T11:15:09.593`) -* [CVE-2023-5090](CVE-2023/CVE-2023-50xx/CVE-2023-5090.json) (`2023-11-06T11:15:09.670`) -* [CVE-2023-5825](CVE-2023/CVE-2023-58xx/CVE-2023-5825.json) (`2023-11-06T11:15:09.740`) -* [CVE-2023-5831](CVE-2023/CVE-2023-58xx/CVE-2023-5831.json) (`2023-11-06T11:15:09.810`) -* [CVE-2023-46776](CVE-2023/CVE-2023-467xx/CVE-2023-46776.json) (`2023-11-06T12:15:08.380`) -* [CVE-2023-46777](CVE-2023/CVE-2023-467xx/CVE-2023-46777.json) (`2023-11-06T12:15:08.450`) -* [CVE-2023-46778](CVE-2023/CVE-2023-467xx/CVE-2023-46778.json) (`2023-11-06T12:15:08.513`) -* [CVE-2023-46779](CVE-2023/CVE-2023-467xx/CVE-2023-46779.json) (`2023-11-06T12:15:08.573`) -* [CVE-2023-46780](CVE-2023/CVE-2023-467xx/CVE-2023-46780.json) (`2023-11-06T12:15:08.637`) -* [CVE-2023-46781](CVE-2023/CVE-2023-467xx/CVE-2023-46781.json) (`2023-11-06T12:15:08.700`) -* [CVE-2023-47186](CVE-2023/CVE-2023-471xx/CVE-2023-47186.json) (`2023-11-06T12:15:08.760`) -* [CVE-2023-5823](CVE-2023/CVE-2023-58xx/CVE-2023-5823.json) (`2023-11-06T12:15:08.860`) +* [CVE-2023-3246](CVE-2023/CVE-2023-32xx/CVE-2023-3246.json) (`2023-11-06T13:15:09.397`) +* [CVE-2023-3399](CVE-2023/CVE-2023-33xx/CVE-2023-3399.json) (`2023-11-06T13:15:09.503`) +* [CVE-2023-3909](CVE-2023/CVE-2023-39xx/CVE-2023-3909.json) (`2023-11-06T13:15:09.653`) +* [CVE-2023-45161](CVE-2023/CVE-2023-451xx/CVE-2023-45161.json) (`2023-11-06T13:15:09.730`) +* [CVE-2023-45163](CVE-2023/CVE-2023-451xx/CVE-2023-45163.json) (`2023-11-06T13:15:09.807`) +* [CVE-2023-4910](CVE-2023/CVE-2023-49xx/CVE-2023-4910.json) (`2023-11-06T13:15:10.033`) +* [CVE-2023-5963](CVE-2023/CVE-2023-59xx/CVE-2023-5963.json) (`2023-11-06T13:15:10.110`) +* [CVE-2023-5964](CVE-2023/CVE-2023-59xx/CVE-2023-5964.json) (`2023-11-06T13:15:10.187`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `108` +* [CVE-2023-47184](CVE-2023/CVE-2023-471xx/CVE-2023-47184.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-46775](CVE-2023/CVE-2023-467xx/CVE-2023-46775.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-47185](CVE-2023/CVE-2023-471xx/CVE-2023-47185.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-4996](CVE-2023/CVE-2023-49xx/CVE-2023-4996.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-5090](CVE-2023/CVE-2023-50xx/CVE-2023-5090.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-5825](CVE-2023/CVE-2023-58xx/CVE-2023-5825.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-5831](CVE-2023/CVE-2023-58xx/CVE-2023-5831.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-46776](CVE-2023/CVE-2023-467xx/CVE-2023-46776.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-46777](CVE-2023/CVE-2023-467xx/CVE-2023-46777.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-46778](CVE-2023/CVE-2023-467xx/CVE-2023-46778.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-46779](CVE-2023/CVE-2023-467xx/CVE-2023-46779.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-46780](CVE-2023/CVE-2023-467xx/CVE-2023-46780.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-46781](CVE-2023/CVE-2023-467xx/CVE-2023-46781.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-47186](CVE-2023/CVE-2023-471xx/CVE-2023-47186.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-5823](CVE-2023/CVE-2023-58xx/CVE-2023-5823.json) (`2023-11-06T13:00:43.923`) +* [CVE-2023-4586](CVE-2023/CVE-2023-45xx/CVE-2023-4586.json) (`2023-11-06T13:15:09.880`) +* [CVE-2023-46102](CVE-2023/CVE-2023-461xx/CVE-2023-46102.json) (`2023-11-06T14:33:08.563`) +* [CVE-2023-41255](CVE-2023/CVE-2023-412xx/CVE-2023-41255.json) (`2023-11-06T14:33:10.043`) +* [CVE-2023-45851](CVE-2023/CVE-2023-458xx/CVE-2023-45851.json) (`2023-11-06T14:33:29.510`) +* [CVE-2023-45844](CVE-2023/CVE-2023-458xx/CVE-2023-45844.json) (`2023-11-06T14:39:14.153`) +* [CVE-2023-43488](CVE-2023/CVE-2023-434xx/CVE-2023-43488.json) (`2023-11-06T14:41:18.393`) +* [CVE-2023-45220](CVE-2023/CVE-2023-452xx/CVE-2023-45220.json) (`2023-11-06T14:42:32.330`) +* [CVE-2023-46072](CVE-2023/CVE-2023-460xx/CVE-2023-46072.json) (`2023-11-06T14:42:49.640`) +* [CVE-2023-45321](CVE-2023/CVE-2023-453xx/CVE-2023-45321.json) (`2023-11-06T14:44:12.273`) +* [CVE-2023-21327](CVE-2023/CVE-2023-213xx/CVE-2023-21327.json) (`2023-11-06T14:47:48.253`) ## Download and Usage