diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125109.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125109.json index ad28b4093f3..d5ed27185b9 100644 --- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125109.json +++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125109.json @@ -2,16 +2,40 @@ "id": "CVE-2014-125109", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-26T15:15:08.010", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:15:42.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en BestWebSoft Portfolio Plugin hasta 2.27. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n bws_add_menu_render del archivo bws_menu/bws_menu.php. La manipulaci\u00f3n del argumento bwsmn_form_email conduce a cross site scripting. El ataque se puede iniciar de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.28 puede solucionar este problema. El nombre del parche es d2ede580474665af56ff262a05783fbabe4529b8. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-248956." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bestwebsoft:portfolio:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.28", + "matchCriteriaId": "DB639F87-D69B-4E14-8550-9DA615DBC596" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://vuldb.com/?ctiid.248956", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248956", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10127.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10127.json index 5f447f37a55..2fbdffab6b3 100644 --- a/CVE-2015/CVE-2015-101xx/CVE-2015-10127.json +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10127.json @@ -2,16 +2,40 @@ "id": "CVE-2015-10127", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-26T17:15:07.923", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:06:16.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PlusCaptcha Plugin hasta 2.0.6 en WordPress y se clasific\u00f3 como problem\u00e1tica. Una funci\u00f3n desconocida es afectada por este problema. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede lanzarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.0.14 puede solucionar este problema. El parche se identifica como 1274afc635170daafd38306487b6bb8a01f78ecd. Se recomienda actualizar el componente afectado. VDB-248954 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bestwebsoft:pluscaptcha:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.6", + "matchCriteriaId": "025F3EF5-30CF-4A2F-A5C8-CD24C5E641C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://vuldb.com/?ctiid.248954", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248954", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44589.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44589.json index a93ad2f1d64..cfb19accaa1 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44589.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44589.json @@ -2,8 +2,8 @@ "id": "CVE-2022-44589", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T10:15:08.613", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:11:40.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:miniorange:google_authenticator:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.6.2", + "matchCriteriaId": "3FC58226-F221-4A87-B311-2B8B5B644896" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/miniorange-2-factor-authentication/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json index 09d73e8677c..a6923112e13 100644 --- a/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json +++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24805.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24805", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-17T18:15:09.177", - "lastModified": "2023-05-25T17:05:06.890", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-05T16:15:44.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -194,6 +194,10 @@ "Release Notes" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-06", + "source": "security-advisories@github.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5407", "source": "security-advisories@github.com", diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31095.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31095.json index 8e081855ee9..c4bbeb1bcaf 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31095.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31095.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31095", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T10:15:09.260", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:11:09.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:database_for_contact_form_7\\,_wpforms\\,_elementor_forms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.9", + "matchCriteriaId": "69C036AE-9134-497D-87B7-B0A74E492280" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cf7-hubspot/wordpress-integration-for-contact-form-7-hubspot-plugin-1-2-8-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31229.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31229.json index 98ca66153fa..ef59656d3ce 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31229.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31229.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31229", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T10:15:09.490", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:10:37.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.0", + "matchCriteriaId": "20BCF3D8-BEDB-4089-92A4-F68AF50B1C22" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-1-9-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31237.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31237.json index e03122c87dc..838d38f4519 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31237.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31237.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31237", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T10:15:09.813", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:10:09.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zephyr_project_manager_project:zephyr_project_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.3.91", + "matchCriteriaId": "81983B69-1FF0-4D43-9792-D699DD8D59AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32101.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32101.json index 004ff15cc2d..6ddb247a05e 100644 --- a/CVE-2023/CVE-2023-321xx/CVE-2023-32101.json +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32101.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32101", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T10:15:10.080", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:14:34.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pexlechris:library_viewer:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.6.1", + "matchCriteriaId": "95AD58F4-1380-4B2D-89A0-FB648EF76491" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/library-viewer/wordpress-library-viewer-plugin-2-0-6-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32517.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32517.json index 8c6f1d76ba5..3fb51cd826e 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32517.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32517.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32517", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T10:15:10.390", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:14:06.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibericode:mailchimp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.0.9.4", + "matchCriteriaId": "1D56EDE3-6F2A-4DFF-BE61-2F07EE24853F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mailchimp-subscribe-sm/wordpress-mailchimp-subscribe-forms-plugin-4-0-9-1-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34829.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34829.json index 86cea15b6a0..9095e6c9ed5 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34829.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34829.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34829", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T03:15:07.587", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:25:53.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El control de acceso incorrecto en TP-Link Tapo anterior a v3.1.315 permite a los atacantes acceder a las credenciales de usuario en texto plano." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tp-link:tapo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.315", + "matchCriteriaId": "72827595-F645-4D2C-BDFA-F211C1994100" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/SecureScripts/TP-Link_Tapo_Hack", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38146.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38146.json index 147b9640e3a..45d9b77bc16 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38146.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38146.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38146", "sourceIdentifier": "secure@microsoft.com", "published": "2023-09-12T17:15:17.807", - "lastModified": "2023-09-14T20:16:10.510", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-05T16:15:45.233", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Windows Themes Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Ejecuci\u00f3n Remota de C\u00f3digo en Windows Themes" } ], "metrics": { @@ -71,6 +75,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json index a0a09d880f0..9945e200c5d 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4462", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T10:15:11.100", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:16:26.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,153 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6EF5E6E-D387-4EB1-A533-C005F76F49E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "74C09FB0-DC34-4F03-8560-B607FB8A5245" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37A9DF12-51BF-4E6A-B753-7481C95F22AD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8F8D61E7-160F-4E4F-8C73-724DFF3F92C2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6307C9DD-572F-44E4-ADCD-205CC1553774" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39862A32-5AF6-41F9-9C25-9D68EB3784DC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CC00989-4E87-48F1-9EC9-53F0AB4F445C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CDD2376-BD9D-4B5E-B776-0F627D09E025" + } + ] + } + ] + } + ], "references": [ { "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/", + "source": "nvd@nist.gov", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249255", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249255", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49002.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49002.json index d0e1df41d0c..8555ca524b4 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49002.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49002.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49002", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T22:15:16.750", - "lastModified": "2023-12-28T15:09:59.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:29:01.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Un problema en Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 permite a un atacante omitir las restricciones de acceso previstas mediante la interacci\u00f3n con com.funprime.calldialer.ui.activities.OutgoingActivity." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xenomtechnologies:phone_dialer-voice_call_dialer:1.2.5:*:*:*:*:android:*:*", + "matchCriteriaId": "B1C15C0F-D850-4DB3-8C30-2DF00BA0BA88" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/actuator/com.sinous.voice.dialer/blob/main/CWE-928.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/actuator/cve/blob/main/CVE-2023-49002", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49830.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49830.json index fe54e11e092..4ea7e7e2b25 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49830.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49830.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49830", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T10:15:10.783", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:26:56.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brainstormforce:astra:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "4.3.1", + "matchCriteriaId": "2D11E943-BB0A-4311-90F0-57CC69CECF7D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50470.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50470.json index fc454caf3ec..74b9439f289 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50470.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50470.json @@ -2,27 +2,93 @@ "id": "CVE-2023-50470", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T15:15:07.617", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:50:59.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) en el componente admin_Video.php de SeaCMS v12.8 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seacms:seacms:12.8:*:*:*:*:*:*:*", + "matchCriteriaId": "6A89BDA4-2E1C-42FE-B389-225323139AD6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://seacms.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://blog.csdn.net/weixin_72610998/article/details/134784075?spm=1001.2014.3001.5502", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.seacms.net/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50849.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50849.json index 054d5ca65c5..534fe4e2261 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50849.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50849.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50849", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T12:15:42.997", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:24:04.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.20.23", + "matchCriteriaId": "DA92B9E3-A3CC-4FC1-88AD-B8EF63A1FAC6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50852.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50852.json index 2631b3d8ac5..7686e9c97f3 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50852.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50852.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50852", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T12:15:43.390", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:26:02.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stylemixthemes:bookit:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.4", + "matchCriteriaId": "D7B7BD67-7128-48D8-92AE-3DE035D0959B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bookit/wordpress-bookit-plugin-2-4-3-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50853.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50853.json index 7169ea143c6..77db74d21e8 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50853.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50853.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50853", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T12:15:43.577", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:22:23.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advancedformintegration:advanced_form_integration:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.75.0", + "matchCriteriaId": "413E5284-60E3-4C19-B37B-E5C420BBD9E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-form-integration/wordpress-advanced-form-integration-plugin-1-75-0-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50855.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50855.json index ed19a9ccc96..f5e8c827fe4 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50855.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50855.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50855", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T12:15:43.953", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:33:31.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samperrow:pre_party_resource_hints:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.18", + "matchCriteriaId": "851EF197-4EFE-4DA7-9EDA-4BEB18106723" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/pre-party-browser-hints/wordpress-pre-party-resource-hints-plugin-1-8-18-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50858.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50858.json index eb64aea2b83..1917d594f9b 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50858.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50858.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50858", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:10.120", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:24:19.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:billminozzi:anit_hacker:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.34", + "matchCriteriaId": "C9443507-F4F2-43FD-87EC-83914F8B413E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/antihacker/wordpress-anti-hacker-plugin-4-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50878.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50878.json index c1efc73c7d3..3ca61fd4948 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50878.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50878.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50878", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:08.693", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:21:46.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.10.1", + "matchCriteriaId": "99DA4E19-3B77-4BD8-BA3E-80D7D7F2B629" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mstore-api/wordpress-mstore-api-plugin-4-10-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50902.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50902.json index c24fbfaf382..9c6bd7d35b2 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50902.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50902.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50902", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:09.230", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:21:34.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpexperts:new_user_approve:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.5.1", + "matchCriteriaId": "2555D720-9110-4440-A139-07FA512BC524" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/new-user-approve/wordpress-new-user-approve-plugin-2-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51006.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51006.json index bdba3866c95..6eeedca972f 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51006.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51006.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51006", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T04:15:08.227", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:25:21.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Un problema en el m\u00e9todo openFile de Chinese Perpetual Calendar v9.0.0 permite a los atacantes leer cualquier archivo a trav\u00e9s de vectores no especificados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zhwnl:chinese_perpetual_calendar:9.0.0:*:*:*:*:android:*:*", + "matchCriteriaId": "2950BDFE-05B1-4455-9B2C-E3BA6ABFFD62" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/firmianay/security-issues/tree/main/app/cn.etouch.ecalendar", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51010.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51010.json index 25e61973b0a..462fbf44285 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51010.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51010.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51010", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T04:15:08.280", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:25:27.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Un problema en el componente de exportaci\u00f3n AdSdkH5Activity de com.sdjictec.qdmetro v4.2.2 permite a los atacantes abrir una URL manipulada sin ning\u00fan filtrado o verificaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qd-metro:qingdao_metro:4.2.2:*:*:*:*:android:*:*", + "matchCriteriaId": "F6E17510-90A3-49E2-B38F-CCF2361C3884" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/firmianay/security-issues/tree/main/app/com.sdjictec.qdmetro", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51103.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51103.json index 291459e791d..a1e9a198502 100644 --- a/CVE-2023/CVE-2023-511xx/CVE-2023-51103.json +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51103.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51103", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-26T15:15:08.630", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:25:15.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de excepci\u00f3n de punto flotante (divisi\u00f3n por cero) en mupdf 1.23.4 en la funci\u00f3n fz_new_pixmap_from_float_data() de pixmap.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:mupdf:1.23.4:*:*:*:*:*:*:*", + "matchCriteriaId": "84C208C6-A3D9-4A82-83B9-FCBECD89AD23" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51354.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51354.json index 586517b6dc7..29a7ffee4f1 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51354.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51354.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51354", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:09.450", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:21:13.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webba-booking:webba_booking:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.5.33", + "matchCriteriaId": "DEEA516B-1918-402E-95C0-8071BEE50873" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/webba-booking-lite/wordpress-webba-booking-plugin-4-5-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51358.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51358.json index 370c127b18c..725134e534d 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51358.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51358.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51358", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:09.663", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:20:52.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brightplugins:block_ips_for_gravity_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.1", + "matchCriteriaId": "BF6B7DBD-E3D2-4DE3-A80F-F8FB542CAF32" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/gf-block-ips/wordpress-block-ips-for-gravity-forms-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51378.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51378.json index f41330f5191..220f3d84d0d 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51378.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51378.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51378", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:09.930", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:20:35.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eaglevisionit:rise_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "A94FF39B-760D-4DFF-B999-4A18B9CC94B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/rise-blocks/wordpress-rise-blocks-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51414.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51414.json index b8e9b2e1cb2..0a663c35f60 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51414.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51414.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51414", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:10.180", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:20:07.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:donweb:envialosimple\\:email_marketing_y_newsletters:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1", + "matchCriteriaId": "764C5F21-1D5F-4331-A80F-048974AA8FBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51422.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51422.json index 1697162479e..e7e0f824ef4 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51422.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51422.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51422", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:10.393", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:18:43.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:saleswonder:webinarignition:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.05.0", + "matchCriteriaId": "E50EB82D-9183-4245-B271-E1C2EBDC4A1D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51430.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51430.json index fca5a587d1f..f2be37d0ad7 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51430.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51430.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51430", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T04:15:09.847", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:04:45.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:android:*", + "versionEndExcluding": "6.1.0.212", + "matchCriteriaId": "3B063FEE-3FFF-426C-BF6F-63DC9017E594" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hihonor.com/global/security/cve-2023-51430/", - "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51431.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51431.json index 4e27ac834f4..ca6772c7966 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51431.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51431.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51431", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T04:15:10.010", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:04:24.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hihonor:phoneservice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.0.0.243", + "matchCriteriaId": "DEEEF118-B16F-4550-AB7D-6FB34DD1E995" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hihonor.com/global/security/cve-2023-51431/", - "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51432.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51432.json index 1de7e0561c5..f33a77591e7 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51432.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51432.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51432", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T04:15:10.177", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:02:52.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.0.212", + "matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hihonor.com/global/security/cve-2023-51432/", - "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51433.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51433.json index 12800b93af2..a7c7821ad78 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51433.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51433.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51433", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T04:15:10.343", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:09:17.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.0.212", + "matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hihonor.com/global/security/cve-2023-51433/", - "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51434.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51434.json index 4c0a5894c45..1683fb8c4fd 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51434.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51434.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51434", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T04:15:10.513", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:08:52.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.0.212", + "matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hihonor.com/global/security/cve-2023-51434/", - "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51435.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51435.json index 8ece5734391..caceb54a253 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51435.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51435.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51435", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T04:15:10.677", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:08:27.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.0.212", + "matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hihonor.com/global/security/cve-2023-51435/", - "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51470.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51470.json index 02043ffc492..9476bf48b22 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51470.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51470.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51470", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:10.607", - "lastModified": "2023-12-29T13:56:17.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:18:09.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:boiteasite:rencontre:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.11.1", + "matchCriteriaId": "4407A1F6-5BCA-4F61-B6A2-FADFCA859881" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51665.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51665.json index cd0a19af843..362520f734e 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51665.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51665.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51665", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-27T18:15:23.267", - "lastModified": "2023-12-27T18:24:09.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:02:21.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.\n\n" + }, + { + "lang": "es", + "value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. Antes de 2.7.0, Audiobookshelf era afectado por una vulnerabilidad de blind server-side request (SSRF) no autenticada en Auth.js. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 2.7.0. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.7.0", + "matchCriteriaId": "13B62B03-BF78-4428-B064-B6186947CE61" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51697.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51697.json index c6050a8cd3d..b08722cdac1 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51697.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51697.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51697", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-27T18:15:23.487", - "lastModified": "2023-12-27T18:24:09.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:03:13.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.\n\n" + }, + { + "lang": "es", + "value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. Antes de 2.7.0, Audiobookshelf era afectado por una vulnerabilidad de blind server-side request (SSRF) no autenticada en `podcastUtils.js`. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 2.7.0. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.7.0", + "matchCriteriaId": "13B62B03-BF78-4428-B064-B6186947CE61" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json index 09fcd17dbd2..e612225a1d4 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51764", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T05:15:08.273", - "lastModified": "2024-01-04T18:15:08.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T16:19:53.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,47 +14,199 @@ "value": "Postfix hasta 3.8.4 permite el contrabando SMTP a menos que se configure con smtpd_data_restrictions=reject_unauth_pipelining (u otras opciones que existen en versiones recientes). Los atacantes remotos pueden utilizar una t\u00e9cnica de explotaci\u00f3n publicada para inyectar mensajes de correo electr\u00f3nico que parecen originarse en el servidor Postfix, lo que permite omitir un mecanismo de protecci\u00f3n SPF. Esto ocurre porque Postfix admite . pero algunos otros servidores de correo electr\u00f3nico populares no lo hacen. Para evitar variantes de ataque (al no permitir siempre sin ), se requiere una soluci\u00f3n diferente: la opci\u00f3n smtpd_forbid_bare_newline=yes con una versi\u00f3n m\u00ednima de Postfix de 3.5.23, 3.6.13, 3.7.9, 3.8.4, o 3.9." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.23", + "matchCriteriaId": "0598FFA3-9DB8-4D01-9049-3834B6B53000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.6.0", + "versionEndExcluding": "3.6.13", + "matchCriteriaId": "7AD4364D-F93C-499E-8ECA-5228354D20B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7.0", + "versionEndExcluding": "3.7.9", + "matchCriteriaId": "7174307B-1249-47B5-BE66-9194AC26BA15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8.0", + "versionEndExcluding": "3.8.4", + "matchCriteriaId": "7A422C34-3E0E-4C3F-8EA9-4F442D88057D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/12/24/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/25/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-51764", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255563", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/duy-31/CVE-2023-51764", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/eeenvik1/CVE-2023-51764", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description", + "Third Party Advisory" + ] }, { "url": "https://www.postfix.org/smtp-smuggling.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://www.youtube.com/watch?v=V8KPV96g1To", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json index a9822826ce2..bcd84238ac8 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51765", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T06:15:07.527", - "lastModified": "2024-01-04T18:15:08.607", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T15:30:18.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,67 +14,213 @@ "value": "sendmail hasta al menos 8.14.7 permite el contrabando SMTP en ciertas configuraciones. Los atacantes remotos pueden utilizar una t\u00e9cnica de explotaci\u00f3n publicada para inyectar mensajes de correo electr\u00f3nico que parecen originarse en el servidor sendmail, lo que permite omitir un mecanismo de protecci\u00f3n SPF. Esto ocurre porque sendmail admite . pero algunos otros servidores de correo electr\u00f3nico populares no lo hacen." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.18.0.2", + "matchCriteriaId": "CEE597E4-93EE-4D07-8698-5F43E45BCB37" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.0", + "matchCriteriaId": "A57DF1BC-3B6C-419A-9355-BC20E1D95347" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/12/24/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/25/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/26/5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/29/5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/30/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/30/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-51765", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255869", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1218351", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description", + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/21/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/22/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.youtube.com/watch?v=V8KPV96g1To", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52081.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52081.json index 3d82e62975e..e2b6b0265b1 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52081.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52081.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52081", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-28T16:16:02.090", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:59:47.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. The `lookupPreprocess()` can be easily bypassed with equivalent Unicode characters like U+FE4D (?), which would result in the omitted U+005F (_), for instance. The `lookupPreprocess()` function is only ever used to search for themes loosely (case insensitively, while ignoring dashes, underscores and dots), so the actual security impact is classified as low. This vulnerability is fixed in 0.2.0. There are no known workarounds." + }, + { + "lang": "es", + "value": "ffcss es una interfaz CLI para aplicar y configurar temas CSS de Firefox. Antes de 0.2.0, la funci\u00f3n `lookupPreprocess()` estaba destinada a aplicar algunas transformaciones a una cadena deshabilitando caracteres en la expresi\u00f3n regular `[-_ .]`. Sin embargo, debido al uso de la normalizaci\u00f3n Unicode tard\u00eda del tipo NFKD, es posible omitir esa validaci\u00f3n y volver a introducir todos los caracteres en la expresi\u00f3n regular `[-_ .]`. El `lookupPreprocess()` se puede omitir f\u00e1cilmente con caracteres Unicode equivalentes como U+FE4D (?), lo que dar\u00eda como resultado U+005F (_) omitido, por ejemplo. La funci\u00f3n `lookupPreprocess()` s\u00f3lo se utiliza para buscar temas de forma flexible (sin distinguir entre may\u00fasculas y min\u00fasculas, ignorando guiones, guiones bajos y puntos), por lo que el impacto real en la seguridad se clasifica como bajo. Esta vulnerabilidad se solucion\u00f3 en 0.2.0. No se conocen workarounds." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +84,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ewen-lbh:firefox_css:*:*:*:*:*:go:*:*", + "versionEndExcluding": "0.2.0", + "matchCriteriaId": "BD1EE5E4-A11D-4E6C-83E6-BB649FB7643D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ewen-lbh/ffcss/commit/f9c491874b858a32fcae15045f169fd7d02f90dc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ewen-lbh/ffcss/security/advisories/GHSA-wpmx-564x-h2mh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json index 84d21957efc..83bc94618ef 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json @@ -2,19 +2,80 @@ "id": "CVE-2023-52152", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T23:15:44.197", - "lastModified": "2023-12-29T03:13:44.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:00:51.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation." + }, + { + "lang": "es", + "value": "mupnp/net/uri.c en mUPnP para C hasta 3.0.2 tiene una lectura fuera de los l\u00edmites y un bloqueo de la aplicaci\u00f3n porque carece de un cierto rec\u00e1lculo de la longitud del host." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cybergarage:mupnp_for_c:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.0.2", + "matchCriteriaId": "0A5EE1C0-3244-4748-96E7-82FCE547D2F5" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cybergarage/mupnp/issues/21", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6114.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6114.json index 754e7728927..7602c4fb448 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6114.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6114.json @@ -2,23 +2,93 @@ "id": "CVE-2023-6114", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.260", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:08:00.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site." + }, + { + "lang": "es", + "value": "El complemento Duplicator WordPress anterior a 1.5.7.1 y Duplicator Pro WordPress anterior a 4.5.14.2 no impiden incluir el directorio `backups-dup-lite/tmp` (o el directorio `backups-dup-pro/tmp` en la versi\u00f3n Pro) , que almacena temporalmente archivos que contienen datos confidenciales. Cuando la lista de directorios est\u00e1 habilitada en el servidor web, esto permite a atacantes no autenticados descubrir y acceder a estos archivos confidenciales, que incluyen un volcado completo de la base de datos y un archivo zip del sitio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:-:wordpress:*:*", + "versionEndExcluding": "1.5.7.1", + "matchCriteriaId": "F0932AD4-2475-48D9-AAFC-EAEAF0B0DE44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:pro:wordpress:*:*", + "versionEndExcluding": "4.5.14.2", + "matchCriteriaId": "C2B01C2B-C53C-4862-AB0A-240C96B3DB72" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6879.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6879.json index 84d85b888c6..8e4cae98265 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6879.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6879.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6879", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-12-27T23:15:07.530", - "lastModified": "2024-01-05T02:15:07.933", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T16:26:26.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -50,18 +80,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.7.1", + "matchCriteriaId": "C852A718-716E-4C5F-891D-1E290834F660" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch" + ] }, { "url": "https://crbug.com/aomedia/3491", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6939.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6939.json index 37e9191df45..cb33532af82 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6939.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6939.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6939", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T04:15:10.937", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:07:36.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.0.212", + "matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hihonor.com/global/security/cve-2023-6939/", - "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7127.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7127.json index 483ae640e79..a4537dc994f 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7127.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7127.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7127", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T15:15:07.663", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:41:50.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en code-projects Automated Voting System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Login. La manipulaci\u00f3n del argumento idno conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249130 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:automated_voting_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FF05C607-002F-49FC-ABEE-CF1B3CD7762A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Automated_Voting_System/Automated_Voting_System-SQL_Injection-2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249130", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249130", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7128.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7128.json index a7ecae46cad..2cb1ae9642a 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7128.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7128.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7128", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T15:15:07.887", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:37:52.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131." + }, + { + "lang": "es", + "value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Voting System 1.0. Este problema afecta un procesamiento desconocido del archivo /admin/ del componente Admin Login. La manipulaci\u00f3n del argumento username conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249131." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:voting_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "33C83C8E-8FB2-49CD-BC33-09F4CCCFF79E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Voting_System/Voting_System-SQL_Injection-1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249131", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249131", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7150.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7150.json index 3e4dd526f07..fdf981fa37e 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7150.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7150.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7150", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T04:15:11.333", - "lastModified": "2023-12-29T17:16:07.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:07:13.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:campcodes:chic_beauty_salon:20230703:*:*:*:*:*:*:*", + "matchCriteriaId": "B2B9E5B9-7D46-4251-8167-2439F0652B3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability-", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/laoquanshi/Chic-Vulnerability-", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.249157", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.249157", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7152.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7152.json index 6a21e3dcce9..b939c71050e 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7152.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7152.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7152", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T05:15:09.473", - "lastModified": "2023-12-29T13:56:33.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:13:43.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:micropython:micropython:1.21.0:*:*:*:*:*:*:*", + "matchCriteriaId": "92240FCD-0BA9-46D0-9C9A-2CDD8FE2A769" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:micropython:micropython:1.22.0:preview:*:*:*:*:*:*", + "matchCriteriaId": "B60BCDF9-D1CF-45ED-9B95-9F06C5C2A95F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/micropython/micropython/issues/12887", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://vuldb.com/?ctiid.249158", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.249158", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7159.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7159.json index 589a886d277..f09a8c93fa7 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7159.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7159.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7159", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T07:15:11.420", - "lastModified": "2023-12-29T13:56:33.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T15:02:21.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:masterlab:masterlab:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.3.10", + "matchCriteriaId": "650AE4B5-39D2-4607-8455-957955DF48AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/FE79uijyqmG7", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://note.zhaoj.in/share/jNbywlXI46HV", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.249181", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249181", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7166.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7166.json index 339cb39468e..e4a5a7d3787 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7166.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7166.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7166", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T09:15:09.973", - "lastModified": "2023-12-29T13:56:27.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T16:12:33.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.2.0", + "matchCriteriaId": "87014C48-21C3-4855-9141-8F5FD17B5C0D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/201206030/novel-plus/commit/c62da9bb3a9b3603014d0edb436146512631100d", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS/en-us.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.249201", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.249201", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 48f2f891597..355a565083a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-05T15:00:24.681055+00:00 +2024-01-05T17:00:25.773492+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-05T14:53:54.850000+00:00 +2024-01-05T16:50:59.727000+00:00 ``` ### Last Data Feed Release @@ -34,40 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `0` -* [CVE-2024-0246](CVE-2024/CVE-2024-02xx/CVE-2024-0246.json) (`2024-01-05T14:15:48.250`) ### CVEs modified in the last Commit -Recently modified CVEs: `35` +Recently modified CVEs: `52` -* [CVE-2023-7160](CVE-2023/CVE-2023-71xx/CVE-2023-7160.json) (`2024-01-05T14:03:10.677`) -* [CVE-2023-28198](CVE-2023/CVE-2023-281xx/CVE-2023-28198.json) (`2024-01-05T14:15:46.227`) -* [CVE-2023-28204](CVE-2023/CVE-2023-282xx/CVE-2023-28204.json) (`2024-01-05T14:15:46.340`) -* [CVE-2023-32370](CVE-2023/CVE-2023-323xx/CVE-2023-32370.json) (`2024-01-05T14:15:46.447`) -* [CVE-2023-32373](CVE-2023/CVE-2023-323xx/CVE-2023-32373.json) (`2024-01-05T14:15:46.537`) -* [CVE-2023-32393](CVE-2023/CVE-2023-323xx/CVE-2023-32393.json) (`2024-01-05T14:15:46.657`) -* [CVE-2023-32439](CVE-2023/CVE-2023-324xx/CVE-2023-32439.json) (`2024-01-05T14:15:46.780`) -* [CVE-2023-37450](CVE-2023/CVE-2023-374xx/CVE-2023-37450.json) (`2024-01-05T14:15:46.917`) -* [CVE-2023-38133](CVE-2023/CVE-2023-381xx/CVE-2023-38133.json) (`2024-01-05T14:15:47.027`) -* [CVE-2023-38572](CVE-2023/CVE-2023-385xx/CVE-2023-38572.json) (`2024-01-05T14:15:47.123`) -* [CVE-2023-38592](CVE-2023/CVE-2023-385xx/CVE-2023-38592.json) (`2024-01-05T14:15:47.227`) -* [CVE-2023-38594](CVE-2023/CVE-2023-385xx/CVE-2023-38594.json) (`2024-01-05T14:15:47.353`) -* [CVE-2023-38595](CVE-2023/CVE-2023-385xx/CVE-2023-38595.json) (`2024-01-05T14:15:47.447`) -* [CVE-2023-38597](CVE-2023/CVE-2023-385xx/CVE-2023-38597.json) (`2024-01-05T14:15:47.557`) -* [CVE-2023-38599](CVE-2023/CVE-2023-385xx/CVE-2023-38599.json) (`2024-01-05T14:15:47.670`) -* [CVE-2023-38600](CVE-2023/CVE-2023-386xx/CVE-2023-38600.json) (`2024-01-05T14:15:47.753`) -* [CVE-2023-38611](CVE-2023/CVE-2023-386xx/CVE-2023-38611.json) (`2024-01-05T14:15:47.830`) -* [CVE-2023-40397](CVE-2023/CVE-2023-403xx/CVE-2023-40397.json) (`2024-01-05T14:15:47.920`) -* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2024-01-05T14:15:48.030`) -* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2024-01-05T14:15:48.143`) -* [CVE-2023-50445](CVE-2023/CVE-2023-504xx/CVE-2023-50445.json) (`2024-01-05T14:37:38.527`) -* [CVE-2023-7158](CVE-2023/CVE-2023-71xx/CVE-2023-7158.json) (`2024-01-05T14:47:39.737`) -* [CVE-2023-23634](CVE-2023/CVE-2023-236xx/CVE-2023-23634.json) (`2024-01-05T14:48:51.033`) -* [CVE-2023-7157](CVE-2023/CVE-2023-71xx/CVE-2023-7157.json) (`2024-01-05T14:53:02.590`) -* [CVE-2023-7156](CVE-2023/CVE-2023-71xx/CVE-2023-7156.json) (`2024-01-05T14:53:54.850`) +* [CVE-2023-38146](CVE-2023/CVE-2023-381xx/CVE-2023-38146.json) (`2024-01-05T16:15:45.233`) +* [CVE-2023-51470](CVE-2023/CVE-2023-514xx/CVE-2023-51470.json) (`2024-01-05T16:18:09.547`) +* [CVE-2023-51422](CVE-2023/CVE-2023-514xx/CVE-2023-51422.json) (`2024-01-05T16:18:43.920`) +* [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2024-01-05T16:19:53.853`) +* [CVE-2023-51414](CVE-2023/CVE-2023-514xx/CVE-2023-51414.json) (`2024-01-05T16:20:07.743`) +* [CVE-2023-51378](CVE-2023/CVE-2023-513xx/CVE-2023-51378.json) (`2024-01-05T16:20:35.933`) +* [CVE-2023-51358](CVE-2023/CVE-2023-513xx/CVE-2023-51358.json) (`2024-01-05T16:20:52.507`) +* [CVE-2023-51354](CVE-2023/CVE-2023-513xx/CVE-2023-51354.json) (`2024-01-05T16:21:13.340`) +* [CVE-2023-50902](CVE-2023/CVE-2023-509xx/CVE-2023-50902.json) (`2024-01-05T16:21:34.563`) +* [CVE-2023-50878](CVE-2023/CVE-2023-508xx/CVE-2023-50878.json) (`2024-01-05T16:21:46.253`) +* [CVE-2023-50853](CVE-2023/CVE-2023-508xx/CVE-2023-50853.json) (`2024-01-05T16:22:23.297`) +* [CVE-2023-50849](CVE-2023/CVE-2023-508xx/CVE-2023-50849.json) (`2024-01-05T16:24:04.103`) +* [CVE-2023-50858](CVE-2023/CVE-2023-508xx/CVE-2023-50858.json) (`2024-01-05T16:24:19.057`) +* [CVE-2023-51103](CVE-2023/CVE-2023-511xx/CVE-2023-51103.json) (`2024-01-05T16:25:15.997`) +* [CVE-2023-51006](CVE-2023/CVE-2023-510xx/CVE-2023-51006.json) (`2024-01-05T16:25:21.183`) +* [CVE-2023-51010](CVE-2023/CVE-2023-510xx/CVE-2023-51010.json) (`2024-01-05T16:25:27.600`) +* [CVE-2023-34829](CVE-2023/CVE-2023-348xx/CVE-2023-34829.json) (`2024-01-05T16:25:53.217`) +* [CVE-2023-50852](CVE-2023/CVE-2023-508xx/CVE-2023-50852.json) (`2024-01-05T16:26:02.803`) +* [CVE-2023-6879](CVE-2023/CVE-2023-68xx/CVE-2023-6879.json) (`2024-01-05T16:26:26.830`) +* [CVE-2023-49830](CVE-2023/CVE-2023-498xx/CVE-2023-49830.json) (`2024-01-05T16:26:56.500`) +* [CVE-2023-49002](CVE-2023/CVE-2023-490xx/CVE-2023-49002.json) (`2024-01-05T16:29:01.827`) +* [CVE-2023-50855](CVE-2023/CVE-2023-508xx/CVE-2023-50855.json) (`2024-01-05T16:33:31.383`) +* [CVE-2023-7128](CVE-2023/CVE-2023-71xx/CVE-2023-7128.json) (`2024-01-05T16:37:52.603`) +* [CVE-2023-7127](CVE-2023/CVE-2023-71xx/CVE-2023-7127.json) (`2024-01-05T16:41:50.663`) +* [CVE-2023-50470](CVE-2023/CVE-2023-504xx/CVE-2023-50470.json) (`2024-01-05T16:50:59.727`) ## Download and Usage