From 548a54690df146eabcf54c06115436229624fcc1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 4 Dec 2023 17:00:23 +0000 Subject: [PATCH] Auto-Update: 2023-12-04T17:00:19.669004+00:00 --- CVE-2023/CVE-2023-24xx/CVE-2023-2497.json | 68 ++++++++++- CVE-2023/CVE-2023-382xx/CVE-2023-38218.json | 10 +- CVE-2023/CVE-2023-443xx/CVE-2023-44327.json | 20 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44328.json | 20 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44329.json | 20 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44340.json | 20 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44348.json | 20 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44356.json | 20 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44357.json | 20 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44358.json | 16 +-- CVE-2023/CVE-2023-443xx/CVE-2023-44360.json | 127 ++++++++++++++++++-- CVE-2023/CVE-2023-470xx/CVE-2023-47044.json | 20 +-- CVE-2023/CVE-2023-470xx/CVE-2023-47046.json | 48 ++++---- CVE-2023/CVE-2023-470xx/CVE-2023-47047.json | 22 ++-- CVE-2023/CVE-2023-470xx/CVE-2023-47048.json | 48 ++++---- CVE-2023/CVE-2023-470xx/CVE-2023-47049.json | 46 +++---- CVE-2023/CVE-2023-470xx/CVE-2023-47050.json | 48 ++++---- CVE-2023/CVE-2023-470xx/CVE-2023-47051.json | 46 +++---- CVE-2023/CVE-2023-470xx/CVE-2023-47054.json | 20 +-- CVE-2023/CVE-2023-470xx/CVE-2023-47071.json | 20 +-- CVE-2023/CVE-2023-488xx/CVE-2023-48815.json | 24 ++++ CVE-2023/CVE-2023-488xx/CVE-2023-48866.json | 24 ++++ CVE-2023/CVE-2023-489xx/CVE-2023-48965.json | 20 +++ CVE-2023/CVE-2023-489xx/CVE-2023-48966.json | 20 +++ CVE-2023/CVE-2023-492xx/CVE-2023-49287.json | 6 +- CVE-2023/CVE-2023-54xx/CVE-2023-5427.json | 6 +- CVE-2023/CVE-2023-55xx/CVE-2023-5553.json | 66 +++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5767.json | 43 +++++++ CVE-2023/CVE-2023-57xx/CVE-2023-5768.json | 43 +++++++ CVE-2023/CVE-2023-62xx/CVE-2023-6225.json | 71 ++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6248.json | 72 ++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6274.json | 78 +++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6275.json | 60 ++++++++- README.md | 71 +++++------ 34 files changed, 970 insertions(+), 313 deletions(-) create mode 100644 CVE-2023/CVE-2023-488xx/CVE-2023-48815.json create mode 100644 CVE-2023/CVE-2023-488xx/CVE-2023-48866.json create mode 100644 CVE-2023/CVE-2023-489xx/CVE-2023-48965.json create mode 100644 CVE-2023/CVE-2023-489xx/CVE-2023-48966.json create mode 100644 CVE-2023/CVE-2023-57xx/CVE-2023-5767.json create mode 100644 CVE-2023/CVE-2023-57xx/CVE-2023-5768.json diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json index d99c6b1618d..9de9d3fac16 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json @@ -2,16 +2,40 @@ "id": "CVE-2023-2497", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.857", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T16:41:46.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento UserPro para WordPress es vulnerable a la Cross-Site Request Forgery en versiones hasta la 5.1.0 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'import_settings'. Esto hace posible que atacantes no autenticados aprovechen la inyecci\u00f3n de objetos PHP debido al uso de unserialize() en el par\u00e1metro proporcionado por el usuario a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.1.0", + "matchCriteriaId": "43123A51-AEF0-437C-9AEA-8653C22CC9E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json index c4eafbce89a..07213f0c391 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38218", "sourceIdentifier": "psirt@adobe.com", "published": "2023-10-13T07:15:40.047", - "lastModified": "2023-10-25T18:17:28.803", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-04T16:54:09.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -50,12 +50,12 @@ ] }, { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-639" + "value": "CWE-863" } ] } diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44327.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44327.json index 194ba26c468..83f9b80c815 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44327.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44327.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44327", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T15:15:08.100", - "lastModified": "2023-11-22T15:20:36.613", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:07.433", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44328.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44328.json index 62ffb5c3322..eb321627d3b 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44328.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44328.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44328", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T15:15:08.300", - "lastModified": "2023-11-22T15:20:27.367", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:07.673", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44329.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44329.json index b7946b4a1ea..83314f74007 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44329.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44329.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44329", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T15:15:08.490", - "lastModified": "2023-11-22T15:20:17.657", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:07.870", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json index f41672b9a99..fc02e7c31cc 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44340", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:11.347", - "lastModified": "2023-11-22T17:15:31.647", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:08.083", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json index 68f16a4ac42..4ec251582fe 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44348", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:12.063", - "lastModified": "2023-11-22T17:15:18.597", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:08.290", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json index 6e2486b9b67..6d1f536b148 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44356", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:12.640", - "lastModified": "2023-11-22T17:07:19.197", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:08.517", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json index f8b93f601a8..eed63543809 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44357", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:13.173", - "lastModified": "2023-11-22T17:04:47.863", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:08.723", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json index 441e3599a9d..5a4d64edc9c 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44358", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:13.740", - "lastModified": "2023-11-22T17:04:35.430", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:08.937", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -41,27 +41,27 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44360.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44360.json index 85d6426aea2..ab9a083ebeb 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44360.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44360.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44360", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:14.910", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T16:15:09.163", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -18,30 +18,50 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47044.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47044.json index d4d85ce1539..e125b2284e0 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47044.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47044.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47044", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T15:15:11.007", - "lastModified": "2023-11-22T15:18:27.790", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:09.370", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47046.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47046.json index c7d3c246a96..488e6d4e656 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47046.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47046.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47046", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T16:15:32.080", - "lastModified": "2023-11-22T15:23:13.010", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:09.573", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -35,33 +55,13 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 - }, - { - "source": "psirt@adobe.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47047.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47047.json index 39e5be9e295..f61d9b9f107 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47047.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47047.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47047", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T16:15:32.367", - "lastModified": "2023-11-22T15:22:58.927", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:09.783", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -41,27 +41,27 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 5.9 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47048.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47048.json index eb9e84d9fb9..c3936b7ba29 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47048.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47048.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47048", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T16:15:32.783", - "lastModified": "2023-11-22T15:22:49.797", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:09.987", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -35,33 +55,13 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 - }, - { - "source": "psirt@adobe.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47049.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47049.json index 1895e12de98..44c2d0b57f1 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47049.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47049.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47049", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T16:15:32.973", - "lastModified": "2023-11-22T15:22:40.007", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:10.200", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -35,26 +55,6 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 - }, - { - "source": "psirt@adobe.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47050.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47050.json index 27786d330db..a1449c6aa5b 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47050.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47050.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47050", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T16:15:33.167", - "lastModified": "2023-11-22T15:22:30.630", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:10.477", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -35,33 +55,13 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 - }, - { - "source": "psirt@adobe.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47051.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47051.json index c407fa0b1ec..0c2bf364d3d 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47051.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47051.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47051", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T16:15:33.370", - "lastModified": "2023-11-22T15:22:00.933", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:10.677", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -35,26 +55,6 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 - }, - { - "source": "psirt@adobe.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47054.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47054.json index ca8a5b051c1..6f2542ead7d 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47054.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47054.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47054", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T16:15:33.957", - "lastModified": "2023-11-22T15:21:35.057", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:10.880", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json index 1a5ccb3b52b..1acdc0ff728 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47071", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.660", - "lastModified": "2023-11-22T17:51:28.373", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-04T16:15:11.263", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "psirt@adobe.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,31 +37,31 @@ "impactScore": 3.6 }, { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 3.3, - "baseSeverity": "LOW" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48815.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48815.json new file mode 100644 index 00000000000..ad4e2007cb2 --- /dev/null +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48815.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48815", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T15:15:07.500", + "lastModified": "2023-12-04T15:15:07.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "kkFileView v4.3.0 is vulnerable to Incorrect Access Control." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/kekingcn/kkFileView", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/varzhang/There-is-a-vulnerability-in-kkFileView/blob/main/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48866.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48866.json new file mode 100644 index 00000000000..be7bba92c8d --- /dev/null +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48866.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48866", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T15:15:07.560", + "lastModified": "2023-12-04T15:15:07.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/grocy/grocy", + "source": "cve@mitre.org" + }, + { + "url": "https://nitipoom-jar.github.io/CVE-2023-48866/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-489xx/CVE-2023-48965.json b/CVE-2023/CVE-2023-489xx/CVE-2023-48965.json new file mode 100644 index 00000000000..e79e453c135 --- /dev/null +++ b/CVE-2023/CVE-2023-489xx/CVE-2023-48965.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48965", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T16:15:11.640", + "lastModified": "2023-12-04T16:15:11.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/1dreamGN/CVE/blob/main/ThinkAdmin%20Logical%20defect%20getshell.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-489xx/CVE-2023-48966.json b/CVE-2023/CVE-2023-489xx/CVE-2023-48966.json new file mode 100644 index 00000000000..edd8be94855 --- /dev/null +++ b/CVE-2023/CVE-2023-489xx/CVE-2023-48966.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48966", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T16:15:11.727", + "lastModified": "2023-12-04T16:15:11.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/1dreamGN/CVE/blob/main/ThinkAdmin%20directory%20traversal%2Bfile%20upload%20getshell.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json index dafcad35d4f..90ecbf022bc 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49287", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T06:15:07.173", - "lastModified": "2023-12-04T13:48:34.723", + "lastModified": "2023-12-04T16:15:11.793", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -55,6 +55,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176060/TinyDir-1.2.5-Buffer-Overflow.html", + "source": "security-advisories@github.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/04/1", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5427.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5427.json index 83c55ce0b49..c6c074ef90b 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5427.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5427.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5427", "sourceIdentifier": "arm-security@arm.com", "published": "2023-12-01T11:15:07.980", - "lastModified": "2023-12-03T22:15:07.033", + "lastModified": "2023-12-04T16:15:12.013", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -28,6 +28,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176029/ARM-Mali-r44p0-Use-After-Free.html", + "source": "arm-security@arm.com" + }, { "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "source": "arm-security@arm.com" diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5553.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5553.json index 67583e66e94..e1f805628e8 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5553.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5553.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5553", "sourceIdentifier": "product-security@axis.com", "published": "2023-11-21T07:15:11.180", - "lastModified": "2023-11-21T14:08:14.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T15:03:28.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, { "source": "product-security@axis.com", "type": "Secondary", @@ -38,10 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", + "versionStartIncluding": "10.8", + "versionEndExcluding": "11.7.57", + "matchCriteriaId": "D83DBF3A-DDF4-4595-87AE-25FD2321293F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "10.12.213", + "matchCriteriaId": "EB91B5E0-93B8-4FD7-9199-B780170A5770" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf", - "source": "product-security@axis.com" + "source": "product-security@axis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5767.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5767.json new file mode 100644 index 00000000000..b7984bbe73b --- /dev/null +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5767.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-5767", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-12-04T15:15:07.613", + "lastModified": "2023-12-04T15:15:07.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to an RDT language file being improperly sanitized.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5768.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5768.json new file mode 100644 index 00000000000..cacd633b046 --- /dev/null +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5768.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-5768", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-12-04T15:15:07.793", + "lastModified": "2023-12-04T15:15:07.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. \nIncomplete or wrong received APDU frame layout may \ncause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer \nwith wrong length information of APDU or delayed reception \nof data octets.\n\n\nOnly communication link of affected HCI IEC 60870-5-104 \nis blocked. If attack sequence stops the communication to \nthe previously attacked link gets normal again.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6225.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6225.json index 1427e475c4a..33b7059df34 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6225.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6225.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6225", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-28T05:15:08.613", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T15:10:44.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,59 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.0.0", + "matchCriteriaId": "7D04A19E-D1D5-4629-992D-B5493FF1F8A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/558e36f6-4678-46a2-8154-42770fbb5574?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6248.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6248.json index 4f475820504..3101fee223c 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6248.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6248.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6248", "sourceIdentifier": "cve@asrg.io", "published": "2023-11-21T22:15:08.787", - "lastModified": "2023-11-22T03:36:37.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T15:05:21.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations:\n\n * Get location data of the vehicle the device is connected to\n * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 )\n\n * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization )\n\n * Get live video through the connected video camera\n\n * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "La puerta de enlace Syrus4 IoT utiliza un servidor MQTT no seguro para descargar y ejecutar comandos arbitrarios, lo que permite a un atacante remoto no autenticado ejecutar c\u00f3digo en cualquier dispositivo Syrus4 conectado al servicio en la nube. El servidor MQTT tambi\u00e9n filtra la ubicaci\u00f3n, el video y los datos de diagn\u00f3stico de cada dispositivo conectado. Un atacante que conoce la direcci\u00f3n IP del servidor puede conectarse y realizar las siguientes operaciones: * Obtener datos de ubicaci\u00f3n del veh\u00edculo al que est\u00e1 conectado el dispositivo * Enviar mensajes del bus CAN a trav\u00e9s del m\u00f3dulo ECU (https://syrus.digitalcomtech. com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Inmovilice el veh\u00edculo mediante el m\u00f3dulo inmovilizador seguro ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization) * Obtenga video en vivo a trav\u00e9s de la c\u00e1mara de video conectada * Env\u00ede mensajes de audio al conductor (https://syrus.digitalcomtech.com/ docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts)" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -58,10 +92,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:digitalcomtech:syrus_4g_iot_telematics_gateway_firmware:apex-23.43.2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A2EFCB6-BFC3-4284-8FC8-D4AA2F72DBEA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digitalcomtech:syrus_4g_iot_telematics_gateway:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F9AA0A4B-AF82-4666-BE23-D8AF37B0DA67" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway/", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6274.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6274.json index a6da64dc1fd..144153933e4 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6274.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6274.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6274", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-24T14:15:08.413", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T15:08:18.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Beijing Baichuo Smart S80 hasta 20231108 y ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /sysmanage/updatelib.php del componente PHP File Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento file_upload conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-246103. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,62 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:byzoro:smart_s80_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-11-08", + "matchCriteriaId": "BC97D918-F337-46CE-A949-DDA436B2BBC6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:byzoro:smart_s80:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7395ADA8-2D5D-42A6-AEDE-935FBC4F1267" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Carol7S/cve/blob/main/rce.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.246103", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.246103", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6275.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6275.json index 3f8194c8185..137fe43591c 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6275.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6275.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6275", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-24T15:15:07.783", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T15:10:22.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input \"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246104. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /mobileredir/openApp.jsp del componente mobileredir es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento redirigirUrl/usuario con la entrada \"> conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede ser utillizado. El identificador de esta vulnerabilidad es VDB-246104. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,14 +95,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:totvs:fluig:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.6.0", + "versionEndExcluding": "1.8.1", + "matchCriteriaId": "E164EEA1-E230-48CF-98AA-CBA224553D57" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.246104", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.246104", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index d90e0802ae5..91b3560c708 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-04T15:01:03.255397+00:00 +2023-12-04T17:00:19.669004+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-04T14:57:36.603000+00:00 +2023-12-04T16:54:09.293000+00:00 ``` ### Last Data Feed Release @@ -29,49 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232135 +232141 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `6` -* [CVE-2023-48799](CVE-2023/CVE-2023-487xx/CVE-2023-48799.json) (`2023-12-04T13:15:07.657`) -* [CVE-2023-48800](CVE-2023/CVE-2023-488xx/CVE-2023-48800.json) (`2023-12-04T13:15:07.710`) -* [CVE-2023-48863](CVE-2023/CVE-2023-488xx/CVE-2023-48863.json) (`2023-12-04T13:15:07.753`) -* [CVE-2023-6460](CVE-2023/CVE-2023-64xx/CVE-2023-6460.json) (`2023-12-04T13:15:07.800`) -* [CVE-2023-41613](CVE-2023/CVE-2023-416xx/CVE-2023-41613.json) (`2023-12-04T14:15:07.457`) +* [CVE-2023-48815](CVE-2023/CVE-2023-488xx/CVE-2023-48815.json) (`2023-12-04T15:15:07.500`) +* [CVE-2023-48866](CVE-2023/CVE-2023-488xx/CVE-2023-48866.json) (`2023-12-04T15:15:07.560`) +* [CVE-2023-5767](CVE-2023/CVE-2023-57xx/CVE-2023-5767.json) (`2023-12-04T15:15:07.613`) +* [CVE-2023-5768](CVE-2023/CVE-2023-57xx/CVE-2023-5768.json) (`2023-12-04T15:15:07.793`) +* [CVE-2023-48965](CVE-2023/CVE-2023-489xx/CVE-2023-48965.json) (`2023-12-04T16:15:11.640`) +* [CVE-2023-48966](CVE-2023/CVE-2023-489xx/CVE-2023-48966.json) (`2023-12-04T16:15:11.727`) ### CVEs modified in the last Commit -Recently modified CVEs: `57` +Recently modified CVEs: `27` -* [CVE-2023-32862](CVE-2023/CVE-2023-328xx/CVE-2023-32862.json) (`2023-12-04T13:50:38.657`) -* [CVE-2023-32863](CVE-2023/CVE-2023-328xx/CVE-2023-32863.json) (`2023-12-04T13:50:38.657`) -* [CVE-2023-32864](CVE-2023/CVE-2023-328xx/CVE-2023-32864.json) (`2023-12-04T13:50:38.657`) -* [CVE-2023-32865](CVE-2023/CVE-2023-328xx/CVE-2023-32865.json) (`2023-12-04T13:50:38.657`) -* [CVE-2023-32866](CVE-2023/CVE-2023-328xx/CVE-2023-32866.json) (`2023-12-04T13:50:38.657`) -* [CVE-2023-32867](CVE-2023/CVE-2023-328xx/CVE-2023-32867.json) (`2023-12-04T13:50:38.657`) -* [CVE-2023-32841](CVE-2023/CVE-2023-328xx/CVE-2023-32841.json) (`2023-12-04T13:50:45.253`) -* [CVE-2023-32842](CVE-2023/CVE-2023-328xx/CVE-2023-32842.json) (`2023-12-04T13:50:45.253`) -* [CVE-2023-32843](CVE-2023/CVE-2023-328xx/CVE-2023-32843.json) (`2023-12-04T13:50:45.253`) -* [CVE-2023-32844](CVE-2023/CVE-2023-328xx/CVE-2023-32844.json) (`2023-12-04T13:50:45.253`) -* [CVE-2023-32845](CVE-2023/CVE-2023-328xx/CVE-2023-32845.json) (`2023-12-04T13:50:45.253`) -* [CVE-2023-32846](CVE-2023/CVE-2023-328xx/CVE-2023-32846.json) (`2023-12-04T13:50:45.253`) -* [CVE-2023-32847](CVE-2023/CVE-2023-328xx/CVE-2023-32847.json) (`2023-12-04T13:50:45.253`) -* [CVE-2023-6263](CVE-2023/CVE-2023-62xx/CVE-2023-6263.json) (`2023-12-04T14:40:17.437`) -* [CVE-2023-41999](CVE-2023/CVE-2023-419xx/CVE-2023-41999.json) (`2023-12-04T14:41:44.107`) -* [CVE-2023-42000](CVE-2023/CVE-2023-420xx/CVE-2023-42000.json) (`2023-12-04T14:42:39.750`) -* [CVE-2023-1295](CVE-2023/CVE-2023-12xx/CVE-2023-1295.json) (`2023-12-04T14:52:07.117`) -* [CVE-2023-35826](CVE-2023/CVE-2023-358xx/CVE-2023-35826.json) (`2023-12-04T14:52:10.630`) -* [CVE-2023-5653](CVE-2023/CVE-2023-56xx/CVE-2023-5653.json) (`2023-12-04T14:53:32.297`) -* [CVE-2023-32252](CVE-2023/CVE-2023-322xx/CVE-2023-32252.json) (`2023-12-04T14:53:38.480`) -* [CVE-2023-35828](CVE-2023/CVE-2023-358xx/CVE-2023-35828.json) (`2023-12-04T14:53:50.153`) -* [CVE-2023-4220](CVE-2023/CVE-2023-42xx/CVE-2023-4220.json) (`2023-12-04T14:53:57.123`) -* [CVE-2023-32248](CVE-2023/CVE-2023-322xx/CVE-2023-32248.json) (`2023-12-04T14:54:50.907`) -* [CVE-2023-32247](CVE-2023/CVE-2023-322xx/CVE-2023-32247.json) (`2023-12-04T14:55:19.007`) -* [CVE-2023-32558](CVE-2023/CVE-2023-325xx/CVE-2023-32558.json) (`2023-12-04T14:57:36.603`) +* [CVE-2023-6274](CVE-2023/CVE-2023-62xx/CVE-2023-6274.json) (`2023-12-04T15:08:18.743`) +* [CVE-2023-6275](CVE-2023/CVE-2023-62xx/CVE-2023-6275.json) (`2023-12-04T15:10:22.267`) +* [CVE-2023-6225](CVE-2023/CVE-2023-62xx/CVE-2023-6225.json) (`2023-12-04T15:10:44.187`) +* [CVE-2023-44327](CVE-2023/CVE-2023-443xx/CVE-2023-44327.json) (`2023-12-04T16:15:07.433`) +* [CVE-2023-44328](CVE-2023/CVE-2023-443xx/CVE-2023-44328.json) (`2023-12-04T16:15:07.673`) +* [CVE-2023-44329](CVE-2023/CVE-2023-443xx/CVE-2023-44329.json) (`2023-12-04T16:15:07.870`) +* [CVE-2023-44340](CVE-2023/CVE-2023-443xx/CVE-2023-44340.json) (`2023-12-04T16:15:08.083`) +* [CVE-2023-44348](CVE-2023/CVE-2023-443xx/CVE-2023-44348.json) (`2023-12-04T16:15:08.290`) +* [CVE-2023-44356](CVE-2023/CVE-2023-443xx/CVE-2023-44356.json) (`2023-12-04T16:15:08.517`) +* [CVE-2023-44357](CVE-2023/CVE-2023-443xx/CVE-2023-44357.json) (`2023-12-04T16:15:08.723`) +* [CVE-2023-44358](CVE-2023/CVE-2023-443xx/CVE-2023-44358.json) (`2023-12-04T16:15:08.937`) +* [CVE-2023-44360](CVE-2023/CVE-2023-443xx/CVE-2023-44360.json) (`2023-12-04T16:15:09.163`) +* [CVE-2023-47044](CVE-2023/CVE-2023-470xx/CVE-2023-47044.json) (`2023-12-04T16:15:09.370`) +* [CVE-2023-47046](CVE-2023/CVE-2023-470xx/CVE-2023-47046.json) (`2023-12-04T16:15:09.573`) +* [CVE-2023-47047](CVE-2023/CVE-2023-470xx/CVE-2023-47047.json) (`2023-12-04T16:15:09.783`) +* [CVE-2023-47048](CVE-2023/CVE-2023-470xx/CVE-2023-47048.json) (`2023-12-04T16:15:09.987`) +* [CVE-2023-47049](CVE-2023/CVE-2023-470xx/CVE-2023-47049.json) (`2023-12-04T16:15:10.200`) +* [CVE-2023-47050](CVE-2023/CVE-2023-470xx/CVE-2023-47050.json) (`2023-12-04T16:15:10.477`) +* [CVE-2023-47051](CVE-2023/CVE-2023-470xx/CVE-2023-47051.json) (`2023-12-04T16:15:10.677`) +* [CVE-2023-47054](CVE-2023/CVE-2023-470xx/CVE-2023-47054.json) (`2023-12-04T16:15:10.880`) +* [CVE-2023-47071](CVE-2023/CVE-2023-470xx/CVE-2023-47071.json) (`2023-12-04T16:15:11.263`) +* [CVE-2023-49287](CVE-2023/CVE-2023-492xx/CVE-2023-49287.json) (`2023-12-04T16:15:11.793`) +* [CVE-2023-5427](CVE-2023/CVE-2023-54xx/CVE-2023-5427.json) (`2023-12-04T16:15:12.013`) +* [CVE-2023-2497](CVE-2023/CVE-2023-24xx/CVE-2023-2497.json) (`2023-12-04T16:41:46.397`) +* [CVE-2023-38218](CVE-2023/CVE-2023-382xx/CVE-2023-38218.json) (`2023-12-04T16:54:09.293`) ## Download and Usage