From 66343e28c7bed1559ca03a75edb7b8e206ae11b6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 19 Dec 2023 17:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-19T17:00:24.690445+00:00 --- CVE-2019/CVE-2019-03xx/CVE-2019-0330.json | 6 +- CVE-2021/CVE-2021-229xx/CVE-2021-22962.json | 43 ++ CVE-2021/CVE-2021-37xx/CVE-2021-3784.json | 6 +- CVE-2023/CVE-2023-15xx/CVE-2023-1514.json | 55 ++ CVE-2023/CVE-2023-225xx/CVE-2023-22518.json | 8 +- CVE-2023/CVE-2023-257xx/CVE-2023-25715.json | 55 ++ CVE-2023/CVE-2023-28xx/CVE-2023-2809.json | 10 +- CVE-2023/CVE-2023-373xx/CVE-2023-37390.json | 55 ++ CVE-2023/CVE-2023-406xx/CVE-2023-40656.json | 67 +- CVE-2023/CVE-2023-406xx/CVE-2023-40657.json | 67 +- CVE-2023/CVE-2023-406xx/CVE-2023-40658.json | 67 +- CVE-2023/CVE-2023-406xx/CVE-2023-40659.json | 67 +- CVE-2023/CVE-2023-406xx/CVE-2023-40660.json | 10 +- CVE-2023/CVE-2023-406xx/CVE-2023-40661.json | 10 +- CVE-2023/CVE-2023-416xx/CVE-2023-41618.json | 68 +- CVE-2023/CVE-2023-417xx/CVE-2023-41727.json | 43 ++ CVE-2023/CVE-2023-418xx/CVE-2023-41890.json | 10 +- CVE-2023/CVE-2023-435xx/CVE-2023-43583.json | 91 ++- CVE-2023/CVE-2023-438xx/CVE-2023-43870.json | 55 ++ CVE-2023/CVE-2023-449xx/CVE-2023-44983.json | 55 ++ CVE-2023/CVE-2023-449xx/CVE-2023-44991.json | 55 ++ CVE-2023/CVE-2023-45xx/CVE-2023-4535.json | 8 +- CVE-2023/CVE-2023-45xx/CVE-2023-4590.json | 10 +- CVE-2023/CVE-2023-461xx/CVE-2023-46104.json | 6 +- CVE-2023/CVE-2023-462xx/CVE-2023-46216.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46217.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46220.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46221.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46222.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46223.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46224.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46225.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46257.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46258.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46259.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46260.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46261.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46262.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46263.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46264.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46265.json | 43 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46266.json | 43 ++ CVE-2023/CVE-2023-468xx/CVE-2023-46803.json | 43 ++ CVE-2023/CVE-2023-468xx/CVE-2023-46804.json | 43 ++ CVE-2023/CVE-2023-476xx/CVE-2023-47620.json | 63 +- CVE-2023/CVE-2023-476xx/CVE-2023-47623.json | 53 +- CVE-2023/CVE-2023-476xx/CVE-2023-47624.json | 57 +- CVE-2023/CVE-2023-482xx/CVE-2023-48225.json | 756 +++++++++++++++++++- CVE-2023/CVE-2023-486xx/CVE-2023-48664.json | 73 +- CVE-2023/CVE-2023-486xx/CVE-2023-48665.json | 73 +- CVE-2023/CVE-2023-492xx/CVE-2023-49296.json | 56 +- CVE-2023/CVE-2023-497xx/CVE-2023-49734.json | 6 +- CVE-2023/CVE-2023-497xx/CVE-2023-49736.json | 6 +- CVE-2023/CVE-2023-497xx/CVE-2023-49770.json | 51 +- CVE-2023/CVE-2023-498xx/CVE-2023-49878.json | 181 ++++- CVE-2023/CVE-2023-499xx/CVE-2023-49922.json | 70 +- CVE-2023/CVE-2023-499xx/CVE-2023-49923.json | 75 +- CVE-2023/CVE-2023-499xx/CVE-2023-49938.json | 82 ++- CVE-2023/CVE-2023-502xx/CVE-2023-50262.json | 62 +- CVE-2023/CVE-2023-502xx/CVE-2023-50272.json | 43 ++ CVE-2023/CVE-2023-507xx/CVE-2023-50709.json | 64 +- CVE-2023/CVE-2023-54xx/CVE-2023-5499.json | 10 +- CVE-2023/CVE-2023-62xx/CVE-2023-6280.json | 55 ++ CVE-2023/CVE-2023-63xx/CVE-2023-6364.json | 66 +- CVE-2023/CVE-2023-63xx/CVE-2023-6365.json | 66 +- CVE-2023/CVE-2023-65xx/CVE-2023-6534.json | 173 ++++- CVE-2023/CVE-2023-66xx/CVE-2023-6687.json | 70 +- CVE-2023/CVE-2023-67xx/CVE-2023-6711.json | 55 ++ CVE-2023/CVE-2023-69xx/CVE-2023-6913.json | 55 ++ README.md | 110 +-- 70 files changed, 4034 insertions(+), 184 deletions(-) create mode 100644 CVE-2021/CVE-2021-229xx/CVE-2021-22962.json create mode 100644 CVE-2023/CVE-2023-15xx/CVE-2023-1514.json create mode 100644 CVE-2023/CVE-2023-257xx/CVE-2023-25715.json create mode 100644 CVE-2023/CVE-2023-373xx/CVE-2023-37390.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41727.json create mode 100644 CVE-2023/CVE-2023-438xx/CVE-2023-43870.json create mode 100644 CVE-2023/CVE-2023-449xx/CVE-2023-44983.json create mode 100644 CVE-2023/CVE-2023-449xx/CVE-2023-44991.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46216.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46217.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46220.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46221.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46222.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46223.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46224.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46225.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46257.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46258.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46259.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46260.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46261.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46262.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46263.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46264.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46265.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46266.json create mode 100644 CVE-2023/CVE-2023-468xx/CVE-2023-46803.json create mode 100644 CVE-2023/CVE-2023-468xx/CVE-2023-46804.json create mode 100644 CVE-2023/CVE-2023-502xx/CVE-2023-50272.json create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6280.json create mode 100644 CVE-2023/CVE-2023-67xx/CVE-2023-6711.json create mode 100644 CVE-2023/CVE-2023-69xx/CVE-2023-6913.json diff --git a/CVE-2019/CVE-2019-03xx/CVE-2019-0330.json b/CVE-2019/CVE-2019-03xx/CVE-2019-0330.json index 246a3f9516b..47e8efc1d65 100644 --- a/CVE-2019/CVE-2019-03xx/CVE-2019-0330.json +++ b/CVE-2019/CVE-2019-03xx/CVE-2019-0330.json @@ -2,7 +2,7 @@ "id": "CVE-2019-0330", "sourceIdentifier": "cna@sap.com", "published": "2019-07-10T20:15:12.263", - "lastModified": "2020-04-17T18:21:19.640", + "lastModified": "2023-12-19T15:32:08.840", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sap:diagnostics_agents:7.20:*:*:*:*:*:*:*", - "matchCriteriaId": "4D02FD3A-5969-4D1C-A9FE-F7DD3E5B72D4" + "criteria": "cpe:2.3:a:sap:diagnostics_agent:7.20:*:*:*:*:*:*:*", + "matchCriteriaId": "ADDA865D-010B-44E9-9523-3817F7872F7A" } ] } diff --git a/CVE-2021/CVE-2021-229xx/CVE-2021-22962.json b/CVE-2021/CVE-2021-229xx/CVE-2021-22962.json new file mode 100644 index 00000000000..b17dc214ac1 --- /dev/null +++ b/CVE-2021/CVE-2021-229xx/CVE-2021-22962.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2021-22962", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:07.697", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json index 86ca925aa84..644550e834a 100644 --- a/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3784", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T16:15:09.940", - "lastModified": "2023-10-11T19:17:11.400", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-19T15:15:07.850", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-285" + "value": "CWE-287" } ] } diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1514.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1514.json new file mode 100644 index 00000000000..11f6db79516 --- /dev/null +++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1514.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1514", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-12-19T15:15:08.037", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted\u00a0and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000152&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json index 5b70235232f..fa27b1b2fdd 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22518", "sourceIdentifier": "security@atlassian.com", "published": "2023-10-31T15:15:08.573", - "lastModified": "2023-11-08T18:49:56.440", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-19T16:15:07.883", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-11-07", "cisaActionDue": "2023-11-28", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -165,6 +165,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html", + "source": "security@atlassian.com" + }, { "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907", "source": "security@atlassian.com", diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25715.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25715.json new file mode 100644 index 00000000000..dd50421e00f --- /dev/null +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25715.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25715", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-19T16:15:07.980", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in GamiPress GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-6-missing-authorization-leading-to-points-manipulation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json index 8777f88e04c..983801f831d 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2809.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2809", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T11:15:10.223", - "lastModified": "2023-10-05T17:06:16.657", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-19T15:15:08.230", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cve-coordination@incibe.es", "type": "Primary", "description": [ { @@ -70,12 +70,12 @@ ] }, { - "source": "cve-coordination@incibe.es", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-798" + "value": "CWE-312" } ] } diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37390.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37390.json new file mode 100644 index 00000000000..436ab51a7d0 --- /dev/null +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37390.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37390", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-19T16:15:08.193", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/themesflat-addons-for-elementor/wordpress-themesflat-addons-for-elementor-plugin-2-0-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40656.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40656.json index 1a8eb82a9a5..7462dd4c616 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40656.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40656.json @@ -2,16 +2,53 @@ "id": "CVE-2023-40656", "sourceIdentifier": "security@joomla.org", "published": "2023-12-14T09:15:41.780", - "lastModified": "2023-12-14T13:51:59.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:53:42.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A reflected XSS vulnerability was discovered in the Quickform component for Joomla." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el componente Quickform para Joomla." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@joomla.org", "type": "Secondary", @@ -23,10 +60,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plasma-web:quickform:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.0.0", + "versionEndIncluding": "3.3.01", + "matchCriteriaId": "F0DD3902-238D-4575-A333-1E3B3282B4CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://extensions.joomla.org/extension/quickform/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40657.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40657.json index 34a637a7f1b..b177d60bf1d 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40657.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40657.json @@ -2,16 +2,53 @@ "id": "CVE-2023-40657", "sourceIdentifier": "security@joomla.org", "published": "2023-12-14T09:15:41.850", - "lastModified": "2023-12-14T13:51:59.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:10:07.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el componente Joomdoc para Joomla." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@joomla.org", "type": "Secondary", @@ -23,10 +60,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artio:joomdoc:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.0.0", + "versionEndIncluding": "4.0.5", + "matchCriteriaId": "74DA8F2B-F1D4-4F89-A3FB-91DCDED49B4A" + } + ] + } + ] + } + ], "references": [ { "url": "https://extensions.joomla.org/extension/joomdoc/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40658.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40658.json index 99201723f8d..22c7dea195e 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40658.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40658.json @@ -2,16 +2,53 @@ "id": "CVE-2023-40658", "sourceIdentifier": "security@joomla.org", "published": "2023-12-14T09:15:41.920", - "lastModified": "2023-12-14T13:51:59.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:18:43.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el m\u00f3dulo Clicky Analytics Dashboard para Joomla." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@joomla.org", "type": "Secondary", @@ -23,10 +60,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deconf:clicky_analytics_dashboard:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.0.0", + "versionEndIncluding": "1.3.1", + "matchCriteriaId": "37465F1B-325C-4B35-A365-4833EA2D086A" + } + ] + } + ] + } + ], "references": [ { "url": "https://deconf.com/clicky-analytics-dashboard-joomla/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40659.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40659.json index d1de7524aaf..65d2790b551 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40659.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40659.json @@ -2,16 +2,53 @@ "id": "CVE-2023-40659", "sourceIdentifier": "security@joomla.org", "published": "2023-12-14T09:15:41.993", - "lastModified": "2023-12-14T13:51:59.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:19:14.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el m\u00f3dulo Easy Quick Contact para Joomla." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@joomla.org", "type": "Secondary", @@ -23,10 +60,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomboost:easy_quick_contact:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.0.0", + "versionEndIncluding": "1.3.0", + "matchCriteriaId": "52396303-D438-4257-BFE0-5167AB751B17" + } + ] + } + ] + } + ], "references": [ { "url": "https://extensions.joomla.org/extension/contacts-and-feedback/contact-forms/easy-quick-contact/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40660.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40660.json index e7efba4ac8f..924e1549e98 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40660.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40660.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40660", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-06T17:15:11.757", - "lastModified": "2023-12-13T18:15:43.387", + "lastModified": "2023-12-19T16:15:08.413", "vulnStatus": "Modified", "descriptions": [ { @@ -123,6 +123,14 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/13/2", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7876", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7879", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-40660", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40661.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40661.json index 661087f7d4f..6f5785d3174 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40661.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40661.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40661", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-06T17:15:11.830", - "lastModified": "2023-12-13T18:15:43.537", + "lastModified": "2023-12-19T16:15:08.527", "vulnStatus": "Modified", "descriptions": [ { @@ -123,6 +123,14 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/13/3", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7876", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7879", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-40661", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41618.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41618.json index 7d29e4d6af6..a127dace038 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41618.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41618.json @@ -2,19 +2,79 @@ "id": "CVE-2023-41618", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T00:15:43.490", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:11:02.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Emlog Pro v2.1.14 contiene una vulnerabilidad de cross-site scripting (XSS) reflejado a trav\u00e9s del componente /admin/article.php?active_savedraft." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*", + "matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41618", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41727.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41727.json new file mode 100644 index 00000000000..922a3d3dbe0 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41727.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41727", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:08.623", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41890.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41890.json index 43a00b4ebfa..2602ed1dbf8 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41890.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41890.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41890", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-19T15:15:52.863", - "lastModified": "2023-09-22T15:06:53.240", + "lastModified": "2023-12-19T15:16:11.310", "vulnStatus": "Analyzed", "descriptions": [ { @@ -83,16 +83,16 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.3", - "matchCriteriaId": "B7F5976D-E597-4453-BC51-94F0EC54452B" + "matchCriteriaId": "1368FC9F-A8F8-490B-BE77-B898DFF61C5F" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.9.2", - "matchCriteriaId": "D5B2D148-2306-49D9-AE0B-EAF6D4B70EE0" + "matchCriteriaId": "1E4A2BA7-F6D7-4E13-AA65-EAD3393106B4" } ] } diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43583.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43583.json index 1616bce5a0d..88a9d90f303 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43583.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43583.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43583", "sourceIdentifier": "security@zoom.us", "published": "2023-12-13T23:15:07.270", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:49:19.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access." + }, + { + "lang": "es", + "value": "Los problemas criptogr\u00e1ficos de la aplicaci\u00f3n Zoom Mobile para Android, la aplicaci\u00f3n Zoom Mobile para iOS y los SDK de Zoom para Android e iOS anteriores a la versi\u00f3n 5.16.0 pueden permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E725B855-C1FD-40B0-B5DD-164CB83D0F53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "D09B037A-A36E-480E-A180-A2FDBB0CE130" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "76ECB323-FA2E-4C2C-9949-40A068BB46C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "8BB16085-BEA2-4FCF-AA22-F6DD44A2E8DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43870.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43870.json new file mode 100644 index 00000000000..a4ce3cfda17 --- /dev/null +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43870.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-43870", + "sourceIdentifier": "cert@ncsc.nl", + "published": "2023-12-19T15:15:08.357", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.paxton-access.com/systems/net2/", + "source": "cert@ncsc.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44983.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44983.json new file mode 100644 index 00000000000..f1482524df6 --- /dev/null +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44983.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44983", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-19T16:15:08.787", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44991.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44991.json new file mode 100644 index 00000000000..a99a6931874 --- /dev/null +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44991.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44991", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-19T16:15:08.973", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4535.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4535.json index 7caf567b575..3b6b36c492f 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4535.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4535.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4535", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-06T17:15:12.083", - "lastModified": "2023-11-14T17:11:24.943", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-19T16:15:12.243", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -115,6 +115,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7879", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4535", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4590.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4590.json index 4aa8398d894..2e0a8b7b9c1 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4590.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4590.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4590", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-27T13:15:07.130", - "lastModified": "2023-12-01T18:53:07.967", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-19T15:15:08.793", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cve-coordination@incibe.es", "type": "Primary", "description": [ { @@ -70,12 +70,12 @@ ] }, { - "source": "cve-coordination@incibe.es", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-119" + "value": "CWE-120" } ] } diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46104.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46104.json index 821cf37846e..9ea09011356 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46104.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46104.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46104", "sourceIdentifier": "security@apache.org", "published": "2023-12-19T10:15:07.517", - "lastModified": "2023-12-19T13:42:12.823", + "lastModified": "2023-12-19T15:15:08.547", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/1", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46216.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46216.json new file mode 100644 index 00000000000..39bcd369aad --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46216.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46216", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:09.170", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46217.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46217.json new file mode 100644 index 00000000000..cf458a839f2 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46217.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46217", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:09.337", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46220.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46220.json new file mode 100644 index 00000000000..058c2dcdf01 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46220.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46220", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:09.497", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46221.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46221.json new file mode 100644 index 00000000000..e9022dabfed --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46221.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46221", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:09.650", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46222.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46222.json new file mode 100644 index 00000000000..1ab2a525136 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46222.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46222", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:09.797", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46223.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46223.json new file mode 100644 index 00000000000..04dde844ffe --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46223.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46223", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:09.957", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46224.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46224.json new file mode 100644 index 00000000000..a5c7621868d --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46224.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46224", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:10.113", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46225.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46225.json new file mode 100644 index 00000000000..138fbc87cc4 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46225.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46225", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:10.260", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46257.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46257.json new file mode 100644 index 00000000000..e12fdbe96cd --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46257.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46257", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:10.413", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46258.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46258.json new file mode 100644 index 00000000000..46165b1cfc7 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46258.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46258", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:10.570", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46259.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46259.json new file mode 100644 index 00000000000..3d4f6b340e3 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46259.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46259", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:10.720", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46260.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46260.json new file mode 100644 index 00000000000..25ea5277669 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46260.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46260", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:10.887", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46261.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46261.json new file mode 100644 index 00000000000..dfa618fc256 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46261.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46261", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:11.043", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46262.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46262.json new file mode 100644 index 00000000000..0bc911f77bb --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46262.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46262", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:11.190", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46263.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46263.json new file mode 100644 index 00000000000..a76e23a1dc3 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46263.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46263", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:11.343", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46264.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46264.json new file mode 100644 index 00000000000..76924b9d870 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46264.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46264", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:11.493", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46265.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46265.json new file mode 100644 index 00000000000..de4acd2d41a --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46265.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46265", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:11.640", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF)." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46266.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46266.json new file mode 100644 index 00000000000..c55800b692c --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46266.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46266", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:11.787", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46803.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46803.json new file mode 100644 index 00000000000..818162691a9 --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46803.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46803", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:11.930", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46804.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46804.json new file mode 100644 index 00000000000..c439777d908 --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46804.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-46804", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-19T16:15:12.077", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json index 9c4351101c1..df4cc127a06 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47620", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T22:15:43.197", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:27:49.173", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:koush:scrypted:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.55.0", + "matchCriteriaId": "2BA9D00E-03C6-42F6-8D59-93062B442786" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json index 8b5ebc4dde4..733250ba3ff 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47623", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T22:15:43.417", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:27:59.743", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:koush:scrypted:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.55.0", + "matchCriteriaId": "2BA9D00E-03C6-42F6-8D59-93062B442786" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47624.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47624.json index eda7596cf8a..0fab0a01b41 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47624.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47624.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47624", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T21:15:07.630", - "lastModified": "2023-12-13T21:25:53.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:33:35.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available." + }, + { + "lang": "es", + "value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. En las versiones 2.4.3 y anteriores, cualquier usuario (independientemente de sus permisos) puede leer archivos del sistema de archivos local debido a un path traversal en el endpoint `/hls`. Este problema puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Al momento de la publicaci\u00f3n, no hay parches disponibles." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.4.3", + "matchCriteriaId": "19C6C925-7C95-4BEA-8457-E1C2A4BA6526" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48225.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48225.json index cdb1f0c76ba..e1fe3c79128 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48225.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48225.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48225", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-12T21:15:08.237", - "lastModified": "2023-12-13T01:50:36.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:30:05.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist." + }, + { + "lang": "es", + "value": "Laf es una plataforma de desarrollo en la nube. Antes de la versi\u00f3n 1.0.0-beta.13, el control del entorno de la aplicaci\u00f3n LAF no era lo suficientemente estricto y, en ciertos escenarios del entorno de privatizaci\u00f3n, puede provocar una filtraci\u00f3n de informaci\u00f3n confidencial en secreto y en el mapa de configuraci\u00f3n. En la sintaxis de ES6, si un objeto hace referencia directamente a otro objeto, el nombre del propio objeto se utilizar\u00e1 como clave y toda la estructura del objeto se integrar\u00e1 intacta. Al construir la instancia de implementaci\u00f3n de la aplicaci\u00f3n, se encontr\u00f3 env en la base de datos y se insert\u00f3 directamente en la plantilla, lo que result\u00f3 en controlabilidad aqu\u00ed. La informaci\u00f3n confidencial en el mapa secreto y de configuraci\u00f3n se puede leer a trav\u00e9s del campo envFrom de k8s. En un entorno de privatizaci\u00f3n, cuando `namespaceConf. fijo` est\u00e1 marcado, puede provocar la fuga de informaci\u00f3n confidencial en el sistema. Al momento de la publicaci\u00f3n, no est\u00e1 claro si existen parches o workarounds." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,740 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "9AC5D2AE-45C3-4A97-AB5C-79430E245993" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "383C7C56-2620-432F-BC6B-5770A16C0DBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D6890672-2C19-4FFD-A4E5-91A9D2F5EBFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "86D1F7BF-ACE2-4454-B205-A72F9F499865" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "B2542658-E744-4583-BEBF-B68389889EF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.4:*:*:*:*:*:*:*", + "matchCriteriaId": "77888A79-314C-4D77-AA0A-E48C28CD21F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.5:*:*:*:*:*:*:*", + "matchCriteriaId": "086FBA72-49FB-4B42-907A-72C0A11FFAFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "2DAD050A-570B-4B4F-99F1-CF6C60CF3DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D97FBB36-7233-491D-936B-CCA87223B11F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "4C95FE9A-AC1C-4F8C-85D6-4260B36ED91C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "EFF185E0-FC92-46CA-BDE7-1A1D5D68FE3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "30434067-B21E-42C9-8BAD-0D0E32113C63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.11:*:*:*:*:*:*:*", + "matchCriteriaId": "7E3D5C67-9E5C-443F-8A5D-7B8967000425" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "A78310C1-FDEA-487D-82EA-5A8976E68320" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "ADD29745-0EAF-4B8F-86B2-1F5972452770" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "4450518B-FF3E-4DD4-9143-14D1658BC165" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "0E0051E3-8376-4751-B168-573A52FCE3AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.16:*:*:*:*:*:*:*", + "matchCriteriaId": "B3A75E1B-2E71-4326-92B6-EE62819B38A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.17:*:*:*:*:*:*:*", + "matchCriteriaId": "85A1BD03-3350-44BB-BCD4-64385F16FE21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.18:*:*:*:*:*:*:*", + "matchCriteriaId": "AF13954A-D95E-41D5-919E-EFDF88C0F4C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.19:*:*:*:*:*:*:*", + "matchCriteriaId": "52410271-BCAF-4D7E-8440-058489A1E09D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.20:*:*:*:*:*:*:*", + "matchCriteriaId": "79D196DC-3EE9-4D83-AAFC-753985C61930" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.21:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "5A33F89F-0B9C-421D-BBD1-A1CD4F50B745" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2B12D130-69C1-4133-9379-715F0AFD56DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "AC4F2C4E-0E2E-4304-93E8-5CC21BC48404" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "D1EB8667-8C0F-4B89-AAB8-AFC4E11BFF5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "30A2F027-A4DB-40FE-95D4-B0D25F192492" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "D48E2B3F-BB57-4FFD-89E9-3EB9677B6C50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "1C9B5CB3-37B8-4F29-8159-103811F61ED8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.1:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "8EA45AE9-5C0E-4FC8-BEB2-17A0DC934BB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6ACC132E-79A3-441E-8A46-B2022329A6F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.2:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "B937B516-7D9D-4732-9FD1-2FAA68D52740" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C922573F-BA99-4356-A7A9-F3891E7A0A57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.4:*:*:*:*:*:*:*", + "matchCriteriaId": "C1D94853-0FBE-4CE5-9F44-A647724F6CA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.4:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "D289795B-548C-47A1-AC1B-1E1CA2E42A22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.5:*:*:*:*:*:*:*", + "matchCriteriaId": "C6CCF2B5-972A-43A5-9707-50D7E328516D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.5:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "C60431E8-D778-4AEA-9B12-0F3E39054D4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5E1732C7-5668-49F7-A7E6-C480FEAED816" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.7:*:*:*:*:*:*:*", + "matchCriteriaId": "A2E23AF7-DB5E-4A7C-9CA5-EEBA2CEAD6EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.7:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "5E044B08-C93D-41E3-AFE4-9BD402A49460" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.8:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "E05E2E80-3D2C-4BE6-A386-AAFCCBD29A9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AEBD9D88-2E0B-47FF-9A66-8C72C96D016C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "7A633309-101F-4258-BE95-A2574EDDEFBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "9B1241A2-80E5-44EE-A3ED-C02122242C6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha10:*:*:*:*:*:*", + "matchCriteriaId": "95F069C8-0C80-4235-AEEF-960E3330EB07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "52FEE0DA-92F1-4606-A58D-BED0D36B8AA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "BB41F9FC-F8D8-4638-BE14-EEC43F41A1ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha4:*:*:*:*:*:*", + "matchCriteriaId": "935AAAC9-A40C-4243-8F9E-7AF56CB6F2BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha5:*:*:*:*:*:*", + "matchCriteriaId": "B836FBB8-75FC-4316-90DD-68A7A408EEE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "4F11CE31-7424-4D77-AFC4-1DA391F5C0C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha7:*:*:*:*:*:*", + "matchCriteriaId": "FE3789CC-41B0-4D83-9803-0F5705160673" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha8:*:*:*:*:*:*", + "matchCriteriaId": "F3E72000-0739-4014-8641-22CEF982E4CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha9:*:*:*:*:*:*", + "matchCriteriaId": "5C9B50C2-BAC7-462E-8EA9-913CF8A5F430" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0E676779-C2BE-44D0-8D06-0CEDAA99A9DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6197A337-D1E9-4838-97ED-C9ADBA8A12F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "FF1FCB88-335F-472F-8BA0-C8F55F7F70C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "66F1F1A6-AF57-424C-B976-8A0D5A487568" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "F7E85F11-49B5-495D-BF0E-F7E4546A98BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5EA83054-2A3C-4E6F-8A04-78E49F45CDF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.7:*:*:*:*:*:*:*", + "matchCriteriaId": "973DC598-5F25-42B8-83A5-C67287F87A9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.8:*:*:*:*:*:*:*", + "matchCriteriaId": "A3EBF4FD-A026-4EDF-A561-262F1FF861AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.9:*:*:*:*:*:*:*", + "matchCriteriaId": "423247D0-A799-4556-99AC-2227EB9C826F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.10:*:*:*:*:*:*:*", + "matchCriteriaId": "CF41DCC0-3031-45D5-A38D-D3C1327BA52B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.11:*:*:*:*:*:*:*", + "matchCriteriaId": "90D5B30F-3F4A-4636-8A36-8026137A46B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.12:*:*:*:*:*:*:*", + "matchCriteriaId": "1D689BE6-579A-44F5-B956-890E7BAD70DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.13:*:*:*:*:*:*:*", + "matchCriteriaId": "73A02E2F-059C-4E8E-99B1-F76676186D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.14:*:*:*:*:*:*:*", + "matchCriteriaId": "29E15048-627D-4CF5-91FB-64FA5036BA25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.15:*:*:*:*:*:*:*", + "matchCriteriaId": "CB936119-382C-4358-A682-AB75A34C2DF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6CD04A17-0762-4B90-9B39-DAFE847D0A92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.17:*:*:*:*:*:*:*", + "matchCriteriaId": "E60DB9B7-AEB4-4FB0-921B-AF9B9260BD8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.18:*:*:*:*:*:*:*", + "matchCriteriaId": "5E74F2BB-CFE2-4BE6-9E53-621A8D3BA78F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.19:*:*:*:*:*:*:*", + "matchCriteriaId": "0C16B372-BA60-4F4D-9B2A-17D96DCCE2F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.20:*:*:*:*:*:*:*", + "matchCriteriaId": "8257EAB6-C10C-4C27-868B-4B7DE5B80734" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.21:*:*:*:*:*:*:*", + "matchCriteriaId": "2B2438AD-AB62-45F6-8D6F-DBBA6A64FA86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.22:*:*:*:*:*:*:*", + "matchCriteriaId": "C54FCE8A-86DE-4770-AA06-4E27DBAD84F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.23:*:*:*:*:*:*:*", + "matchCriteriaId": "2C8664FA-15B2-4516-A4A0-2F922F961815" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9880FDA7-F0EE-4947-BD2A-17DE0A250BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B19DEF92-5910-4942-8D35-B87D35163A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "E3E309DC-DDFB-4349-9F83-684302A79E72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "78624851-5C61-4EE4-B401-46EF49369BA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.4:*:*:*:*:*:*:*", + "matchCriteriaId": "9BF79CEC-D34A-4BD5-BEA3-32674A4BC0B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.5:*:*:*:*:*:*:*", + "matchCriteriaId": "8EAADB98-9EDF-40E1-BF6E-15BE5236C1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.6:*:*:*:*:*:*:*", + "matchCriteriaId": "B1ADB832-1E9F-4B48-AAFA-CBE5CAA3C46B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "EDEBCBDC-D9CD-4147-9716-B744339BD1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.8:*:*:*:*:*:*:*", + "matchCriteriaId": "A694A3E7-4AE0-468F-9B20-D8595123191D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.9:*:*:*:*:*:*:*", + "matchCriteriaId": "4C49567C-907D-48DD-8290-3CC928401AEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.10:*:*:*:*:*:*:*", + "matchCriteriaId": "FB74C264-BD90-4B51-BB9E-7C5BBADEEBD7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.11:*:*:*:*:*:*:*", + "matchCriteriaId": "FEBECAD0-C9EC-4DE5-927C-A0DB702F2FBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "71CB965C-2F16-4298-8E07-2DE2D1D3528F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "08DFED82-998B-4946-94FD-9616FC185B9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "151CAEAB-6D0C-452D-858A-7092AE8EDA39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha10:*:*:*:*:*:*", + "matchCriteriaId": "EB93BC7C-1DC4-4B18-AE91-498DF34C26E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha11:*:*:*:*:*:*", + "matchCriteriaId": "B9F0CB28-B01B-4951-81F4-7D0431090AEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "8614B3F7-460E-46BC-AFB6-6FE0EF511A80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "701BAF33-1FD2-4185-9676-D6C1D96AB83A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha4:*:*:*:*:*:*", + "matchCriteriaId": "E5A25B77-A0B5-4547-B07F-F30F980B5E0F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha5:*:*:*:*:*:*", + "matchCriteriaId": "22DD423C-73C8-42EC-9737-6513BA28C4D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "70012861-A1E1-4F88-B299-B7C023768BE5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha7:*:*:*:*:*:*", + "matchCriteriaId": "8BB0537B-A5C5-4EDB-B3E6-D354D1A05904" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha8:*:*:*:*:*:*", + "matchCriteriaId": "BC4EEEA5-81B0-4F95-B423-91A6BA5A5337" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha9:*:*:*:*:*:*", + "matchCriteriaId": "8682C08D-D63F-4061-BFB4-5CE2A4C3D7C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9B662C74-56F3-4A07-9FEF-C0AA7343FDB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "D38DC671-5460-4B83-8827-2B34527D13E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.3:*:*:*:*:*:*:*", + "matchCriteriaId": "BC147EDB-59DB-4350-850E-B7E9ABF28E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "23B3B7E4-1B2D-4592-9F88-D2A8FC725051" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.5:*:*:*:*:*:*:*", + "matchCriteriaId": "DCCF699B-2394-4ECE-9BBF-A740FF942976" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.5:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "F12AFDE1-CCFD-49D6-A821-8053F79BCD7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "A3D57ACD-51E3-4140-8C1A-C183CB8DB5EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:*:*:*:*:*:*:*", + "matchCriteriaId": "C8BFA988-05C2-4A3D-B507-648739A27A3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "75A482E7-2512-4844-8C7C-5696DDD65720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "9ED8003F-B0DD-43C1-B0D2-63CD1A43EC0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "9208895A-0F02-49E4-8B01-D0962D285DAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "8BA93B6B-4E7F-4B44-B78C-DC35573377E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "D21EF321-5D3C-4143-ACAA-A8C334F30430" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.9:*:*:*:*:*:*:*", + "matchCriteriaId": "82EF5E61-99AC-4274-B5B7-77F9A349B79F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.10:*:*:*:*:*:*:*", + "matchCriteriaId": "1490C4A2-E9EB-45AB-9838-3188BD643458" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.11:*:*:*:*:*:*:*", + "matchCriteriaId": "F60862FB-0D1A-4924-AE87-23CCBC8F5859" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.12:*:*:*:*:*:*:*", + "matchCriteriaId": "27444410-B533-446C-8CF8-E3CABE154BA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.13:*:*:*:*:*:*:*", + "matchCriteriaId": "3519A657-2DEB-41BE-9643-D69242509C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "B1764706-9BB1-4D71-B30B-FAE1D316EDA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "9634E59F-6E59-4E40-8D15-C07E266D10AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "D8C6EE4C-C95B-4F31-AC7D-1C4D01CBA05C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "2B7D144B-6E01-45DC-A56E-D764E7ECC42E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha4:*:*:*:*:*:*", + "matchCriteriaId": "078745FE-C0D3-493C-8A86-2CA0858E0725" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha5:*:*:*:*:*:*", + "matchCriteriaId": "0A811BDA-BBF6-4AF0-9CEE-DAD5A82DB037" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "00EB0B8E-3C5B-48EE-A2F9-4955BCD26E82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta0:*:*:*:*:*:*", + "matchCriteriaId": "1AAFA313-8207-4B25-AEC9-1248047F0E92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "2332C03F-DDA8-4BB1-BAF2-9EF4BDBFAD2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta10:*:*:*:*:*:*", + "matchCriteriaId": "1493BEDA-DEE8-43DB-A158-1CBBDC6A22BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta11:*:*:*:*:*:*", + "matchCriteriaId": "63DFCB3B-210D-4D79-A3CD-651864203AF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta12:*:*:*:*:*:*", + "matchCriteriaId": "017F976F-48D2-4CBB-BDEB-9C2C4855D0E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta13:*:*:*:*:*:*", + "matchCriteriaId": "A529B7EA-CF43-4D68-9415-F1A6C5E0B485" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "F6804F77-96BB-4A9F-AEED-F7FCFA4E9CF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "514EEA63-19EF-4B30-8CC9-EBB9C6D6A9CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "06B75B74-DE29-4BC1-B306-D249B9777997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "AF190F7D-606D-4514-A97E-3959C426D96D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "261D68C2-2D75-42EB-BD53-794C86494AC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "1A1CB913-8A5A-42AE-B0D8-A1D428872103" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta8:*:*:*:*:*:*", + "matchCriteriaId": "B6C443B8-2883-473A-B66F-C90F212E7AE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta9:*:*:*:*:*:*", + "matchCriteriaId": "52D11C49-3F12-4569-951A-8FA151C79259" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json index c4c31c04ee2..c8080fbf5a9 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48664", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.640", - "lastModified": "2023-12-14T17:17:54.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:41:04.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n" + }, + { + "lang": "es", + "value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de inyecci\u00f3n de comandos. Un usuario malicioso remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad y llevar a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.5", + "matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.7", + "matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*", + "matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json index 40831b4a7dd..edf845cd466 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48665", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.847", - "lastModified": "2023-12-14T17:17:54.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:45:27.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n" + }, + { + "lang": "es", + "value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de inyecci\u00f3n de comandos. Un usuario malicioso remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad y llevar a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.5", + "matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.7", + "matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*", + "matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49296.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49296.json index 0a37328d3c3..000cbedbb1b 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49296.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49296.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49296", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T20:15:49.587", - "lastModified": "2023-12-13T21:25:53.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:43:13.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.\n" + }, + { + "lang": "es", + "value": "Arduino Create Agent permite a los usuarios utilizar las aplicaciones Arduino Create para cargar c\u00f3digo a cualquier placa Arduino conectada por USB directamente desde el navegador. Una vulnerabilidad en versiones anteriores a la 1.3.6 afecta el endpoint `/certificate.crt` y la forma en que la interfaz web de ArduinoCreateAgent maneja los mensajes de error personalizados. Un atacante que sea capaz de persuadir a una v\u00edctima para que haga clic en un enlace malicioso puede realizar un ataque de Cross-Site Scripting Reflejadas en la interfaz web del agente de creaci\u00f3n, lo que permitir\u00eda al atacante ejecutar c\u00f3digo arbitrario del lado del cliente del navegador. La versi\u00f3n 1.3.6 contiene una soluci\u00f3n para el problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arduino:create_agent:*:*:*:*:*:go:*:*", + "versionEndExcluding": "1.3.6", + "matchCriteriaId": "1CBC26B9-A0DB-4ACB-B742-FC7B93D56A7C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/arduino/arduino-create-agent/commit/9a0e582bb8a1ff8e70d202943ddef8625ccefcc8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-j5hc-wx84-844h", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49734.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49734.json index 73bc1441cb2..ae47a820461 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49734.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49734.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49734", "sourceIdentifier": "security@apache.org", "published": "2023-12-19T10:15:08.007", - "lastModified": "2023-12-19T13:42:12.823", + "lastModified": "2023-12-19T15:15:08.633", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/3", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49736.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49736.json index 6fd7bb92889..5fe68379faf 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49736.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49736.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49736", "sourceIdentifier": "security@apache.org", "published": "2023-12-19T10:15:08.323", - "lastModified": "2023-12-19T13:42:12.823", + "lastModified": "2023-12-19T15:15:08.717", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/2", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json index db710a583a9..ba92fe81e05 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49770", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:51.660", - "lastModified": "2023-12-14T17:17:54.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:53:26.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Peter Raschendorfer Smart External Link Click Monitor [Link Log] permite almacenar XSS. Este problema afecta Smart External Link Click Monitor [Link Log]: de n/a hasta 5.0.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:petersplugins:smart_external_link_click_monitor_\\[link_log\\]:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.0.2", + "matchCriteriaId": "51CF357F-C232-4FAE-A5EC-B019E6C548F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/link-log/wordpress-smart-external-link-click-monitor-link-log-plugin-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49878.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49878.json index 8ce6e59424c..ddcafca1c1a 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49878.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49878.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49878", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-13T21:15:08.243", - "lastModified": "2023-12-13T21:25:53.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:31:33.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652." + }, + { + "lang": "es", + "value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 272652." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,163 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.52.103.23", + "matchCriteriaId": "E6AE6909-E2BD-4E40-ACCF-42539FC45520" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F1F27A40-DCF1-49D5-8550-C9135A7775C2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.53.1.21", + "matchCriteriaId": "7D6C62B2-B179-40AE-8D3E-0C1C44B129C7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "75A467BF-72F2-428C-AD92-DAD31C5D1E6B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.52.103.23", + "matchCriteriaId": "6CA58C54-0E7F-40F6-9204-8961A58BCECA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F009408-2553-4A3D-808A-E390295A66E0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.53.1.21", + "matchCriteriaId": "E04A6F2B-1762-48FD-A794-9E01D1D9E3C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "29DAE222-4508-4BCA-B17D-2CEBF1A34B4A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3948-ved_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.53.1.21", + "matchCriteriaId": "0DA59D69-2B5C-4728-AF12-6C7D59A9CD38" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3948-ved:r5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "FCDA91D5-7A2D-4047-B3FB-21EF8274C2AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272652", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7092383", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49922.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49922.json index b4614b228b7..30ad6bd9e28 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49922.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49922.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49922", "sourceIdentifier": "bressers@elastic.co", "published": "2023-12-12T19:15:08.307", - "lastModified": "2023-12-12T20:20:16.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:11:00.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default." + }, + { + "lang": "es", + "value": "Elastic descubri\u00f3 un problema por el cual Beats y Elastic Agent registraban un evento sin procesar en sus propios registros en el nivel WARN o ERROR si fallaba la ingesta de ese evento en Elasticsearch con cualquier c\u00f3digo de estado HTTP 4xx excepto 409 o 429. Dependiendo de la naturaleza del en caso de que Beats o Elastic Agent intentaran ingerir, esto podr\u00eda dar lugar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros de Beats o Elastic Agent. Elastic lanz\u00f3 8.11.3 y 7.17.16 que evitan este problema al limitar estos tipos de registros al registro de nivel DEBUG, que est\u00e1 deshabilitado de forma predeterminada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -46,10 +80,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elastic_beats:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.17.16", + "matchCriteriaId": "45E5E452-50F8-4765-BF65-400C6EA1F358" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elastic_beats:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.11.3", + "matchCriteriaId": "FD7E1624-732C-4BEB-B644-051F0A670F18" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49923.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49923.json index f6a6f752a35..e844f78c2a7 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49923.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49923.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49923", "sourceIdentifier": "bressers@elastic.co", "published": "2023-12-12T18:15:23.153", - "lastModified": "2023-12-12T18:58:37.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:07:43.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": " An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default." + }, + { + "lang": "es", + "value": "Elastic descubri\u00f3 un problema por el cual la API de documentos de App Search registraba el contenido sin procesar de los documentos indexados en el nivel de registro INFO. Dependiendo del contenido de dichos documentos, esto podr\u00eda dar lugar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros de b\u00fasqueda de aplicaciones. Elastic lanz\u00f3 8.11.2 y 7.17.16 que resuelve este problema cambiando el nivel de registro en el que se registran a DEBUG, que est\u00e1 deshabilitado de forma predeterminada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -46,14 +80,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.17.16", + "matchCriteriaId": "6295DE6D-CF97-4791-BCDC-4AD55693F1D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.11.2", + "matchCriteriaId": "A91699D3-7FC1-4AD8-ADE3-E4372FF750F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://www.elastic.co/community/security", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json index 345f668daa5..1446596ec25 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json @@ -2,23 +2,95 @@ "id": "CVE-2023-49938", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T05:15:11.890", - "lastModified": "2023-12-14T13:52:06.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:08:07.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en SchedMD Slurm 22.05.x y 23.02.x. Hay un control de acceso incorrecto: un atacante puede modificar su lista de grupos extendidos que se usa con el subsistema sbcast y abrir archivos con un conjunto no autorizado de grupos extendidos. Las versiones fijas son 22.05.11 y 23.02.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.05.0", + "versionEndExcluding": "22.05.11", + "matchCriteriaId": "E77BB569-B1F1-4636-B94D-0EF5E1D1CB34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.02.0", + "versionEndExcluding": "23.02.7", + "matchCriteriaId": "C81650BA-F3A5-4D8D-8F0E-336962EAC2E2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://www.schedmd.com/security-archive.php", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50262.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50262.json index 829f1c61b0c..92c77c2fbd9 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50262.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50262.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50262", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T21:15:09.117", - "lastModified": "2023-12-13T21:25:53.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:28:42.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself.\n\nphp-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images.\n\nWhen Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request.\n\nVersion 2.0.4 contains a fix for this issue." + }, + { + "lang": "es", + "value": "Dompdf es un conversor de HTML a PDF para PHP. Al analizar im\u00e1genes SVG, Dompdf realiza una validaci\u00f3n inicial para garantizar que las rutas dentro del SVG est\u00e9n permitidas. Una de las validaciones es que el documento SVG no hace referencia a s\u00ed mismo. Sin embargo, antes de la versi\u00f3n 2.0.4, un encadenado recursivo que utiliza dos o m\u00e1s documentos SVG no se valida correctamente. Dependiendo de la configuraci\u00f3n del sistema y del patr\u00f3n de ataque, esto podr\u00eda agotar la memoria disponible para el proceso en ejecuci\u00f3n y/o para el propio servidor. php-svg-lib, cuando se ejecuta de forma aislada, no admite referencias SVG para elementos de \"imagen\". Sin embargo, cuando se usa en combinaci\u00f3n con Dompdf, php-svg-lib procesar\u00e1 im\u00e1genes SVG a las que hace referencia un elemento `image`. Dompdf actualmente incluye validaci\u00f3n para evitar referencias de \"imagen\" autorreferenciales, pero no se verifica una referencia encadenada. Por lo tanto, un actor malicioso puede desencadenar una recursividad infinita encadenando referencias entre dos o m\u00e1s im\u00e1genes SVG. Cuando Dompdf analiza un payload malicioso, se bloquear\u00e1 despu\u00e9s de exceder el tiempo de ejecuci\u00f3n permitido o el uso de memoria. Un atacante que env\u00eda varias solicitudes a un sistema puede provocar el agotamiento de los recursos hasta el punto de que el sistema no pueda manejar las solicitudes entrantes. La versi\u00f3n 2.0.4 contiene una soluci\u00f3n para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +74,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.3", + "matchCriteriaId": "19911C76-C061-445A-BB47-77C6DB04F42A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dompdf/dompdf/blob/v2.0.3/src/Image/Cache.php#L136-L153", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50272.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50272.json new file mode 100644 index 00000000000..838e6f38293 --- /dev/null +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50272.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-50272", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-12-19T16:15:12.347", + "lastModified": "2023-12-19T16:17:42.220", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-alert@hpe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us", + "source": "security-alert@hpe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50709.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50709.json index 4f450fbe2fb..735fd7f2fa0 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50709.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50709.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50709", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T22:15:43.620", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:28:16.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cube:cube.js:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "0.34.34", + "matchCriteriaId": "B46E8BCA-A91A-45C1-9B11-AEDFF03C47B4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cube-js/cube/releases/tag/v0.34.34", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/cube-js/cube/security/advisories/GHSA-9759-3276-g2pm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5499.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5499.json index 37cee265ef0..12bc34f6189 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5499.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5499.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5499", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-10T14:15:11.213", - "lastModified": "2023-10-18T13:01:10.597", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-19T15:15:08.913", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cve-coordination@incibe.es", "type": "Primary", "description": [ { @@ -70,12 +70,12 @@ ] }, { - "source": "cve-coordination@incibe.es", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-532" } ] } diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6280.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6280.json new file mode 100644 index 00000000000..78b34ade362 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6280.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6280", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-12-19T15:15:09.033", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json index 086796bf962..39b6cdc9b36 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6364", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:52.957", - "lastModified": "2023-12-14T17:17:54.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:25:57.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.\u00a0 It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.\u00a0\u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n" + }, + { + "lang": "es", + "value": "En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de un componente del panel. Si un usuario de WhatsUp Gold interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.progress.com/network-monitoring", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json index f8a872fcc1a..347a127a892 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6365", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:53.163", - "lastModified": "2023-12-14T17:17:50.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T16:52:31.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nIn WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. \u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n" + }, + { + "lang": "es", + "value": "En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de un grupo de dispositivos. Si un usuario de WhatsUp Gold interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.1.0", + "matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.progress.com/network-monitoring", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6534.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6534.json index 126561ab865..2021cf54e5c 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6534.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6534.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6534", "sourceIdentifier": "secteam@freebsd.org", "published": "2023-12-13T09:15:34.680", - "lastModified": "2023-12-13T13:35:25.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:27:29.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,176 @@ "value": "En las versiones de FreeBSD 14.0-RELEASE anteriores a 14-RELEASE-p2, FreeBSD 13.2-RELEASE anteriores a 13.2-RELEASE-p7 y FreeBSD 12.4-RELEASE anteriores a 12.4-RELEASE-p9, el filtro de paquetes pf(4) valida incorrectamente los n\u00fameros de secuencia TCP. Esto podr\u00eda permitir que un actor malintencionado ejecute un ataque de denegaci\u00f3n de servicio contra hosts detr\u00e1s del firewall." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*", + "matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*", + "matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*", + "matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*", + "matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*", + "matchCriteriaId": "85D94BCA-FA32-4C10-95CD-5D2A69B38A7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*", + "matchCriteriaId": "8C950F97-40B4-43BF-BB81-C49CE00A468B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p6:*:*:*:*:*:*", + "matchCriteriaId": "8FFBAD22-5712-472D-ADAF-13DE0826F888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p7:*:*:*:*:*:*", + "matchCriteriaId": "888336D6-CA3C-45ED-90EA-C94A3146F1E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p8:*:*:*:*:*:*", + "matchCriteriaId": "7314B63B-75AF-44EF-9F4C-DDF7A18B77E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*", + "matchCriteriaId": "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*", + "matchCriteriaId": "220629AD-32CC-4303-86AE-1DD27F0E4C65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", + "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "761B4382-E857-4868-9F80-189B7F60256B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*", + "matchCriteriaId": "51B17801-15FD-4425-BA6C-BE06B14F1BFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*", + "matchCriteriaId": "FA25530A-133C-4D7C-8993-D5C42D79A0B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", + "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6687.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6687.json index 64054aef4b7..61e4389fe24 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6687.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6687.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6687", "sourceIdentifier": "bressers@elastic.co", "published": "2023-12-12T19:15:08.510", - "lastModified": "2023-12-12T20:20:16.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T15:20:04.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default." + }, + { + "lang": "es", + "value": "Elastic descubri\u00f3 un problema por el cual Elastic Agent registraba un evento sin formato en sus propios registros en el nivel WARN o ERROR si fallaba la ingesta de ese evento en Elasticsearch con cualquier c\u00f3digo de estado HTTP 4xx excepto 409 o 429. Dependiendo de la naturaleza del evento, el Agente El\u00e1stico intent\u00f3 ingerir, esto podr\u00eda llevar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros del Agente El\u00e1stico. Elastic lanz\u00f3 8.11.3 y 7.17.16 que evitan este problema al limitar estos tipos de registros al registro de nivel DEBUG, que est\u00e1 deshabilitado de forma predeterminada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -46,10 +80,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.17.16", + "matchCriteriaId": "5F396842-37AD-4E18-9477-47001EF69314" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.11.3", + "matchCriteriaId": "D1345D08-E070-43B9-83F1-68F32FA619EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6711.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6711.json new file mode 100644 index 00000000000..a8a558ebc38 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6711.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6711", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-12-19T15:15:09.257", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000184&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6913.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6913.json new file mode 100644 index 00000000000..7eb03b46776 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6913.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6913", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-12-19T15:15:09.447", + "lastModified": "2023-12-19T16:17:45.873", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-app", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3867fcd426b..839979fa50c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-19T15:00:24.751708+00:00 +2023-12-19T17:00:24.690445+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-19T14:50:39.843000+00:00 +2023-12-19T16:53:42.183000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233719 +233751 ``` ### CVEs added in the last Commit -Recently added CVEs: `25` +Recently added CVEs: `32` -* [CVE-2019-25158](CVE-2019/CVE-2019-251xx/CVE-2019-25158.json) (`2023-12-19T13:15:43.133`) -* [CVE-2023-6730](CVE-2023/CVE-2023-67xx/CVE-2023-6730.json) (`2023-12-19T13:15:43.380`) -* [CVE-2023-6856](CVE-2023/CVE-2023-68xx/CVE-2023-6856.json) (`2023-12-19T14:15:07.313`) -* [CVE-2023-6857](CVE-2023/CVE-2023-68xx/CVE-2023-6857.json) (`2023-12-19T14:15:07.377`) -* [CVE-2023-6858](CVE-2023/CVE-2023-68xx/CVE-2023-6858.json) (`2023-12-19T14:15:07.420`) -* [CVE-2023-6859](CVE-2023/CVE-2023-68xx/CVE-2023-6859.json) (`2023-12-19T14:15:07.467`) -* [CVE-2023-6860](CVE-2023/CVE-2023-68xx/CVE-2023-6860.json) (`2023-12-19T14:15:07.510`) -* [CVE-2023-6861](CVE-2023/CVE-2023-68xx/CVE-2023-6861.json) (`2023-12-19T14:15:07.560`) -* [CVE-2023-6862](CVE-2023/CVE-2023-68xx/CVE-2023-6862.json) (`2023-12-19T14:15:07.603`) -* [CVE-2023-6863](CVE-2023/CVE-2023-68xx/CVE-2023-6863.json) (`2023-12-19T14:15:07.650`) -* [CVE-2023-6864](CVE-2023/CVE-2023-68xx/CVE-2023-6864.json) (`2023-12-19T14:15:07.707`) -* [CVE-2023-6865](CVE-2023/CVE-2023-68xx/CVE-2023-6865.json) (`2023-12-19T14:15:07.777`) -* [CVE-2023-6866](CVE-2023/CVE-2023-68xx/CVE-2023-6866.json) (`2023-12-19T14:15:07.847`) -* [CVE-2023-6867](CVE-2023/CVE-2023-68xx/CVE-2023-6867.json) (`2023-12-19T14:15:07.933`) -* [CVE-2023-6868](CVE-2023/CVE-2023-68xx/CVE-2023-6868.json) (`2023-12-19T14:15:07.983`) -* [CVE-2023-6869](CVE-2023/CVE-2023-68xx/CVE-2023-6869.json) (`2023-12-19T14:15:08.040`) -* [CVE-2023-6870](CVE-2023/CVE-2023-68xx/CVE-2023-6870.json) (`2023-12-19T14:15:08.087`) -* [CVE-2023-6871](CVE-2023/CVE-2023-68xx/CVE-2023-6871.json) (`2023-12-19T14:15:08.133`) -* [CVE-2023-6872](CVE-2023/CVE-2023-68xx/CVE-2023-6872.json) (`2023-12-19T14:15:08.180`) -* [CVE-2023-6873](CVE-2023/CVE-2023-68xx/CVE-2023-6873.json) (`2023-12-19T14:15:08.227`) -* [CVE-2023-6931](CVE-2023/CVE-2023-69xx/CVE-2023-6931.json) (`2023-12-19T14:15:08.277`) -* [CVE-2023-6932](CVE-2023/CVE-2023-69xx/CVE-2023-6932.json) (`2023-12-19T14:15:08.460`) -* [CVE-2023-50761](CVE-2023/CVE-2023-507xx/CVE-2023-50761.json) (`2023-12-19T14:15:07.033`) -* [CVE-2023-50762](CVE-2023/CVE-2023-507xx/CVE-2023-50762.json) (`2023-12-19T14:15:07.093`) -* [CVE-2023-6135](CVE-2023/CVE-2023-61xx/CVE-2023-6135.json) (`2023-12-19T14:15:07.143`) +* [CVE-2023-46225](CVE-2023/CVE-2023-462xx/CVE-2023-46225.json) (`2023-12-19T16:15:10.260`) +* [CVE-2023-46257](CVE-2023/CVE-2023-462xx/CVE-2023-46257.json) (`2023-12-19T16:15:10.413`) +* [CVE-2023-46258](CVE-2023/CVE-2023-462xx/CVE-2023-46258.json) (`2023-12-19T16:15:10.570`) +* [CVE-2023-46259](CVE-2023/CVE-2023-462xx/CVE-2023-46259.json) (`2023-12-19T16:15:10.720`) +* [CVE-2023-46260](CVE-2023/CVE-2023-462xx/CVE-2023-46260.json) (`2023-12-19T16:15:10.887`) +* [CVE-2023-46261](CVE-2023/CVE-2023-462xx/CVE-2023-46261.json) (`2023-12-19T16:15:11.043`) +* [CVE-2023-46262](CVE-2023/CVE-2023-462xx/CVE-2023-46262.json) (`2023-12-19T16:15:11.190`) +* [CVE-2023-46263](CVE-2023/CVE-2023-462xx/CVE-2023-46263.json) (`2023-12-19T16:15:11.343`) +* [CVE-2023-46264](CVE-2023/CVE-2023-462xx/CVE-2023-46264.json) (`2023-12-19T16:15:11.493`) +* [CVE-2023-46265](CVE-2023/CVE-2023-462xx/CVE-2023-46265.json) (`2023-12-19T16:15:11.640`) +* [CVE-2023-46266](CVE-2023/CVE-2023-462xx/CVE-2023-46266.json) (`2023-12-19T16:15:11.787`) +* [CVE-2023-46803](CVE-2023/CVE-2023-468xx/CVE-2023-46803.json) (`2023-12-19T16:15:11.930`) +* [CVE-2023-46804](CVE-2023/CVE-2023-468xx/CVE-2023-46804.json) (`2023-12-19T16:15:12.077`) +* [CVE-2023-50272](CVE-2023/CVE-2023-502xx/CVE-2023-50272.json) (`2023-12-19T16:15:12.347`) +* [CVE-2023-1514](CVE-2023/CVE-2023-15xx/CVE-2023-1514.json) (`2023-12-19T15:15:08.037`) +* [CVE-2023-43870](CVE-2023/CVE-2023-438xx/CVE-2023-43870.json) (`2023-12-19T15:15:08.357`) +* [CVE-2023-6280](CVE-2023/CVE-2023-62xx/CVE-2023-6280.json) (`2023-12-19T15:15:09.033`) +* [CVE-2023-6711](CVE-2023/CVE-2023-67xx/CVE-2023-6711.json) (`2023-12-19T15:15:09.257`) +* [CVE-2023-6913](CVE-2023/CVE-2023-69xx/CVE-2023-6913.json) (`2023-12-19T15:15:09.447`) +* [CVE-2023-25715](CVE-2023/CVE-2023-257xx/CVE-2023-25715.json) (`2023-12-19T16:15:07.980`) +* [CVE-2023-37390](CVE-2023/CVE-2023-373xx/CVE-2023-37390.json) (`2023-12-19T16:15:08.193`) +* [CVE-2023-41727](CVE-2023/CVE-2023-417xx/CVE-2023-41727.json) (`2023-12-19T16:15:08.623`) +* [CVE-2023-44983](CVE-2023/CVE-2023-449xx/CVE-2023-44983.json) (`2023-12-19T16:15:08.787`) +* [CVE-2023-44991](CVE-2023/CVE-2023-449xx/CVE-2023-44991.json) (`2023-12-19T16:15:08.973`) +* [CVE-2023-46216](CVE-2023/CVE-2023-462xx/CVE-2023-46216.json) (`2023-12-19T16:15:09.170`) ### CVEs modified in the last Commit -Recently modified CVEs: `70` +Recently modified CVEs: `37` -* [CVE-2023-23576](CVE-2023/CVE-2023-235xx/CVE-2023-23576.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-23584](CVE-2023/CVE-2023-235xx/CVE-2023-23584.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-24590](CVE-2023/CVE-2023-245xx/CVE-2023-24590.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-41967](CVE-2023/CVE-2023-419xx/CVE-2023-41967.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-46686](CVE-2023/CVE-2023-466xx/CVE-2023-46686.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-48768](CVE-2023/CVE-2023-487xx/CVE-2023-48768.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-48769](CVE-2023/CVE-2023-487xx/CVE-2023-48769.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-48772](CVE-2023/CVE-2023-487xx/CVE-2023-48772.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-48773](CVE-2023/CVE-2023-487xx/CVE-2023-48773.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-48778](CVE-2023/CVE-2023-487xx/CVE-2023-48778.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-48781](CVE-2023/CVE-2023-487xx/CVE-2023-48781.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-6355](CVE-2023/CVE-2023-63xx/CVE-2023-6355.json) (`2023-12-19T13:42:29.533`) -* [CVE-2023-50011](CVE-2023/CVE-2023-500xx/CVE-2023-50011.json) (`2023-12-19T13:49:18.530`) -* [CVE-2023-6890](CVE-2023/CVE-2023-68xx/CVE-2023-6890.json) (`2023-12-19T13:50:36.190`) -* [CVE-2023-6889](CVE-2023/CVE-2023-68xx/CVE-2023-6889.json) (`2023-12-19T13:52:23.363`) -* [CVE-2023-6836](CVE-2023/CVE-2023-68xx/CVE-2023-6836.json) (`2023-12-19T13:52:56.807`) -* [CVE-2023-6448](CVE-2023/CVE-2023-64xx/CVE-2023-6448.json) (`2023-12-19T14:15:07.183`) -* [CVE-2023-48676](CVE-2023/CVE-2023-486xx/CVE-2023-48676.json) (`2023-12-19T14:20:14.047`) -* [CVE-2023-48663](CVE-2023/CVE-2023-486xx/CVE-2023-48663.json) (`2023-12-19T14:33:48.787`) -* [CVE-2023-6702](CVE-2023/CVE-2023-67xx/CVE-2023-6702.json) (`2023-12-19T14:44:04.613`) -* [CVE-2023-47619](CVE-2023/CVE-2023-476xx/CVE-2023-47619.json) (`2023-12-19T14:45:12.943`) -* [CVE-2023-6775](CVE-2023/CVE-2023-67xx/CVE-2023-6775.json) (`2023-12-19T14:46:42.323`) -* [CVE-2023-49577](CVE-2023/CVE-2023-495xx/CVE-2023-49577.json) (`2023-12-19T14:50:18.817`) -* [CVE-2023-49580](CVE-2023/CVE-2023-495xx/CVE-2023-49580.json) (`2023-12-19T14:50:39.843`) +* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-19T15:25:57.190`) +* [CVE-2023-6534](CVE-2023/CVE-2023-65xx/CVE-2023-6534.json) (`2023-12-19T15:27:29.937`) +* [CVE-2023-47620](CVE-2023/CVE-2023-476xx/CVE-2023-47620.json) (`2023-12-19T15:27:49.173`) +* [CVE-2023-47623](CVE-2023/CVE-2023-476xx/CVE-2023-47623.json) (`2023-12-19T15:27:59.743`) +* [CVE-2023-50709](CVE-2023/CVE-2023-507xx/CVE-2023-50709.json) (`2023-12-19T15:28:16.453`) +* [CVE-2023-50262](CVE-2023/CVE-2023-502xx/CVE-2023-50262.json) (`2023-12-19T15:28:42.343`) +* [CVE-2023-49878](CVE-2023/CVE-2023-498xx/CVE-2023-49878.json) (`2023-12-19T15:31:33.753`) +* [CVE-2023-47624](CVE-2023/CVE-2023-476xx/CVE-2023-47624.json) (`2023-12-19T15:33:35.507`) +* [CVE-2023-49296](CVE-2023/CVE-2023-492xx/CVE-2023-49296.json) (`2023-12-19T15:43:13.307`) +* [CVE-2023-43583](CVE-2023/CVE-2023-435xx/CVE-2023-43583.json) (`2023-12-19T15:49:19.407`) +* [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2023-12-19T16:08:07.640`) +* [CVE-2023-40657](CVE-2023/CVE-2023-406xx/CVE-2023-40657.json) (`2023-12-19T16:10:07.447`) +* [CVE-2023-41618](CVE-2023/CVE-2023-416xx/CVE-2023-41618.json) (`2023-12-19T16:11:02.990`) +* [CVE-2023-22518](CVE-2023/CVE-2023-225xx/CVE-2023-22518.json) (`2023-12-19T16:15:07.883`) +* [CVE-2023-40660](CVE-2023/CVE-2023-406xx/CVE-2023-40660.json) (`2023-12-19T16:15:08.413`) +* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-12-19T16:15:08.527`) +* [CVE-2023-4535](CVE-2023/CVE-2023-45xx/CVE-2023-4535.json) (`2023-12-19T16:15:12.243`) +* [CVE-2023-40658](CVE-2023/CVE-2023-406xx/CVE-2023-40658.json) (`2023-12-19T16:18:43.973`) +* [CVE-2023-40659](CVE-2023/CVE-2023-406xx/CVE-2023-40659.json) (`2023-12-19T16:19:14.030`) +* [CVE-2023-48225](CVE-2023/CVE-2023-482xx/CVE-2023-48225.json) (`2023-12-19T16:30:05.530`) +* [CVE-2023-48664](CVE-2023/CVE-2023-486xx/CVE-2023-48664.json) (`2023-12-19T16:41:04.083`) +* [CVE-2023-48665](CVE-2023/CVE-2023-486xx/CVE-2023-48665.json) (`2023-12-19T16:45:27.163`) +* [CVE-2023-6365](CVE-2023/CVE-2023-63xx/CVE-2023-6365.json) (`2023-12-19T16:52:31.667`) +* [CVE-2023-49770](CVE-2023/CVE-2023-497xx/CVE-2023-49770.json) (`2023-12-19T16:53:26.097`) +* [CVE-2023-40656](CVE-2023/CVE-2023-406xx/CVE-2023-40656.json) (`2023-12-19T16:53:42.183`) ## Download and Usage