admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-05T17:00:25.773492+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-05 17:00:29 +00:00
parent 74e70d9a3f
commit 62fe8be9f3
53 changed files with 3071 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2014/CVE-2014-1251xx/CVE-2014-125109.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2014-125109",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-26T15:15:08.010",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:15:42.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en BestWebSoft Portfolio Plugin hasta 2.27. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n bws_add_menu_render del archivo bws_menu/bws_menu.php. La manipulaci\u00f3n del argumento bwsmn_form_email conduce a cross site scripting. El ataque se puede iniciar de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.28 puede solucionar este problema. El nombre del parche es d2ede580474665af56ff262a05783fbabe4529b8. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-248956."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bestwebsoft:portfolio:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.28",
"matchCriteriaId": "DB639F87-D69B-4E14-8550-9DA615DBC596"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.248956",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248956",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2015/CVE-2015-101xx/CVE-2015-10127.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2015-10127",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-26T17:15:07.923",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:06:16.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PlusCaptcha Plugin hasta 2.0.6 en WordPress y se clasific\u00f3 como problem\u00e1tica. Una funci\u00f3n desconocida es afectada por este problema. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede lanzarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.0.14 puede solucionar este problema. El parche se identifica como 1274afc635170daafd38306487b6bb8a01f78ecd. Se recomienda actualizar el componente afectado. VDB-248954 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bestwebsoft:pluscaptcha:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.6",
"matchCriteriaId": "025F3EF5-30CF-4A2F-A5C8-CD24C5E641C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.248954",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248954",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2022/CVE-2022-445xx/CVE-2022-44589.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-44589",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:08.613",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:11:40.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miniorange:google_authenticator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.6.2",
"matchCriteriaId": "3FC58226-F221-4A87-B311-2B8B5B644896"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/miniorange-2-factor-authentication/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-248xx/CVE-2023-24805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-17T18:15:09.177",
"lastModified": "2023-05-25T17:05:06.890",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-05T16:15:44.550",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -194,6 +194,10 @@
"Release Notes"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-06",
"source": "security-advisories@github.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5407",
"source": "security-advisories@github.com",

47
CVE-2023/CVE-2023-310xx/CVE-2023-31095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31095",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.260",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:11:09.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crmperks:database_for_contact_form_7\\,_wpforms\\,_elementor_forms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.9",
"matchCriteriaId": "69C036AE-9134-497D-87B7-B0A74E492280"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-hubspot/wordpress-integration-for-contact-form-7-hubspot-plugin-1-2-8-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-312xx/CVE-2023-31229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31229",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.490",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:10:37.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "20BCF3D8-BEDB-4089-92A4-F68AF50B1C22"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-1-9-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-312xx/CVE-2023-31237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31237",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.813",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:10:09.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zephyr_project_manager_project:zephyr_project_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.3.91",
"matchCriteriaId": "81983B69-1FF0-4D43-9792-D699DD8D59AA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-321xx/CVE-2023-32101.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32101",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.080",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:14:34.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pexlechris:library_viewer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.6.1",
"matchCriteriaId": "95AD58F4-1380-4B2D-89A0-FB648EF76491"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/library-viewer/wordpress-library-viewer-plugin-2-0-6-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-325xx/CVE-2023-32517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32517",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.390",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:14:06.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibericode:mailchimp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.0.9.4",
"matchCriteriaId": "1D56EDE3-6F2A-4DFF-BE61-2F07EE24853F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mailchimp-subscribe-sm/wordpress-mailchimp-subscribe-forms-plugin-4-0-9-1-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-348xx/CVE-2023-34829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34829",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T03:15:07.587",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:25:53.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El control de acceso incorrecto en TP-Link Tapo anterior a v3.1.315 permite a los atacantes acceder a las credenciales de usuario en texto plano."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tp-link:tapo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.315",
"matchCriteriaId": "72827595-F645-4D2C-BDFA-F211C1994100"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SecureScripts/TP-Link_Tapo_Hack",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-381xx/CVE-2023-38146.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38146",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:17.807",
"lastModified": "2023-09-14T20:16:10.510",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-05T16:15:45.233",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Windows Themes Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Ejecuci\u00f3n Remota de C\u00f3digo en Windows Themes"
}
],
"metrics": {
@ -71,6 +75,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html",
"source": "secure@microsoft.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146",
"source": "secure@microsoft.com",

163
CVE-2023/CVE-2023-44xx/CVE-2023-4462.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.100",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:16:26.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,153 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EF5E6E-D387-4EB1-A533-C005F76F49E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C09FB0-DC34-4F03-8560-B607FB8A5245"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A9DF12-51BF-4E6A-B753-7481C95F22AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D61E7-160F-4E4F-8C73-724DFF3F92C2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6307C9DD-572F-44E4-ADCD-205CC1553774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39862A32-5AF6-41F9-9C25-9D68EB3784DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC00989-4E87-48F1-9EC9-53F0AB4F445C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDD2376-BD9D-4B5E-B776-0F627D09E025"
}
]
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/",
"source": "nvd@nist.gov",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249255",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249255",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-490xx/CVE-2023-49002.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49002",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.750",
"lastModified": "2023-12-28T15:09:59.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:29:01.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Un problema en Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 permite a un atacante omitir las restricciones de acceso previstas mediante la interacci\u00f3n con com.funprime.calldialer.ui.activities.OutgoingActivity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xenomtechnologies:phone_dialer-voice_call_dialer:1.2.5:*:*:*:*:android:*:*",
"matchCriteriaId": "B1C15C0F-D850-4DB3-8C30-2DF00BA0BA88"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/com.sinous.voice.dialer/blob/main/CWE-928.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49002",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-498xx/CVE-2023-49830.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.783",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:26:56.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brainstormforce:astra:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "4.3.1",
"matchCriteriaId": "2D11E943-BB0A-4311-90F0-57CC69CECF7D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-504xx/CVE-2023-50470.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-50470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T15:15:07.617",
"lastModified": "2023-12-28T19:05:29.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:50:59.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en el componente admin_Video.php de SeaCMS v12.8 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seacms:seacms:12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6A89BDA4-2E1C-42FE-B389-225323139AD6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://seacms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://blog.csdn.net/weixin_72610998/article/details/134784075?spm=1001.2014.3001.5502",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.seacms.net/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50849",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T12:15:42.997",
"lastModified": "2023-12-28T15:09:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:24:04.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.20.23",
"matchCriteriaId": "DA92B9E3-A3CC-4FC1-88AD-B8EF63A1FAC6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50852",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T12:15:43.390",
"lastModified": "2023-12-28T15:09:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:26:02.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stylemixthemes:bookit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.4",
"matchCriteriaId": "D7B7BD67-7128-48D8-92AE-3DE035D0959B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bookit/wordpress-bookit-plugin-2-4-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50853.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50853",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T12:15:43.577",
"lastModified": "2023-12-28T15:09:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:22:23.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advancedformintegration:advanced_form_integration:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.75.0",
"matchCriteriaId": "413E5284-60E3-4C19-B37B-E5C420BBD9E8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-form-integration/wordpress-advanced-form-integration-plugin-1-75-0-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50855",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T12:15:43.953",
"lastModified": "2023-12-28T15:09:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:33:31.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samperrow:pre_party_resource_hints:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.18",
"matchCriteriaId": "851EF197-4EFE-4DA7-9EDA-4BEB18106723"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pre-party-browser-hints/wordpress-pre-party-resource-hints-plugin-1-8-18-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50858",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T11:15:10.120",
"lastModified": "2023-12-28T15:09:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:24:19.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:billminozzi:anit_hacker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.34",
"matchCriteriaId": "C9443507-F4F2-43FD-87EC-83914F8B413E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/antihacker/wordpress-anti-hacker-plugin-4-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50878",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:08.693",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:21:46.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.10.1",
"matchCriteriaId": "99DA4E19-3B77-4BD8-BA3E-80D7D7F2B629"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mstore-api/wordpress-mstore-api-plugin-4-10-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-509xx/CVE-2023-50902.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50902",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.230",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:21:34.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:new_user_approve:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.1",
"matchCriteriaId": "2555D720-9110-4440-A139-07FA512BC524"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/new-user-approve/wordpress-new-user-approve-plugin-2-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-510xx/CVE-2023-51006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51006",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.227",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:25:21.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en el m\u00e9todo openFile de Chinese Perpetual Calendar v9.0.0 permite a los atacantes leer cualquier archivo a trav\u00e9s de vectores no especificados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zhwnl:chinese_perpetual_calendar:9.0.0:*:*:*:*:android:*:*",
"matchCriteriaId": "2950BDFE-05B1-4455-9B2C-E3BA6ABFFD62"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/firmianay/security-issues/tree/main/app/cn.etouch.ecalendar",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-510xx/CVE-2023-51010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51010",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.280",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:25:27.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en el componente de exportaci\u00f3n AdSdkH5Activity de com.sdjictec.qdmetro v4.2.2 permite a los atacantes abrir una URL manipulada sin ning\u00fan filtrado o verificaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qd-metro:qingdao_metro:4.2.2:*:*:*:*:android:*:*",
"matchCriteriaId": "F6E17510-90A3-49E2-B38F-CCF2361C3884"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/firmianay/security-issues/tree/main/app/com.sdjictec.qdmetro",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-511xx/CVE-2023-51103.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-51103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T15:15:08.630",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:25:15.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de excepci\u00f3n de punto flotante (divisi\u00f3n por cero) en mupdf 1.23.4 en la funci\u00f3n fz_new_pixmap_from_float_data() de pixmap.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:mupdf:1.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84C208C6-A3D9-4A82-83B9-FCBECD89AD23"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-513xx/CVE-2023-51354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51354",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.450",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:21:13.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webba-booking:webba_booking:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.5.33",
"matchCriteriaId": "DEEA516B-1918-402E-95C0-8071BEE50873"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webba-booking-lite/wordpress-webba-booking-plugin-4-5-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-513xx/CVE-2023-51358.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51358",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.663",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:20:52.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brightplugins:block_ips_for_gravity_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.1",
"matchCriteriaId": "BF6B7DBD-E3D2-4DE3-A80F-F8FB542CAF32"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gf-block-ips/wordpress-block-ips-for-gravity-forms-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-513xx/CVE-2023-51378.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51378",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:09.930",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:20:35.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eaglevisionit:rise_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "A94FF39B-760D-4DFF-B999-4A18B9CC94B1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rise-blocks/wordpress-rise-blocks-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-514xx/CVE-2023-51414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51414",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:10.180",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:20:07.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:donweb:envialosimple\\:email_marketing_y_newsletters:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1",
"matchCriteriaId": "764C5F21-1D5F-4331-A80F-048974AA8FBF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-514xx/CVE-2023-51422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51422",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:10.393",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:18:43.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:saleswonder:webinarignition:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.05.0",
"matchCriteriaId": "E50EB82D-9183-4245-B271-E1C2EBDC4A1D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51430",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.847",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:04:45.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:android:*",
"versionEndExcluding": "6.1.0.212",
"matchCriteriaId": "3B063FEE-3FFF-426C-BF6F-63DC9017E594"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51430/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51431",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.010",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:04:24.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hihonor:phoneservice:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.0.0.243",
"matchCriteriaId": "DEEEF118-B16F-4550-AB7D-6FB34DD1E995"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51431/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51432",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.177",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:02:52.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.0.212",
"matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51432/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51433.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51433",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.343",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:09:17.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.0.212",
"matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51433/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51434",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.513",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:08:52.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.0.212",
"matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51434/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51435",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.677",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:08:27.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.0.212",
"matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51435/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-514xx/CVE-2023-51470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51470",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:10.607",
"lastModified": "2023-12-29T13:56:17.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:18:09.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:boiteasite:rencontre:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.11.1",
"matchCriteriaId": "4407A1F6-5BCA-4F61-B6A2-FADFCA859881"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-516xx/CVE-2023-51665.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51665",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T18:15:23.267",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:02:21.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.\n\n"
},
{
"lang": "es",
"value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. Antes de 2.7.0, Audiobookshelf era afectado por una vulnerabilidad de blind server-side request (SSRF) no autenticada en Auth.js. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 2.7.0. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.0",
"matchCriteriaId": "13B62B03-BF78-4428-B064-B6186947CE61"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-516xx/CVE-2023-51697.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51697",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T18:15:23.487",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:03:13.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.\n\n"
},
{
"lang": "es",
"value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. Antes de 2.7.0, Audiobookshelf era afectado por una vulnerabilidad de blind server-side request (SSRF) no autenticada en `podcastUtils.js`. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 2.7.0. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.0",
"matchCriteriaId": "13B62B03-BF78-4428-B064-B6186947CE61"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

178
CVE-2023/CVE-2023-517xx/CVE-2023-51764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T05:15:08.273",
"lastModified": "2024-01-04T18:15:08.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-05T16:19:53.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,47 +14,199 @@
"value": "Postfix hasta 3.8.4 permite el contrabando SMTP a menos que se configure con smtpd_data_restrictions=reject_unauth_pipelining (u otras opciones que existen en versiones recientes). Los atacantes remotos pueden utilizar una t\u00e9cnica de explotaci\u00f3n publicada para inyectar mensajes de correo electr\u00f3nico que parecen originarse en el servidor Postfix, lo que permite omitir un mecanismo de protecci\u00f3n SPF. Esto ocurre porque Postfix admite . pero algunos otros servidores de correo electr\u00f3nico populares no lo hacen. Para evitar variantes de ataque (al no permitir siempre sin ), se requiere una soluci\u00f3n diferente: la opci\u00f3n smtpd_forbid_bare_newline=yes con una versi\u00f3n m\u00ednima de Postfix de 3.5.23, 3.6.13, 3.7.9, 3.8.4, o 3.9."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.23",
"matchCriteriaId": "0598FFA3-9DB8-4D01-9049-3834B6B53000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.13",
"matchCriteriaId": "7AD4364D-F93C-499E-8ECA-5228354D20B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.9",
"matchCriteriaId": "7174307B-1249-47B5-BE66-9194AC26BA15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4",
"matchCriteriaId": "7A422C34-3E0E-4C3F-8EA9-4F442D88057D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/24/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/25/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-51764",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255563",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/duy-31/CVE-2023-51764",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/eeenvik1/CVE-2023-51764",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://www.postfix.org/smtp-smuggling.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=V8KPV96g1To",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

182
CVE-2023/CVE-2023-517xx/CVE-2023-51765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51765",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.527",
"lastModified": "2024-01-04T18:15:08.607",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-05T15:30:18.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,67 +14,213 @@
"value": "sendmail hasta al menos 8.14.7 permite el contrabando SMTP en ciertas configuraciones. Los atacantes remotos pueden utilizar una t\u00e9cnica de explotaci\u00f3n publicada para inyectar mensajes de correo electr\u00f3nico que parecen originarse en el servidor sendmail, lo que permite omitir un mecanismo de protecci\u00f3n SPF. Esto ocurre porque sendmail admite . pero algunos otros servidores de correo electr\u00f3nico populares no lo hacen."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.18.0.2",
"matchCriteriaId": "CEE597E4-93EE-4D07-8698-5F43E45BCB37"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.0",
"matchCriteriaId": "A57DF1BC-3B6C-419A-9355-BC20E1D95347"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/24/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/25/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/26/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/29/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/30/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/30/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-51765",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255869",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1218351",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/22/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=V8KPV96g1To",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

69
CVE-2023/CVE-2023-520xx/CVE-2023-52081.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52081",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-28T16:16:02.090",
"lastModified": "2023-12-28T19:05:29.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:59:47.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. The `lookupPreprocess()` can be easily bypassed with equivalent Unicode characters like U+FE4D (?), which would result in the omitted U+005F (_), for instance. The `lookupPreprocess()` function is only ever used to search for themes loosely (case insensitively, while ignoring dashes, underscores and dots), so the actual security impact is classified as low. This vulnerability is fixed in 0.2.0. There are no known workarounds."
},
{
"lang": "es",
"value": "ffcss es una interfaz CLI para aplicar y configurar temas CSS de Firefox. Antes de 0.2.0, la funci\u00f3n `lookupPreprocess()` estaba destinada a aplicar algunas transformaciones a una cadena deshabilitando caracteres en la expresi\u00f3n regular `[-_ .]`. Sin embargo, debido al uso de la normalizaci\u00f3n Unicode tard\u00eda del tipo NFKD, es posible omitir esa validaci\u00f3n y volver a introducir todos los caracteres en la expresi\u00f3n regular `[-_ .]`. El `lookupPreprocess()` se puede omitir f\u00e1cilmente con caracteres Unicode equivalentes como U+FE4D (?), lo que dar\u00eda como resultado U+005F (_) omitido, por ejemplo. La funci\u00f3n `lookupPreprocess()` s\u00f3lo se utiliza para buscar temas de forma flexible (sin distinguir entre may\u00fasculas y min\u00fasculas, ignorando guiones, guiones bajos y puntos), por lo que el impacto real en la seguridad se clasifica como bajo. Esta vulnerabilidad se solucion\u00f3 en 0.2.0. No se conocen workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +84,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ewen-lbh:firefox_css:*:*:*:*:*:go:*:*",
"versionEndExcluding": "0.2.0",
"matchCriteriaId": "BD1EE5E4-A11D-4E6C-83E6-BB649FB7643D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ewen-lbh/ffcss/commit/f9c491874b858a32fcae15045f169fd7d02f90dc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ewen-lbh/ffcss/security/advisories/GHSA-wpmx-564x-h2mh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-521xx/CVE-2023-52152.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-52152",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T23:15:44.197",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:00:51.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation."
},
{
"lang": "es",
"value": "mupnp/net/uri.c en mUPnP para C hasta 3.0.2 tiene una lectura fuera de los l\u00edmites y un bloqueo de la aplicaci\u00f3n porque carece de un cierto rec\u00e1lculo de la longitud del host."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cybergarage:mupnp_for_c:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.2",
"matchCriteriaId": "0A5EE1C0-3244-4748-96E7-82FCE547D2F5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cybergarage/mupnp/issues/21",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

80
CVE-2023/CVE-2023-61xx/CVE-2023-6114.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-6114",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:08.260",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:08:00.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site."
},
{
"lang": "es",
"value": "El complemento Duplicator WordPress anterior a 1.5.7.1 y Duplicator Pro WordPress anterior a 4.5.14.2 no impiden incluir el directorio `backups-dup-lite/tmp` (o el directorio `backups-dup-pro/tmp` en la versi\u00f3n Pro) , que almacena temporalmente archivos que contienen datos confidenciales. Cuando la lista de directorios est\u00e1 habilitada en el servidor web, esto permite a atacantes no autenticados descubrir y acceder a estos archivos confidenciales, que incluyen un volcado completo de la base de datos y un archivo zip del sitio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:-:wordpress:*:*",
"versionEndExcluding": "1.5.7.1",
"matchCriteriaId": "F0932AD4-2475-48D9-AAFC-EAEAF0B0DE44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "4.5.14.2",
"matchCriteriaId": "C2B01C2B-C53C-4862-AB0A-240C96B3DB72"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-68xx/CVE-2023-6879.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6879",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-27T23:15:07.530",
"lastModified": "2024-01-05T02:15:07.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-05T16:26:26.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -50,18 +80,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.1",
"matchCriteriaId": "C852A718-716E-4C5F-891D-1E290834F660"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch"
]
},
{
"url": "https://crbug.com/aomedia/3491",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List"
]
}
]
}

59
CVE-2023/CVE-2023-69xx/CVE-2023-6939.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6939",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.937",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:07:36.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hihonor:magic_ui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.0.212",
"matchCriteriaId": "7342B2B6-C9E8-465F-A77F-98912A1CF1AF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-6939/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-71xx/CVE-2023-7127.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7127",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T15:15:07.663",
"lastModified": "2023-12-28T19:05:29.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:41:50.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en code-projects Automated Voting System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Login. La manipulaci\u00f3n del argumento idno conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249130 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:automated_voting_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF05C607-002F-49FC-ABEE-CF1B3CD7762A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Automated_Voting_System/Automated_Voting_System-SQL_Injection-2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249130",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249130",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-71xx/CVE-2023-7128.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7128",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T15:15:07.887",
"lastModified": "2023-12-28T19:05:29.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:37:52.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Voting System 1.0. Este problema afecta un procesamiento desconocido del archivo /admin/ del componente Admin Login. La manipulaci\u00f3n del argumento username conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249131."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:voting_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C83C8E-8FB2-49CD-BC33-09F4CCCFF79E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Voting_System/Voting_System-SQL_Injection-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249131",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249131",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-71xx/CVE-2023-7150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7150",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T04:15:11.333",
"lastModified": "2023-12-29T17:16:07.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:07:13.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:chic_beauty_salon:20230703:*:*:*:*:*:*:*",
"matchCriteriaId": "B2B9E5B9-7D46-4251-8167-2439F0652B3E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability-",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/laoquanshi/Chic-Vulnerability-",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.249157",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249157",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

70
CVE-2023/CVE-2023-71xx/CVE-2023-7152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7152",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T05:15:09.473",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:13:43.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:micropython:micropython:1.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92240FCD-0BA9-46D0-9C9A-2CDD8FE2A769"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:micropython:micropython:1.22.0:preview:*:*:*:*:*:*",
"matchCriteriaId": "B60BCDF9-D1CF-45ED-9B95-9F06C5C2A95F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/micropython/micropython/issues/12887",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.249158",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249158",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

64
CVE-2023/CVE-2023-71xx/CVE-2023-7159.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7159",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T07:15:11.420",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T15:02:21.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:masterlab:masterlab:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.3.10",
"matchCriteriaId": "650AE4B5-39D2-4607-8455-957955DF48AB"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/FE79uijyqmG7",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://note.zhaoj.in/share/jNbywlXI46HV",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.249181",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249181",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-71xx/CVE-2023-7166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7166",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T09:15:09.973",
"lastModified": "2023-12-29T13:56:27.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-05T16:12:33.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.2.0",
"matchCriteriaId": "87014C48-21C3-4855-9141-8F5FD17B5C0D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/201206030/novel-plus/commit/c62da9bb3a9b3603014d0edb436146512631100d",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS/en-us.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249201",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249201",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-05T15:00:24.681055+00:00
2024-01-05T17:00:25.773492+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-05T14:53:54.850000+00:00
2024-01-05T16:50:59.727000+00:00
```
### Last Data Feed Release
@ -34,40 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `0`
* [CVE-2024-0246](CVE-2024/CVE-2024-02xx/CVE-2024-0246.json) (`2024-01-05T14:15:48.250`)
### CVEs modified in the last Commit
Recently modified CVEs: `35`
Recently modified CVEs: `52`
* [CVE-2023-7160](CVE-2023/CVE-2023-71xx/CVE-2023-7160.json) (`2024-01-05T14:03:10.677`)
* [CVE-2023-28198](CVE-2023/CVE-2023-281xx/CVE-2023-28198.json) (`2024-01-05T14:15:46.227`)
* [CVE-2023-28204](CVE-2023/CVE-2023-282xx/CVE-2023-28204.json) (`2024-01-05T14:15:46.340`)
* [CVE-2023-32370](CVE-2023/CVE-2023-323xx/CVE-2023-32370.json) (`2024-01-05T14:15:46.447`)
* [CVE-2023-32373](CVE-2023/CVE-2023-323xx/CVE-2023-32373.json) (`2024-01-05T14:15:46.537`)
* [CVE-2023-32393](CVE-2023/CVE-2023-323xx/CVE-2023-32393.json) (`2024-01-05T14:15:46.657`)
* [CVE-2023-32439](CVE-2023/CVE-2023-324xx/CVE-2023-32439.json) (`2024-01-05T14:15:46.780`)
* [CVE-2023-37450](CVE-2023/CVE-2023-374xx/CVE-2023-37450.json) (`2024-01-05T14:15:46.917`)
* [CVE-2023-38133](CVE-2023/CVE-2023-381xx/CVE-2023-38133.json) (`2024-01-05T14:15:47.027`)
* [CVE-2023-38572](CVE-2023/CVE-2023-385xx/CVE-2023-38572.json) (`2024-01-05T14:15:47.123`)
* [CVE-2023-38592](CVE-2023/CVE-2023-385xx/CVE-2023-38592.json) (`2024-01-05T14:15:47.227`)
* [CVE-2023-38594](CVE-2023/CVE-2023-385xx/CVE-2023-38594.json) (`2024-01-05T14:15:47.353`)
* [CVE-2023-38595](CVE-2023/CVE-2023-385xx/CVE-2023-38595.json) (`2024-01-05T14:15:47.447`)
* [CVE-2023-38597](CVE-2023/CVE-2023-385xx/CVE-2023-38597.json) (`2024-01-05T14:15:47.557`)
* [CVE-2023-38599](CVE-2023/CVE-2023-385xx/CVE-2023-38599.json) (`2024-01-05T14:15:47.670`)
* [CVE-2023-38600](CVE-2023/CVE-2023-386xx/CVE-2023-38600.json) (`2024-01-05T14:15:47.753`)
* [CVE-2023-38611](CVE-2023/CVE-2023-386xx/CVE-2023-38611.json) (`2024-01-05T14:15:47.830`)
* [CVE-2023-40397](CVE-2023/CVE-2023-403xx/CVE-2023-40397.json) (`2024-01-05T14:15:47.920`)
* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2024-01-05T14:15:48.030`)
* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2024-01-05T14:15:48.143`)
* [CVE-2023-50445](CVE-2023/CVE-2023-504xx/CVE-2023-50445.json) (`2024-01-05T14:37:38.527`)
* [CVE-2023-7158](CVE-2023/CVE-2023-71xx/CVE-2023-7158.json) (`2024-01-05T14:47:39.737`)
* [CVE-2023-23634](CVE-2023/CVE-2023-236xx/CVE-2023-23634.json) (`2024-01-05T14:48:51.033`)
* [CVE-2023-7157](CVE-2023/CVE-2023-71xx/CVE-2023-7157.json) (`2024-01-05T14:53:02.590`)
* [CVE-2023-7156](CVE-2023/CVE-2023-71xx/CVE-2023-7156.json) (`2024-01-05T14:53:54.850`)
* [CVE-2023-38146](CVE-2023/CVE-2023-381xx/CVE-2023-38146.json) (`2024-01-05T16:15:45.233`)
* [CVE-2023-51470](CVE-2023/CVE-2023-514xx/CVE-2023-51470.json) (`2024-01-05T16:18:09.547`)
* [CVE-2023-51422](CVE-2023/CVE-2023-514xx/CVE-2023-51422.json) (`2024-01-05T16:18:43.920`)
* [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2024-01-05T16:19:53.853`)
* [CVE-2023-51414](CVE-2023/CVE-2023-514xx/CVE-2023-51414.json) (`2024-01-05T16:20:07.743`)
* [CVE-2023-51378](CVE-2023/CVE-2023-513xx/CVE-2023-51378.json) (`2024-01-05T16:20:35.933`)
* [CVE-2023-51358](CVE-2023/CVE-2023-513xx/CVE-2023-51358.json) (`2024-01-05T16:20:52.507`)
* [CVE-2023-51354](CVE-2023/CVE-2023-513xx/CVE-2023-51354.json) (`2024-01-05T16:21:13.340`)
* [CVE-2023-50902](CVE-2023/CVE-2023-509xx/CVE-2023-50902.json) (`2024-01-05T16:21:34.563`)
* [CVE-2023-50878](CVE-2023/CVE-2023-508xx/CVE-2023-50878.json) (`2024-01-05T16:21:46.253`)
* [CVE-2023-50853](CVE-2023/CVE-2023-508xx/CVE-2023-50853.json) (`2024-01-05T16:22:23.297`)
* [CVE-2023-50849](CVE-2023/CVE-2023-508xx/CVE-2023-50849.json) (`2024-01-05T16:24:04.103`)
* [CVE-2023-50858](CVE-2023/CVE-2023-508xx/CVE-2023-50858.json) (`2024-01-05T16:24:19.057`)
* [CVE-2023-51103](CVE-2023/CVE-2023-511xx/CVE-2023-51103.json) (`2024-01-05T16:25:15.997`)
* [CVE-2023-51006](CVE-2023/CVE-2023-510xx/CVE-2023-51006.json) (`2024-01-05T16:25:21.183`)
* [CVE-2023-51010](CVE-2023/CVE-2023-510xx/CVE-2023-51010.json) (`2024-01-05T16:25:27.600`)
* [CVE-2023-34829](CVE-2023/CVE-2023-348xx/CVE-2023-34829.json) (`2024-01-05T16:25:53.217`)
* [CVE-2023-50852](CVE-2023/CVE-2023-508xx/CVE-2023-50852.json) (`2024-01-05T16:26:02.803`)
* [CVE-2023-6879](CVE-2023/CVE-2023-68xx/CVE-2023-6879.json) (`2024-01-05T16:26:26.830`)
* [CVE-2023-49830](CVE-2023/CVE-2023-498xx/CVE-2023-49830.json) (`2024-01-05T16:26:56.500`)
* [CVE-2023-49002](CVE-2023/CVE-2023-490xx/CVE-2023-49002.json) (`2024-01-05T16:29:01.827`)
* [CVE-2023-50855](CVE-2023/CVE-2023-508xx/CVE-2023-50855.json) (`2024-01-05T16:33:31.383`)
* [CVE-2023-7128](CVE-2023/CVE-2023-71xx/CVE-2023-7128.json) (`2024-01-05T16:37:52.603`)
* [CVE-2023-7127](CVE-2023/CVE-2023-71xx/CVE-2023-7127.json) (`2024-01-05T16:41:50.663`)
* [CVE-2023-50470](CVE-2023/CVE-2023-504xx/CVE-2023-50470.json) (`2024-01-05T16:50:59.727`)
## Download and Usage