admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-06T21:00:19.166686+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-06 21:00:22 +00:00
parent 3c7dd7730e
commit 4b5756e036
50 changed files with 2417 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CVE-2022/CVE-2022-391xx/CVE-2022-39135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-39135",
"sourceIdentifier": "security@apache.org",
"published": "2022-09-11T12:15:08.437",
"lastModified": "2023-09-20T18:15:12.020",
"vulnStatus": "Modified",
"lastModified": "2023-11-06T19:38:57.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,8 +70,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:calcite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.22.0",
"versionEndExcluding": "1.32.0",
"matchCriteriaId": "521807F4-59C7-4846-8673-610B62E11C69"
"matchCriteriaId": "E3C8837F-4602-456B-80B4-84EE5AE14E5E"
}
]
}

47
CVE-2022/CVE-2022-481xx/CVE-2022-48192.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-48192",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T20:15:07.650",
"lastModified": "2023-11-06T20:15:07.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.html",
"source": "cve@mitre.org"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.json",
"source": "cve@mitre.org"
}
]
}

47
CVE-2022/CVE-2022-481xx/CVE-2022-48193.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-48193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T20:15:07.723",
"lastModified": "2023-11-06T20:15:07.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.html",
"source": "cve@mitre.org"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.json",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-225xx/CVE-2023-22518.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22518",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-10-31T15:15:08.573",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T20:15:07.797",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."
},
{
"lang": "es",
"value": "Todas las versiones de Confluence Data Center y Server se ven afectadas por esta vulnerabilidad no explotada. No hay ning\u00fan impacto en la confidencialidad ya que un atacante no puede filtrar ning\u00fan dato de la instancia. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."
}
],
"metrics": {
@ -39,9 +43,29 @@
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907",
"source": "security@atlassian.com"
},
{
"url": "https://github.com/RootUp/PersonalStuff/blob/master/check_cve_2023_22518.py",
"source": "security@atlassian.com"
},
{
"url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22518.yaml",
"source": "security@atlassian.com"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93142",
"source": "security@atlassian.com"
},
{
"url": "https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-for-confluence-data-wiping-bug-get-patching/",
"source": "security@atlassian.com"
},
{
"url": "https://www.rapid7.com/blog/post/2023/11/06/etr-rapid7-observed-exploitation-of-atlassian-confluence-cve-2023-22518/",
"source": "security@atlassian.com"
},
{
"url": "https://www.securityweek.com/exploitation-of-critical-confluence-vulnerability-begins/",
"source": "security@atlassian.com"
}
]
}

75
CVE-2023/CVE-2023-314xx/CVE-2023-31416.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31416",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-10-26T19:15:45.270",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:21:20.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,14 +80,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "AND",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elastic_cloud_on_kubernetes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8",
"matchCriteriaId": "8B6C7991-B614-4A17-8552-B8FF1DC57112"
}
]
},
{
"operator": "AND",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"matchCriteriaId": "8F4AF510-6E3A-4560-A4F3-8289EBDE9E06"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-cloud-on-kubernetes-eck-2-8-security-update/343854",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-314xx/CVE-2023-31419.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31419",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-10-26T18:15:08.647",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:23:04.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,14 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.17.12",
"matchCriteriaId": "F7C6A492-CB85-4518-923D-891BC5AC2E15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.9.0",
"matchCriteriaId": "D22C8382-A8A1-49DF-8748-6E38EC8D8DD3"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-331xx/CVE-2023-33186.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33186",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T06:16:36.237",
"lastModified": "2023-11-02T17:15:11.357",
"lastModified": "2023-11-06T19:15:08.923",
"vulnStatus": "Modified",
"descriptions": [
{
@ -110,13 +110,6 @@
"Patch"
]
},
{
"url": "https://github.com/zulip/zulip/commit/903dbda79bd176702d3175a7c8a5450a64b6eccb",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zulip/zulip/pull/25370",
"source": "security-advisories@github.com",

6
CVE-2023/CVE-2023-38xx/CVE-2023-3817.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3817",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-07-31T16:15:10.497",
"lastModified": "2023-10-27T15:15:13.733",
"lastModified": "2023-11-06T19:15:09.120",
"vulnStatus": "Modified",
"descriptions": [
{
@ -436,6 +436,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/9",
"source": "openssl-security@openssl.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/06/2",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5",
"source": "openssl-security@openssl.org",

55
CVE-2023/CVE-2023-393xx/CVE-2023-39345.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39345",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T19:15:09.027",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2",
"source": "security-advisories@github.com"
}
]
}

122
CVE-2023/CVE-2023-394xx/CVE-2023-39427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39427",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-10-26T20:15:08.510",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:16:07.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,10 +80,96 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ashlar:cobalt:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12",
"matchCriteriaId": "2B0745B3-D36B-41AA-9E08-4E0B8D743F63"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ashlar:graphite:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.48",
"matchCriteriaId": "618E7AD7-12A1-4296-B7A5-A8ED75706334"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ashlar:xenon:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12",
"matchCriteriaId": "3495D178-3275-4CB6-8799-139390102E20"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ashlar:argon:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12",
"matchCriteriaId": "B70DDFE6-2136-4B49-9381-6512D946C6D4"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ashlar:lithium:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12",
"matchCriteriaId": "55F921EC-D5BD-42E2-A755-14427D4DDC2E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2023/CVE-2023-406xx/CVE-2023-40660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40660",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T17:15:11.757",
"lastModified": "2023-11-06T17:15:11.757",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40661",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T17:15:11.830",
"lastModified": "2023-11-06T17:15:11.830",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

57
CVE-2023/CVE-2023-436xx/CVE-2023-43647.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43647",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:08.110",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:38:20.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"matchCriteriaId": "3B92C5C4-A119-435E-95BF-F6595C49737C"
}
]
}
]
}
],
"references": [
{
"url": "https://basercms.net/security/JVN_24381990",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-436xx/CVE-2023-43648.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43648",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:08.183",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:39:02.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"matchCriteriaId": "3B92C5C4-A119-435E-95BF-F6595C49737C"
}
]
}
]
}
],
"references": [
{
"url": "https://basercms.net/security/JVN_81174674",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-436xx/CVE-2023-43649.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43649",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:08.257",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:37:27.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"matchCriteriaId": "3B92C5C4-A119-435E-95BF-F6595C49737C"
}
]
}
]
}
],
"references": [
{
"url": "https://basercms.net/security/JVN_99052047",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-437xx/CVE-2023-43792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43792",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T21:15:07.500",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:37:01.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
@ -40,7 +62,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,16 +70,51 @@
"value": "CWE-94"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.6.0",
"versionEndIncluding": "4.7.6",
"matchCriteriaId": "B2F43126-3129-43A2-AFE7-1D1F28EAD2C5"
}
]
}
]
}
],
"references": [
{
"url": "https://basercms.net/security/JVN_45547161",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-443xx/CVE-2023-44397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44397",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.467",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:26:20.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:cloudexplorer_lite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "F3283C88-C98B-4928-8487-C164047D6038"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-fqxr-7g94-vrfj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-443xx/CVE-2023-44398.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44398",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T18:15:08.380",
"lastModified": "2023-11-06T18:15:08.380",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-458xx/CVE-2023-45827.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45827",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T18:15:08.467",
"lastModified": "2023-11-06T18:15:08.467",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-459xx/CVE-2023-45956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45956",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T22:15:10.843",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:29:41.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Un problema descubierto en Govee LED Strip v3.00.42 permite a los atacantes provocar una denegaci\u00f3n de servicio mediante comandos Move y MoveWithOnoff manipulados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2C7970-79DD-4A3B-A7B4-14B8F2DF8D7D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B1C4EC-749F-483D-BEE5-4BA2CCCAF5A6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Govee%20LED%20Strip%20Vulnerability%20Report.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-45xx/CVE-2023-4535.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4535",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T17:15:12.083",
"lastModified": "2023-11-06T17:15:12.083",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

62
CVE-2023/CVE-2023-462xx/CVE-2023-46233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46233",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-25T21:15:10.307",
"lastModified": "2023-10-25T23:05:15.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:49:29.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,14 +84,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crypto-js_project:crypto-js:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.0",
"matchCriteriaId": "B50D5D27-E8C7-40A3-9B23-C320A41DBB25"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-462xx/CVE-2023-46251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46251",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T18:15:08.547",
"lastModified": "2023-11-06T18:15:08.547",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-462xx/CVE-2023-46254.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46254",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T19:15:09.230",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn't allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/projectcapsule/capsule-proxy/commit/615202f7b02eaec7681336bd63daed1f39ae00c5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-6758-979h-249x",
"source": "security-advisories@github.com"
}
]
}

65
CVE-2023/CVE-2023-463xx/CVE-2023-46361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46361",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T06:15:08.900",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:26:57.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 que Artifex Software jbig2dec v0.20 contiene una vulnerabilidad SEGV a trav\u00e9s de jbig2_error en /jbig2dec/jbig2.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:jbig2dec:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E84C34-434A-4AF0-931C-41FDFF5BD0A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-464xx/CVE-2023-46428.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46428",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-01T21:15:08.733",
"lastModified": "2023-11-02T12:54:36.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:30:17.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en HadSky v7.12.10 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hadsky:hadsky:7.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01BA95AB-0A96-407D-864C-59C28C18FDEC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/fenglon/CVE/blob/main/analyse.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-464xx/CVE-2023-46478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46478",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T23:15:08.820",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:36:03.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en minCal v.1.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro customer_data."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minical:minical:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4A76D8-C12B-46E0-8DC7-52FA6AA4CB9A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mr-xmen786/CVE-2023-46478/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-465xx/CVE-2023-46502.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-46502",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T23:15:08.857",
"lastModified": "2023-11-06T15:08:52.340",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-06T20:15:07.887",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request."
"value": "An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory."
},
{
"lang": "es",

153
CVE-2023/CVE-2023-466xx/CVE-2023-46661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46661",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-10-26T20:15:08.717",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:10:58.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,10 +80,127 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco500_firmware:1.7.0:*:*:*:cpu:*:*:*",
"matchCriteriaId": "E64F96A4-542A-486E-AC9A-3EC1E68A6D1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco500_firmware:10.16:*:*:*:fpga:*:*:*",
"matchCriteriaId": "E3A4049B-D0B2-4CB6-8B31-ECD3BF4FF384"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E931F0-5608-4F24-821B-3DB29972C077"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:2.0.0:*:*:*:cpu:*:*:*",
"matchCriteriaId": "BBA5260D-A7D3-4973-8106-E8C73F50A6CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:2.0.2:*:*:*:cpu:*:*:*",
"matchCriteriaId": "F7CE9236-A970-49F0-A200-84BC3B77CECB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:10.19:*:*:*:fpga:*:*:*",
"matchCriteriaId": "D45CE1CD-FB47-4FFD-974E-B55B569A5850"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05832105-6C9E-4850-A145-F3E241058CCA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:1.9.3:*:*:*:cpu:*:*:*",
"matchCriteriaId": "991B1AD8-671D-4EF9-901B-0834748258F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:1.9.4:*:*:*:cpu:*:*:*",
"matchCriteriaId": "FE961B31-1553-4457-8436-8F9662AA10CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:2.0.6:*:*:*:cpu:*:*:*",
"matchCriteriaId": "0BF0380D-483C-4B14-BF42-AC1E9C79D2DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:10.19:*:*:*:fpga:*:*:*",
"matchCriteriaId": "F0E5773E-8842-4FCB-80BD-266A237042E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DB9D87-6F35-4171-AD59-9B90386F431E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

153
CVE-2023/CVE-2023-466xx/CVE-2023-46662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46662",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-10-26T20:15:08.780",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:10:00.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,10 +80,127 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco500_firmware:1.7.0:*:*:*:cpu:*:*:*",
"matchCriteriaId": "E64F96A4-542A-486E-AC9A-3EC1E68A6D1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco500_firmware:10.16:*:*:*:fpga:*:*:*",
"matchCriteriaId": "E3A4049B-D0B2-4CB6-8B31-ECD3BF4FF384"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E931F0-5608-4F24-821B-3DB29972C077"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:2.0.0:*:*:*:cpu:*:*:*",
"matchCriteriaId": "BBA5260D-A7D3-4973-8106-E8C73F50A6CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:2.0.2:*:*:*:cpu:*:*:*",
"matchCriteriaId": "F7CE9236-A970-49F0-A200-84BC3B77CECB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:10.19:*:*:*:fpga:*:*:*",
"matchCriteriaId": "D45CE1CD-FB47-4FFD-974E-B55B569A5850"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05832105-6C9E-4850-A145-F3E241058CCA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:1.9.3:*:*:*:cpu:*:*:*",
"matchCriteriaId": "991B1AD8-671D-4EF9-901B-0834748258F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:1.9.4:*:*:*:cpu:*:*:*",
"matchCriteriaId": "FE961B31-1553-4457-8436-8F9662AA10CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:2.0.6:*:*:*:cpu:*:*:*",
"matchCriteriaId": "0BF0380D-483C-4B14-BF42-AC1E9C79D2DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:10.19:*:*:*:fpga:*:*:*",
"matchCriteriaId": "F0E5773E-8842-4FCB-80BD-266A237042E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DB9D87-6F35-4171-AD59-9B90386F431E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2023/CVE-2023-467xx/CVE-2023-46728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46728",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T18:15:08.637",
"lastModified": "2023-11-06T18:15:08.637",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
CVE-2023/CVE-2023-467xx/CVE-2023-46731.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-46731",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T19:15:09.307",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
},
{
"lang": "en",
"value": "CWE-95"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21110",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-467xx/CVE-2023-46732.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-46732",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T19:15:09.397",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21095",
"source": "security-advisories@github.com"
}
]
}

75
CVE-2023/CVE-2023-468xx/CVE-2023-46858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46858",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-29T01:15:41.087",
"lastModified": "2023-11-02T21:15:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:29:24.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "** EN DISPUTA ** Moodle 4.3 permite /grade/report/grader/index.php?searchvalue= XSS reflejado cuando se inicia sesi\u00f3n como profesor. NOTA: el enlace de preguntas frecuentes sobre seguridad de Moodle indica: \"Los profesores utilizan algunas formas de contenido enriquecido para mejorar sus cursos... los administradores y profesores pueden publicar contenido compatible con XSS, pero los estudiantes no\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6536A48F-186C-4B14-BDA5-34B105F7CC7B"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.moodle.org/403/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/Abid-Ahmad/12d2b4878eb731e8871b96b7d55125cd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://packetstormsecurity.com/files/175277/Moodle-4.3-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4700.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4700",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-11-06T18:15:08.730",
"lastModified": "2023-11-06T18:15:08.730",
"vulnStatus": "Received",
"lastModified": "2023-11-06T19:17:15.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

58
CVE-2023/CVE-2023-54xx/CVE-2023-5412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5412",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.407",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:01:15.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:image_horizontal_reel_scroll_slideshow:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "9B6F02E3-1086-4611-97D4-44C55305E71B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/image-horizontal-reel-scroll-slideshow/trunk/image-horizontal-reel-scroll-slideshow.php?rev=2827121#L176",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985331/image-horizontal-reel-scroll-slideshow#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08fb698f-c87c-4200-85fe-3fe72745633e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-54xx/CVE-2023-5428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5428",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.497",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:01:09.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:image_vertical_reel_scroll_slideshow:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "9.1",
"matchCriteriaId": "E39B9732-4399-46AC-BFC6-38BBDCCF6DC2"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/image-vertical-reel-scroll-slideshow/trunk/image-vertical-reel-scroll-slideshow.php?rev=2827122#L273",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985333/image-vertical-reel-scroll-slideshow#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01d31d8a-4459-488a-9cbe-92761faa58b4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-54xx/CVE-2023-5429.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5429",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.570",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:01:02.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,20 +68,58 @@
"value": "CWE-89"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:information_reel:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "10.1",
"matchCriteriaId": "75FFA637-E9AC-4C34-ADF2-8B2316BF6AE5"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/information-reel/trunk/information-reel.php?rev=2827123#L134",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985373/information-reel#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64db63e5-ff76-494a-be4f-d820f0cc9ab0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-54xx/CVE-2023-5430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5430",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.637",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:00:51.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:jquery_news_ticker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1",
"matchCriteriaId": "FDC2B8B8-1B50-49F5-A9F6-E9128F240337"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/jquery-news-ticker/trunk/jquery-news-ticker.php?rev=2827068#L92",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985559/jquery-news-ticker#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-54xx/CVE-2023-5431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5431",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.707",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:00:44.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:left_right_image_slideshow_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "12.1",
"matchCriteriaId": "E6DB7C31-9E3C-4830-B143-D8F2C65D56C4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/left-right-image-slideshow-gallery/trunk/left-right-image-slideshow-gallery.php?rev=2827127#L211",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985417/left-right-image-slideshow-gallery#file0",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69902627-ce79-4a43-8949-43db6a9cc0dd?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-54xx/CVE-2023-5433.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5433",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.780",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:00:28.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:message_ticker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "9.3",
"matchCriteriaId": "640629D5-6965-4577-BBC1-0BA8F494D5A6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/message-ticker/trunk/message-ticker.php?rev=2827131#L142",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985499/message-ticker#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b1fa88-2fc6-41af-bd39-12af92dc6533?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-54xx/CVE-2023-5434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5434",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.857",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:00:21.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:superb_slideshow_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "13.2",
"matchCriteriaId": "8A5330CE-C8FA-4210-A7B3-175CD78C0069"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/superb-slideshow-gallery/trunk/superb-slideshow-gallery.php?rev=2827170#L127",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985501/superb-slideshow-gallery#file2",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-56xx/CVE-2023-5678.json
View File

@ -2,16 +2,24 @@
"id": "CVE-2023-5678",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-11-06T16:15:42.670",
"lastModified": "2023-11-06T16:31:59.113",
"lastModified": "2023-11-06T19:15:09.507",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n"
},
{
"lang": "es",
"value": "Resumen del problema: generar claves X9.42 DH excesivamente largas o comprobar claves o par\u00e1metros X9.42 DH excesivamente largos puede ser muy lento. Resumen de impacto: las aplicaciones que utilizan las funciones DH_generate_key() para generar una clave DH X9.42 pueden experimentar grandes retrasos. Del mismo modo, las aplicaciones que utilizan DH_check_pub_key(), DH_check_pub_key_ex() o EVP_PKEY_public_check() para comprobar una clave X9.42 DH o par\u00e1metros X9.42 DH pueden experimentar grandes retrasos. Cuando la clave o los par\u00e1metros que se est\u00e1n verificando se obtuvieron de una fuente que no es confiable, esto puede dar lugar a una Denegaci\u00f3n de Servicio. Mientras que DH_check() realiza todas las comprobaciones necesarias (a partir de CVE-2023-3817), DH_check_pub_key() no realiza ninguna de estas comprobaciones y, por lo tanto, es vulnerable a par\u00e1metros P y Q excesivamente grandes. Del mismo modo, aunque DH_generate_key() realiza una verificaci\u00f3n de una P excesivamente grande, no verifica una Q excesivamente grande. Una aplicaci\u00f3n que llama a DH_generate_key() o DH_check_pub_key() y proporciona una clave o par\u00e1metros obtenidos de una fuente que no es de confianza podr\u00eda ser vulnerable a un ataque de denegaci\u00f3n de servicio. DH_generate_key() y DH_check_pub_key() tambi\u00e9n son llamados por otras funciones de OpenSSL. Una aplicaci\u00f3n que llame a cualquiera de esas otras funciones tambi\u00e9n puede verse afectada. Las otras funciones afectadas por esto son DH_check_pub_key_ex(), EVP_PKEY_public_check() y EVP_PKEY_generate(). Tambi\u00e9n son vulnerables la aplicaci\u00f3n de l\u00ednea de comandos OpenSSL pkey cuando se utiliza la opci\u00f3n \"-pubcheck\", as\u00ed como la aplicaci\u00f3n de l\u00ednea de comandos OpenSSL genpkey. La implementaci\u00f3n de OpenSSL SSL/TLS no se ve afectada por este problema. Los proveedores FIPS OpenSSL 3.0 y 3.1 no se ven afectados por este problema."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/06/2",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055",
"source": "openssl-security@openssl.org"

59
CVE-2023/CVE-2023-57xx/CVE-2023-5719.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5719",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-06T20:15:07.950",
"lastModified": "2023-11-06T20:15:07.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-158"
}
]
}
],
"references": [
{
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

153
CVE-2023/CVE-2023-57xx/CVE-2023-5754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5754",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-10-26T20:15:08.840",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:08:13.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,10 +80,127 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco500_firmware:1.7.0:*:*:*:cpu:*:*:*",
"matchCriteriaId": "E64F96A4-542A-486E-AC9A-3EC1E68A6D1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco500_firmware:10.16:*:*:*:fpga:*:*:*",
"matchCriteriaId": "E3A4049B-D0B2-4CB6-8B31-ECD3BF4FF384"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E931F0-5608-4F24-821B-3DB29972C077"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:2.0.0:*:*:*:cpu:*:*:*",
"matchCriteriaId": "BBA5260D-A7D3-4973-8106-E8C73F50A6CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:2.0.2:*:*:*:cpu:*:*:*",
"matchCriteriaId": "F7CE9236-A970-49F0-A200-84BC3B77CECB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco300_firmware:10.19:*:*:*:fpga:*:*:*",
"matchCriteriaId": "D45CE1CD-FB47-4FFD-974E-B55B569A5850"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05832105-6C9E-4850-A145-F3E241058CCA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:1.9.3:*:*:*:cpu:*:*:*",
"matchCriteriaId": "991B1AD8-671D-4EF9-901B-0834748258F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:1.9.4:*:*:*:cpu:*:*:*",
"matchCriteriaId": "FE961B31-1553-4457-8436-8F9662AA10CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:2.0.6:*:*:*:cpu:*:*:*",
"matchCriteriaId": "0BF0380D-483C-4B14-BF42-AC1E9C79D2DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sielco:polyeco1000_firmware:10.19:*:*:*:fpga:*:*:*",
"matchCriteriaId": "F0E5773E-8842-4FCB-80BD-266A237042E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sielco:polyeco1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DB9D87-6F35-4171-AD59-9B90386F431E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

55
CVE-2023/CVE-2023-57xx/CVE-2023-5777.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5777",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-06T20:15:08.033",
"lastModified": "2023-11-06T20:15:08.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nWeintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05",
"source": "ics-cert@hq.dhs.gov"
}
]
}

10
CVE-2023/CVE-2023-57xx/CVE-2023-5789.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5789",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-26T17:15:10.000",
"lastModified": "2023-11-06T18:31:22.047",
"lastModified": "2023-11-06T19:56:13.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -117,9 +117,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dragonpath:router_707gr1_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:airtel:dragon_path_707gr1_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-10-22",
"matchCriteriaId": "DB4FC532-23CD-4E4F-A3A6-D96703E07A45"
"matchCriteriaId": "0DD4C789-23EB-4ACC-AFF9-24D1AB53F79A"
}
]
},
@ -129,8 +129,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dragonpath:router_707gr1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9713903-6737-422B-8B28-42C0B13EA1AE"
"criteria": "cpe:2.3:h:airtel:dragon_path_707gr1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B3CD7-CF21-44D1-9060-84859AAD197D"
}
]
}

68
CVE-2023/CVE-2023-57xx/CVE-2023-5796.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5796",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-26T18:15:09.007",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:24:36.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -64,6 +86,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +107,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:martmbithi:pos_system:1:0:*:*:*:*:*:*",
"matchCriteriaId": "9A45017D-A93A-4737-87FF-AF4AA97E9053"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1LIXuVmxby4QTY7v7dD-F0oRnwVVOwlmJ/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.243602",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.243602",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-58xx/CVE-2023-5896.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5896",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-01T01:15:07.880",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T19:30:41.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenado en el repositorio de GitHub pkp/pkp-lib anterior a 3.4.0-4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sfu:pkp_web_application_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.0-4",
"matchCriteriaId": "EE049E64-C84D-42B6-ABA1-1BE39A4A5099"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pkp/pkp-lib/commit/18b318f83105ffa7fa214179f8e20507b0754236",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/a1f05be5-24ed-4ec5-9858-fce4233f7bb1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

74
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-06T19:00:19.482398+00:00
2023-11-06T21:00:19.166686+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-06T18:59:35.940000+00:00
2023-11-06T20:15:08.033000+00:00
```
### Last Data Feed Release
@ -29,52 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229884
229892
```
### CVEs added in the last Commit
Recently added CVEs: `8`
* [CVE-2023-40660](CVE-2023/CVE-2023-406xx/CVE-2023-40660.json) (`2023-11-06T17:15:11.757`)
* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-11-06T17:15:11.830`)
* [CVE-2023-4535](CVE-2023/CVE-2023-45xx/CVE-2023-4535.json) (`2023-11-06T17:15:12.083`)
* [CVE-2023-44398](CVE-2023/CVE-2023-443xx/CVE-2023-44398.json) (`2023-11-06T18:15:08.380`)
* [CVE-2023-45827](CVE-2023/CVE-2023-458xx/CVE-2023-45827.json) (`2023-11-06T18:15:08.467`)
* [CVE-2023-46251](CVE-2023/CVE-2023-462xx/CVE-2023-46251.json) (`2023-11-06T18:15:08.547`)
* [CVE-2023-46728](CVE-2023/CVE-2023-467xx/CVE-2023-46728.json) (`2023-11-06T18:15:08.637`)
* [CVE-2023-4700](CVE-2023/CVE-2023-47xx/CVE-2023-4700.json) (`2023-11-06T18:15:08.730`)
* [CVE-2022-48192](CVE-2022/CVE-2022-481xx/CVE-2022-48192.json) (`2023-11-06T20:15:07.650`)
* [CVE-2022-48193](CVE-2022/CVE-2022-481xx/CVE-2022-48193.json) (`2023-11-06T20:15:07.723`)
* [CVE-2023-39345](CVE-2023/CVE-2023-393xx/CVE-2023-39345.json) (`2023-11-06T19:15:09.027`)
* [CVE-2023-46254](CVE-2023/CVE-2023-462xx/CVE-2023-46254.json) (`2023-11-06T19:15:09.230`)
* [CVE-2023-46731](CVE-2023/CVE-2023-467xx/CVE-2023-46731.json) (`2023-11-06T19:15:09.307`)
* [CVE-2023-46732](CVE-2023/CVE-2023-467xx/CVE-2023-46732.json) (`2023-11-06T19:15:09.397`)
* [CVE-2023-5719](CVE-2023/CVE-2023-57xx/CVE-2023-5719.json) (`2023-11-06T20:15:07.950`)
* [CVE-2023-5777](CVE-2023/CVE-2023-57xx/CVE-2023-5777.json) (`2023-11-06T20:15:08.033`)
### CVEs modified in the last Commit
Recently modified CVEs: `59`
Recently modified CVEs: `41`
* [CVE-2023-21323](CVE-2023/CVE-2023-213xx/CVE-2023-21323.json) (`2023-11-06T17:58:14.793`)
* [CVE-2023-21324](CVE-2023/CVE-2023-213xx/CVE-2023-21324.json) (`2023-11-06T17:58:25.020`)
* [CVE-2023-21325](CVE-2023/CVE-2023-213xx/CVE-2023-21325.json) (`2023-11-06T17:58:39.620`)
* [CVE-2023-21326](CVE-2023/CVE-2023-213xx/CVE-2023-21326.json) (`2023-11-06T17:58:57.733`)
* [CVE-2023-47094](CVE-2023/CVE-2023-470xx/CVE-2023-47094.json) (`2023-11-06T17:59:03.860`)
* [CVE-2023-47095](CVE-2023/CVE-2023-470xx/CVE-2023-47095.json) (`2023-11-06T17:59:07.347`)
* [CVE-2023-47096](CVE-2023/CVE-2023-470xx/CVE-2023-47096.json) (`2023-11-06T17:59:17.963`)
* [CVE-2023-47098](CVE-2023/CVE-2023-470xx/CVE-2023-47098.json) (`2023-11-06T17:59:35.100`)
* [CVE-2023-39936](CVE-2023/CVE-2023-399xx/CVE-2023-39936.json) (`2023-11-06T18:13:06.433`)
* [CVE-2023-46451](CVE-2023/CVE-2023-464xx/CVE-2023-46451.json) (`2023-11-06T18:15:09.143`)
* [CVE-2023-46210](CVE-2023/CVE-2023-462xx/CVE-2023-46210.json) (`2023-11-06T18:16:17.633`)
* [CVE-2023-5624](CVE-2023/CVE-2023-56xx/CVE-2023-5624.json) (`2023-11-06T18:20:25.737`)
* [CVE-2023-5789](CVE-2023/CVE-2023-57xx/CVE-2023-5789.json) (`2023-11-06T18:31:22.047`)
* [CVE-2023-31418](CVE-2023/CVE-2023-314xx/CVE-2023-31418.json) (`2023-11-06T18:36:24.067`)
* [CVE-2023-31417](CVE-2023/CVE-2023-314xx/CVE-2023-31417.json) (`2023-11-06T18:43:10.680`)
* [CVE-2023-5873](CVE-2023/CVE-2023-58xx/CVE-2023-5873.json) (`2023-11-06T18:47:09.313`)
* [CVE-2023-5794](CVE-2023/CVE-2023-57xx/CVE-2023-5794.json) (`2023-11-06T18:51:10.133`)
* [CVE-2023-5464](CVE-2023/CVE-2023-54xx/CVE-2023-5464.json) (`2023-11-06T18:52:11.063`)
* [CVE-2023-5793](CVE-2023/CVE-2023-57xx/CVE-2023-5793.json) (`2023-11-06T18:55:16.087`)
* [CVE-2023-5795](CVE-2023/CVE-2023-57xx/CVE-2023-5795.json) (`2023-11-06T18:56:43.850`)
* [CVE-2023-5439](CVE-2023/CVE-2023-54xx/CVE-2023-5439.json) (`2023-11-06T18:57:50.490`)
* [CVE-2023-5438](CVE-2023/CVE-2023-54xx/CVE-2023-5438.json) (`2023-11-06T18:58:06.683`)
* [CVE-2023-5437](CVE-2023/CVE-2023-54xx/CVE-2023-5437.json) (`2023-11-06T18:58:37.057`)
* [CVE-2023-5436](CVE-2023/CVE-2023-54xx/CVE-2023-5436.json) (`2023-11-06T18:59:27.307`)
* [CVE-2023-5435](CVE-2023/CVE-2023-54xx/CVE-2023-5435.json) (`2023-11-06T18:59:35.940`)
* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-11-06T19:17:15.773`)
* [CVE-2023-4535](CVE-2023/CVE-2023-45xx/CVE-2023-4535.json) (`2023-11-06T19:17:15.773`)
* [CVE-2023-44398](CVE-2023/CVE-2023-443xx/CVE-2023-44398.json) (`2023-11-06T19:17:15.773`)
* [CVE-2023-45827](CVE-2023/CVE-2023-458xx/CVE-2023-45827.json) (`2023-11-06T19:17:15.773`)
* [CVE-2023-46251](CVE-2023/CVE-2023-462xx/CVE-2023-46251.json) (`2023-11-06T19:17:15.773`)
* [CVE-2023-46728](CVE-2023/CVE-2023-467xx/CVE-2023-46728.json) (`2023-11-06T19:17:15.773`)
* [CVE-2023-4700](CVE-2023/CVE-2023-47xx/CVE-2023-4700.json) (`2023-11-06T19:17:15.773`)
* [CVE-2023-31416](CVE-2023/CVE-2023-314xx/CVE-2023-31416.json) (`2023-11-06T19:21:20.910`)
* [CVE-2023-31419](CVE-2023/CVE-2023-314xx/CVE-2023-31419.json) (`2023-11-06T19:23:04.963`)
* [CVE-2023-5796](CVE-2023/CVE-2023-57xx/CVE-2023-5796.json) (`2023-11-06T19:24:36.727`)
* [CVE-2023-44397](CVE-2023/CVE-2023-443xx/CVE-2023-44397.json) (`2023-11-06T19:26:20.520`)
* [CVE-2023-46361](CVE-2023/CVE-2023-463xx/CVE-2023-46361.json) (`2023-11-06T19:26:57.803`)
* [CVE-2023-46858](CVE-2023/CVE-2023-468xx/CVE-2023-46858.json) (`2023-11-06T19:29:24.480`)
* [CVE-2023-45956](CVE-2023/CVE-2023-459xx/CVE-2023-45956.json) (`2023-11-06T19:29:41.313`)
* [CVE-2023-46428](CVE-2023/CVE-2023-464xx/CVE-2023-46428.json) (`2023-11-06T19:30:17.810`)
* [CVE-2023-5896](CVE-2023/CVE-2023-58xx/CVE-2023-5896.json) (`2023-11-06T19:30:41.957`)
* [CVE-2023-46478](CVE-2023/CVE-2023-464xx/CVE-2023-46478.json) (`2023-11-06T19:36:03.123`)
* [CVE-2023-43792](CVE-2023/CVE-2023-437xx/CVE-2023-43792.json) (`2023-11-06T19:37:01.740`)
* [CVE-2023-43649](CVE-2023/CVE-2023-436xx/CVE-2023-43649.json) (`2023-11-06T19:37:27.737`)
* [CVE-2023-43647](CVE-2023/CVE-2023-436xx/CVE-2023-43647.json) (`2023-11-06T19:38:20.630`)
* [CVE-2023-43648](CVE-2023/CVE-2023-436xx/CVE-2023-43648.json) (`2023-11-06T19:39:02.777`)
* [CVE-2023-46233](CVE-2023/CVE-2023-462xx/CVE-2023-46233.json) (`2023-11-06T19:49:29.380`)
* [CVE-2023-5789](CVE-2023/CVE-2023-57xx/CVE-2023-5789.json) (`2023-11-06T19:56:13.717`)
* [CVE-2023-22518](CVE-2023/CVE-2023-225xx/CVE-2023-22518.json) (`2023-11-06T20:15:07.797`)
* [CVE-2023-46502](CVE-2023/CVE-2023-465xx/CVE-2023-46502.json) (`2023-11-06T20:15:07.887`)
## Download and Usage