From 6c803bc47426a2df9b3728bcb2646e70a28d9763 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 17 Jan 2024 21:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-17T21:00:25.298434+00:00 --- CVE-2016/CVE-2016-200xx/CVE-2016-20021.json | 4 +- CVE-2022/CVE-2022-417xx/CVE-2022-41786.json | 4 +- CVE-2022/CVE-2022-417xx/CVE-2022-41790.json | 4 +- CVE-2022/CVE-2022-428xx/CVE-2022-42884.json | 55 +++++++ CVE-2023/CVE-2023-404xx/CVE-2023-40437.json | 83 +++++++++- CVE-2023/CVE-2023-404xx/CVE-2023-40439.json | 83 +++++++++- CVE-2023/CVE-2023-405xx/CVE-2023-40529.json | 71 +++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42830.json | 83 +++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42831.json | 110 ++++++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42833.json | 95 ++++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42862.json | 108 ++++++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42865.json | 10 +- CVE-2023/CVE-2023-428xx/CVE-2023-42866.json | 119 +++++++++++++- CVE-2023/CVE-2023-440xx/CVE-2023-44077.json | 20 +++ CVE-2023/CVE-2023-481xx/CVE-2023-48104.json | 4 +- CVE-2023/CVE-2023-482xx/CVE-2023-48248.json | 169 +++++++++++++++++++- CVE-2023/CVE-2023-482xx/CVE-2023-48250.json | 169 +++++++++++++++++++- CVE-2023/CVE-2023-482xx/CVE-2023-48251.json | 169 +++++++++++++++++++- CVE-2023/CVE-2023-482xx/CVE-2023-48252.json | 169 +++++++++++++++++++- CVE-2023/CVE-2023-482xx/CVE-2023-48253.json | 169 +++++++++++++++++++- CVE-2023/CVE-2023-488xx/CVE-2023-48858.json | 24 +++ CVE-2023/CVE-2023-509xx/CVE-2023-50930.json | 59 ++++++- CVE-2023/CVE-2023-509xx/CVE-2023-50931.json | 59 ++++++- CVE-2023/CVE-2023-509xx/CVE-2023-50932.json | 59 ++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5504.json | 70 +++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6220.json | 64 +++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6266.json | 74 ++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6316.json | 69 +++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6369.json | 99 ++++++++++-- CVE-2023/CVE-2023-64xx/CVE-2023-6496.json | 64 +++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6504.json | 64 +++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6520.json | 70 +++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6548.json | 55 +++++++ CVE-2023/CVE-2023-65xx/CVE-2023-6556.json | 74 ++++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6558.json | 69 +++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6561.json | 74 ++++++++- CVE-2023/CVE-2023-66xx/CVE-2023-6634.json | 64 +++++++- CVE-2023/CVE-2023-66xx/CVE-2023-6645.json | 64 +++++++- CVE-2023/CVE-2023-66xx/CVE-2023-6684.json | 69 +++++++- CVE-2023/CVE-2023-67xx/CVE-2023-6737.json | 64 +++++++- CVE-2023/CVE-2023-67xx/CVE-2023-6742.json | 69 +++++++- CVE-2023/CVE-2023-70xx/CVE-2023-7028.json | 12 +- CVE-2023/CVE-2023-70xx/CVE-2023-7031.json | 55 +++++++ CVE-2024/CVE-2024-03xx/CVE-2024-0310.json | 68 +++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0647.json | 88 ++++++++++ CVE-2024/CVE-2024-227xx/CVE-2024-22714.json | 4 +- CVE-2024/CVE-2024-227xx/CVE-2024-22715.json | 4 +- README.md | 86 +++++----- 48 files changed, 3166 insertions(+), 226 deletions(-) create mode 100644 CVE-2022/CVE-2022-428xx/CVE-2022-42884.json create mode 100644 CVE-2023/CVE-2023-440xx/CVE-2023-44077.json create mode 100644 CVE-2023/CVE-2023-488xx/CVE-2023-48858.json create mode 100644 CVE-2023/CVE-2023-65xx/CVE-2023-6548.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7031.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0647.json diff --git a/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json b/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json index 997f702d1d2..9fdf35212a0 100644 --- a/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json +++ b/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json @@ -2,12 +2,12 @@ "id": "CVE-2016-20021", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T03:15:08.410", - "lastModified": "2024-01-12T13:47:31.250", + "lastModified": "2024-01-17T20:15:48.477", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification." + "value": "In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable." }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-417xx/CVE-2022-41786.json b/CVE-2022/CVE-2022-417xx/CVE-2022-41786.json index 70fc4b7ac97..5d0f077b51c 100644 --- a/CVE-2022/CVE-2022-417xx/CVE-2022-41786.json +++ b/CVE-2022/CVE-2022-417xx/CVE-2022-41786.json @@ -2,8 +2,8 @@ "id": "CVE-2022-41786", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-17T18:15:45.000", - "lastModified": "2024-01-17T18:15:45.000", - "vulnStatus": "Received", + "lastModified": "2024-01-17T19:22:17.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-417xx/CVE-2022-41790.json b/CVE-2022/CVE-2022-417xx/CVE-2022-41790.json index c5f458a9607..c72fd21f04f 100644 --- a/CVE-2022/CVE-2022-417xx/CVE-2022-41790.json +++ b/CVE-2022/CVE-2022-417xx/CVE-2022-41790.json @@ -2,8 +2,8 @@ "id": "CVE-2022-41790", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-17T18:15:45.207", - "lastModified": "2024-01-17T18:15:45.207", - "vulnStatus": "Received", + "lastModified": "2024-01-17T19:22:17.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42884.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42884.json new file mode 100644 index 00000000000..815b33db856 --- /dev/null +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42884.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-42884", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-17T19:15:08.017", + "lastModified": "2024-01-17T19:22:17.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wip-custom-login/wordpress-wip-custom-login-plugin-1-2-7-multiple-broken-access-control-vulnerabilities?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json index 795de7765bb..711447f17c9 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40437", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.827", - "lastModified": "2024-01-11T13:57:35.163", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T19:06:18.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,88 @@ "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.5", + "matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json index 77b5335f721..fe27afc6f52 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40439", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.920", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T19:12:37.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,88 @@ "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.5", + "matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json index a31b5b3b16b..e74c3fa5da1 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40529", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.970", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T19:14:54.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,74 @@ "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Una persona con acceso f\u00edsico a un dispositivo puede usar VoiceOver para acceder a informaci\u00f3n privada del calendario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213938", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json index 8a3ee4605d8..7450e8dcfe3 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42830", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.850", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:56:33.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,88 @@ "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.4", + "matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.4", + "matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.3", + "matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213670", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213676", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json index be566f3f5a7..58ada26f4ea 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42831", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.903", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:51:35.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,119 @@ "value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, iOS 15.7.8 y iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda tomar las huellas digitales del usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.7.8", + "matchCriteriaId": "5E276423-4032-4E12-AB11-88F7047E35EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.7.8", + "matchCriteriaId": "8635FA0F-1876-4E3A-B02D-31AEA459C38E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "11.7.9", + "matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.6.8", + "matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.5", + "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213842", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213844", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213845", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json index 8cf212e7d0c..942b0dce4f9 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42833", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.000", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:50:04.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,102 @@ "value": "Se solucion\u00f3 un problema de correcci\u00f3n con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "93FB6D0F-A668-47CF-A63D-755CA3BA259A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0", + "matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213938", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213940", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213941", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json index cc112ec24dd..621d7169d31 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42862", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.047", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:51:42.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,117 @@ "value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, tvOS 16.4, iOS 16.4 y iPadOS 16.4, watchOS 9.4. El procesamiento de una imagen puede resultar en la divulgaci\u00f3n de la memoria del proceso." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.4", + "matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.4", + "matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.3", + "matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.4", + "matchCriteriaId": "B55C90FB-21A2-4066-9FFD-04ABA57E68F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.4", + "matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213670", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213674", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213676", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213678", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json index ace6f329841..f66b6bf7f61 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42865", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.093", - "lastModified": "2024-01-17T18:13:22.973", + "lastModified": "2024-01-17T20:51:12.820", "vulnStatus": "Analyzed", "descriptions": [ { @@ -21,8 +21,8 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "attackVector": "LOCAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", @@ -30,10 +30,10 @@ "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 5.5, + "baseScore": 6.5, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.8, + "exploitabilityScore": 2.8, "impactScore": 3.6 } ] diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json index 413b9bb6772..ce7143342cd 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42866", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.143", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:46:08.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,27 +14,130 @@ "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13.5, iOS 16.6 y iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB91291B-DB98-4E2A-BDA6-F9B5C48CDC6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.5", + "matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.6", + "matchCriteriaId": "339039D5-7AAC-4252-B4F6-BFCEBB48D92A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6", + "matchCriteriaId": "90DFD981-D950-40B0-A699-4878B653A20D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213841", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213843", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213846", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213847", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213848", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44077.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44077.json new file mode 100644 index 00000000000..b8f827675cd --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44077.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-44077", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-17T20:15:50.517", + "lastModified": "2024-01-17T20:15:50.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.studionetworksolutions.com/hc/en-us/articles/22494658980244-ShareBrowser-v-7-0-Released", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json index ee17862bc6d..0261c429f6a 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json @@ -2,12 +2,12 @@ "id": "CVE-2023-48104", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T01:15:34.370", - "lastModified": "2024-01-16T13:56:05.467", + "lastModified": "2024-01-17T19:15:08.243", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Alinto SOGo 5.8.0 is vulnerable to HTML Injection." + "value": "Alinto SOGo before 5.9.1 is vulnerable to HTML Injection." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48248.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48248.json index 29ac27bddb5..2a3af26c45d 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48248.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48248.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48248", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:09.867", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:31:27.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim\u2019s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto autenticado cargar un archivo malicioso en la tarjeta SD que contiene un c\u00f3digo de script arbitrario del lado del cliente y obtener su ejecuci\u00f3n dentro de la sesi\u00f3n de la v\u00edctima a trav\u00e9s de una URL manipulada, una solicitud HTTP o simplemente esperando a que la v\u00edctima vea el archivo envenenado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48250.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48250.json index a495c26d6f0..0e79abcee0e 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48250.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48250.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48250", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:10.313", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:31:45.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto autenticarse en la aplicaci\u00f3n web con altos privilegios a trav\u00e9s de m\u00faltiples cuentas ocultas codificadas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48251.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48251.json index f950b0a2279..2b5a75869de 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48251.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48251.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48251", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:45.370", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:32:27.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto autenticarse en el servicio SSH con privilegios de root a trav\u00e9s de una cuenta oculta codificada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48252.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48252.json index d54ad7855aa..046a879c2cc 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48252.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48252.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48252", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:45.607", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:37:04.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite que un atacante remoto autenticado realice acciones que excedan su acceso autorizado a trav\u00e9s de solicitudes HTTP manipuladas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48253.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48253.json index 0a569e8148c..2990ed7a80c 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48253.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48253.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48253", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:45.803", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:35:48.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.\r\nBy abusing this vulnerability it is possible to exfiltrate other users\u2019 password hashes or update them with arbitrary values and access their accounts." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante autenticado remoto leer o actualizar contenido arbitrario de la base de datos de autenticaci\u00f3n mediante una solicitud HTTP manipulada. Al abusar de esta vulnerabilidad, es posible filtrar los hashes de contrase\u00f1as de otros usuarios o actualizarlos con valores arbitrarios y acceder a sus cuentas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48858.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48858.json new file mode 100644 index 00000000000..13a61962e0e --- /dev/null +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48858.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48858", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-17T20:15:50.573", + "lastModified": "2024-01-17T20:15:50.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://abocms.ru/about/versions/version59/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Shumerez/CVE-2023-48858", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50930.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50930.json index 35aba961232..b3fa1fe846d 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50930.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50930.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50930", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T07:15:07.733", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:28:33.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:savignano:s\\/notify:*:*:*:*:*:jira:*:*", + "versionEndExcluding": "4.0.2", + "matchCriteriaId": "BA9B40F1-2043-418B-B04F-6574E95DEA75" + } + ] + } + ] + } + ], "references": [ { "url": "https://help.savignano.net/snotify-email-encryption/sa-2023-11-28", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50931.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50931.json index 55f565e587f..a66501429cc 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50931.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50931.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50931", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T07:15:09.877", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:29:51.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:savignano:s\\/notify:*:*:*:*:*:bitbucket:*:*", + "versionEndExcluding": "2.0.1", + "matchCriteriaId": "5EBDAB02-DAAC-43C7-83CB-5208B82395E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://help.savignano.net/snotify-email-encryption/sa-2023-11-28", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50932.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50932.json index ed72c357537..5bbf2349b48 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50932.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50932.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50932", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T07:15:10.937", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:30:07.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:savignano:s\\/notify:*:*:*:*:*:confluence:*:*", + "versionEndExcluding": "4.0.2", + "matchCriteriaId": "4853A1BA-7957-4F6C-9FDC-DB3F02E84D12" + } + ] + } + ] + } + ], "references": [ { "url": "https://help.savignano.net/snotify-email-encryption/sa-2023-11-28", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json index 20922eb4c61..c024fdb3a4b 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5504", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:47.553", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T19:50:57.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inpsyde:backwpup:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.1", + "matchCriteriaId": "DABBA142-B0ED-4803-B99E-38DBE680AB91" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/backwpup/trunk/inc/class-page-settings.php?rev=2818974#L457", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3000176%40backwpup%2Ftrunk&old=2980789%40backwpup%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json index c732bd902d3..1f58b7e853b 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6220", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:47.883", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:06:17.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:piotnet:piotnet_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.26", + "matchCriteriaId": "201D613B-2ED0-494B-B9E8-5EF21F2CC3E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/piotnetforms/tags/1.0.26/inc/forms/ajax-form-builder.php#L430", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af2b7eac-a3f5-408f-b139-643e70b3f27a?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json index e4b5bd5c2c6..198010d7dd7 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6266", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.047", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:13:08.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.6", + "matchCriteriaId": "3F72CDE6-A671-447D-A924-84FE7D31C6DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.php#L1048", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.php#L972", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/initializer.php#L1065", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08801f53-3c57-41a3-a637-4b52637cc612?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json index 5bf9a7f2cd5..9ef869d1dd6 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6316", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.210", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:17:22.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mw_wp_form_project:mw_wp_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.0.1", + "matchCriteriaId": "14E22CB6-49D1-45BB-9D38-DF29FCD492D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.0.1/classes/models/class.file.php#L60", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3003065/mw-wp-form#file15", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c03142-be30-4173-a140-14d73a16dd2b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json index 54f11f44a53..faf88400483 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6369", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.380", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:21:24.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,42 +58,99 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myrecorp:export_wp_page_to_static_html\\/css:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.9", + "matchCriteriaId": "868E1CF7-EB3F-4BCA-982B-5A0A60B488D5" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/cancelRcExportProcess.php#L23", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/deleteExportedZipFile.php#L24", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/exportLogPercentage.php#L23", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/requestForWpPageToStaticHtml.php#L24", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/saveAdvancedSettings.php#L22", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/searchPosts.php#L24", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/seeLogsInDetails.php#L22", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3002740/export-wp-page-to-static-html", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json index 5fcc59d5472..18157c65f81 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6496", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.543", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:24:42.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freeamigos:manage_notification_e-mails:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.6", + "matchCriteriaId": "472C40CD-D7E8-4EC5-B1C7-A120DC8E40D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3007199%40manage-notification-emails%2Ftrunk&old=2920034%40manage-notification-emails%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/048bc117-88df-44b3-a30c-692bad23050f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json index 1e73b66f4e2..e9a196b26e8 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6504", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.710", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:32:01.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.10.7", + "matchCriteriaId": "BA6C114E-8DE2-44DF-9472-54F8C73EF43C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3012472/profile-builder", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f515ccf8-7231-4728-b155-c47049087d42?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json index ad3fe9880c8..f1e4b079080 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6520", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T07:15:09.070", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:43:01.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:melapress:wp_2fa:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "BF518EBE-219C-4791-97F9-EA95A586C4D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-2fa/trunk/includes/classes/Admin/class-setup-wizard.php?rev=2940688#L606", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0af451be-2477-453c-a230-7f3fb804398b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6548.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6548.json new file mode 100644 index 00000000000..8db959d1873 --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6548.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6548", + "sourceIdentifier": "secure@citrix.com", + "published": "2024-01-17T20:15:50.627", + "lastModified": "2024-01-17T20:15:50.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", + "source": "secure@citrix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json index a34ce8fc201..ed0f8648c25 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6556", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.877", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:39:02.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.1.5", + "matchCriteriaId": "EACF88D0-2F0A-4D11-9820-52F30BEE3437" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/smart-designer.php#L120", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/smart-designer.php#L21", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3012135%40woocommerce-currency-switcher&new=3012135%40woocommerce-currency-switcher&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json index 83f5ddec144..a9771afc39a 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6558", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.037", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:25:15.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtoffee:import_export_wordpress_users:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.4.8", + "matchCriteriaId": "43540D1E-C75B-405C-B094-A83D4C908899" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/users-customers-import-export-for-wp-woocommerce/tags/2.4.7/admin/modules/import/classes/class-import-ajax.php#L124", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3008454/users-customers-import-export-for-wp-woocommerce#file197", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55b3e2dc-dc4f-408b-bbc6-da72ed5ad245?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json index a1ea935ff81..e372cae9c42 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6561", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.193", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T19:01:07.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fifu:featured_image_from_url:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.5.4", + "matchCriteriaId": "078395F5-7482-4C9C-BAEC-91C8930038F0" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/category.php#L62", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/meta-box.php#L213", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009699%40featured-image-from-url%2Ftrunk&old=3003342%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4d5ae93-000e-4001-adfa-c11058032469?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json index d5c584ef277..7a93954c5d0 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6634", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:50.437", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:44:44.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.2.5.7", + "matchCriteriaId": "2D41E864-37EC-4FDB-96B2-66D91FE2828A" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3013957/learnpress", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21291ed7-cdc0-4698-9ec4-8417160845ed?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json index 97d0ca24194..f19060b3b34 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6645", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.097", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:40:42.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pickplugins:post_grid_combo:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.64", + "matchCriteriaId": "1597234E-1C5F-410E-853F-A2330B32F958" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010342%40post-grid%2Ftrunk&old=2999466%40post-grid%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab777672-6eef-4078-932d-24bb784107fa?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json index 3d04bb9e359..dec32da66ce 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6684", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.263", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:41:05.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vowelweb:ibtana:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.2", + "matchCriteriaId": "843E7E96-7D45-4956-9F18-517FBD19CFA2" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/ive-countdown.php?rev=2965648#L633", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3006647/ibtana-visual-editor/trunk/ive-countdown.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b09d496-0e03-48a4-acf7-57febe18ed0a?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json index 2ad2d8391f2..758e4272b6d 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6737", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.457", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:38:08.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shortpixel:enable_media_replace:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.1.4", + "matchCriteriaId": "AABF7375-AA06-4E81-BDA7-7243690B91BA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010103%40enable-media-replace%2Ftrunk&old=2990561%40enable-media-replace%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c37d8218-6059-46f2-a5d9-d7c22486211e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json index 6461080b598..c81b2cde767 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6742", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.640", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:39:17.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enviragallery:envira_gallery:*:*:*:*:lite:wordpress:*:*", + "versionEndIncluding": "1.8.7.1", + "matchCriteriaId": "1334DAF1-FC0F-4FE8-A071-39245F896216" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7028.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7028.json index aa96f1da3f8..d5a08e5a7d0 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7028.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7028.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7028", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-12T14:15:49.420", - "lastModified": "2024-01-12T15:54:26.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:15:50.813", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anterior a 16.1.6, 16.2 anterior a 16.2.9, 16.3 anterior a 16.3.7, 16.4 anterior a 16.4.5, 16.5 anterior a 16.5.6, 16.6 antes de 16.6.4 y 16.7 antes de 16.7.2 en los que los correos electr\u00f3nicos de restablecimiento de contrase\u00f1a de cuenta de usuario pod\u00edan enviarse a una direcci\u00f3n de correo electr\u00f3nico no verificada." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/", + "source": "cve@gitlab.com" + }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084", "source": "cve@gitlab.com" diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7031.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7031.json new file mode 100644 index 00000000000..ee9c01ea6d3 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7031.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-7031", + "sourceIdentifier": "securityalerts@avaya.com", + "published": "2024-01-17T19:15:08.293", + "lastModified": "2024-01-17T19:22:17.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "securityalerts@avaya.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "securityalerts@avaya.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://support.avaya.com/css/public/documents/101088063", + "source": "securityalerts@avaya.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0310.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0310.json index 4bf4fdd76aa..c803e0fa4fc 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0310.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0310.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0310", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2024-01-10T11:15:10.580", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T20:33:20.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nA content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. \n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de pol\u00edtica de seguridad de contenido en la extensi\u00f3n del navegador ENS Control anterior a 10.7.0 Actualizaci\u00f3n 15 permite a un atacante remoto alterar la configuraci\u00f3n del par\u00e1metro del encabezado de respuesta para cambiar la pol\u00edtica de seguridad de contenido al modo de solo informe, permitiendo a un atacante eludir la configuraci\u00f3n de la pol\u00edtica de seguridad de contenido." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "trellixpsirt@trellix.com", "type": "Secondary", @@ -46,10 +70,48 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trellix:endpoint_security_web_control:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.7.0", + "matchCriteriaId": "618B62E7-24CA-4F30-AFAF-4115D91DA937" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trellix:endpoint_security_web_control:10.7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "32243B2A-F9B4-429F-857A-FD3BA5C26FEF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10417", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0647.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0647.json new file mode 100644 index 00000000000..cdcf10f7c1f --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0647.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0647", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-17T19:15:08.480", + "lastModified": "2024-01-17T19:22:17.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.251373", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251373", + "source": "cna@vuldb.com" + }, + { + "url": "https://youtu.be/t-mDofraMcc", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json index 37ce8388ef6..80dedaf2050 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22714", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T18:15:45.410", - "lastModified": "2024-01-17T18:15:45.410", - "vulnStatus": "Received", + "lastModified": "2024-01-17T19:22:17.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json index a3c7721db09..fc86a992582 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22715", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T18:15:45.457", - "lastModified": "2024-01-17T18:15:45.457", - "vulnStatus": "Received", + "lastModified": "2024-01-17T19:22:17.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 1a905b97188..9657d482e3b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-17T19:00:25.032103+00:00 +2024-01-17T21:00:25.298434+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-17T18:52:03.727000+00:00 +2024-01-17T20:56:33.957000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236238 +236244 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `6` -* [CVE-2022-40702](CVE-2022/CVE-2022-407xx/CVE-2022-40702.json) (`2024-01-17T17:15:09.120`) -* [CVE-2022-41619](CVE-2022/CVE-2022-416xx/CVE-2022-41619.json) (`2024-01-17T17:15:09.333`) -* [CVE-2022-41695](CVE-2022/CVE-2022-416xx/CVE-2022-41695.json) (`2024-01-17T17:15:09.550`) -* [CVE-2022-41990](CVE-2022/CVE-2022-419xx/CVE-2022-41990.json) (`2024-01-17T17:15:09.757`) -* [CVE-2022-41786](CVE-2022/CVE-2022-417xx/CVE-2022-41786.json) (`2024-01-17T18:15:45.000`) -* [CVE-2022-41790](CVE-2022/CVE-2022-417xx/CVE-2022-41790.json) (`2024-01-17T18:15:45.207`) -* [CVE-2023-20257](CVE-2023/CVE-2023-202xx/CVE-2023-20257.json) (`2024-01-17T17:15:09.960`) -* [CVE-2023-20258](CVE-2023/CVE-2023-202xx/CVE-2023-20258.json) (`2024-01-17T17:15:10.147`) -* [CVE-2023-20260](CVE-2023/CVE-2023-202xx/CVE-2023-20260.json) (`2024-01-17T17:15:10.323`) -* [CVE-2023-20271](CVE-2023/CVE-2023-202xx/CVE-2023-20271.json) (`2024-01-17T17:15:10.540`) -* [CVE-2023-23882](CVE-2023/CVE-2023-238xx/CVE-2023-23882.json) (`2024-01-17T17:15:10.720`) -* [CVE-2023-23896](CVE-2023/CVE-2023-238xx/CVE-2023-23896.json) (`2024-01-17T17:15:10.913`) -* [CVE-2023-50950](CVE-2023/CVE-2023-509xx/CVE-2023-50950.json) (`2024-01-17T17:15:11.143`) -* [CVE-2024-20251](CVE-2024/CVE-2024-202xx/CVE-2024-20251.json) (`2024-01-17T17:15:11.350`) -* [CVE-2024-20270](CVE-2024/CVE-2024-202xx/CVE-2024-20270.json) (`2024-01-17T17:15:11.627`) -* [CVE-2024-20272](CVE-2024/CVE-2024-202xx/CVE-2024-20272.json) (`2024-01-17T17:15:12.130`) -* [CVE-2024-20277](CVE-2024/CVE-2024-202xx/CVE-2024-20277.json) (`2024-01-17T17:15:12.300`) -* [CVE-2024-20287](CVE-2024/CVE-2024-202xx/CVE-2024-20287.json) (`2024-01-17T17:15:12.467`) -* [CVE-2024-22714](CVE-2024/CVE-2024-227xx/CVE-2024-22714.json) (`2024-01-17T18:15:45.410`) -* [CVE-2024-22715](CVE-2024/CVE-2024-227xx/CVE-2024-22715.json) (`2024-01-17T18:15:45.457`) +* [CVE-2022-42884](CVE-2022/CVE-2022-428xx/CVE-2022-42884.json) (`2024-01-17T19:15:08.017`) +* [CVE-2023-7031](CVE-2023/CVE-2023-70xx/CVE-2023-7031.json) (`2024-01-17T19:15:08.293`) +* [CVE-2023-44077](CVE-2023/CVE-2023-440xx/CVE-2023-44077.json) (`2024-01-17T20:15:50.517`) +* [CVE-2023-48858](CVE-2023/CVE-2023-488xx/CVE-2023-48858.json) (`2024-01-17T20:15:50.573`) +* [CVE-2023-6548](CVE-2023/CVE-2023-65xx/CVE-2023-6548.json) (`2024-01-17T20:15:50.627`) +* [CVE-2024-0647](CVE-2024/CVE-2024-06xx/CVE-2024-0647.json) (`2024-01-17T19:15:08.480`) ### CVEs modified in the last Commit -Recently modified CVEs: `53` +Recently modified CVEs: `41` -* [CVE-2023-52030](CVE-2023/CVE-2023-520xx/CVE-2023-52030.json) (`2024-01-17T18:25:43.917`) -* [CVE-2023-52029](CVE-2023/CVE-2023-520xx/CVE-2023-52029.json) (`2024-01-17T18:26:18.677`) -* [CVE-2023-52028](CVE-2023/CVE-2023-520xx/CVE-2023-52028.json) (`2024-01-17T18:26:49.623`) -* [CVE-2023-40393](CVE-2023/CVE-2023-403xx/CVE-2023-40393.json) (`2024-01-17T18:30:39.897`) -* [CVE-2023-6583](CVE-2023/CVE-2023-65xx/CVE-2023-6583.json) (`2024-01-17T18:42:13.750`) -* [CVE-2023-6582](CVE-2023/CVE-2023-65xx/CVE-2023-6582.json) (`2024-01-17T18:45:11.677`) -* [CVE-2023-6567](CVE-2023/CVE-2023-65xx/CVE-2023-6567.json) (`2024-01-17T18:46:59.213`) -* [CVE-2023-40433](CVE-2023/CVE-2023-404xx/CVE-2023-40433.json) (`2024-01-17T18:52:03.727`) -* [CVE-2024-20653](CVE-2024/CVE-2024-206xx/CVE-2024-20653.json) (`2024-01-17T17:04:25.387`) -* [CVE-2024-20656](CVE-2024/CVE-2024-206xx/CVE-2024-20656.json) (`2024-01-17T17:22:25.503`) -* [CVE-2024-20657](CVE-2024/CVE-2024-206xx/CVE-2024-20657.json) (`2024-01-17T17:28:35.963`) -* [CVE-2024-20714](CVE-2024/CVE-2024-207xx/CVE-2024-20714.json) (`2024-01-17T17:31:11.130`) -* [CVE-2024-20715](CVE-2024/CVE-2024-207xx/CVE-2024-20715.json) (`2024-01-17T17:33:43.200`) -* [CVE-2024-0396](CVE-2024/CVE-2024-03xx/CVE-2024-0396.json) (`2024-01-17T17:35:02.713`) -* [CVE-2024-0639](CVE-2024/CVE-2024-06xx/CVE-2024-0639.json) (`2024-01-17T17:35:02.713`) -* [CVE-2024-0641](CVE-2024/CVE-2024-06xx/CVE-2024-0641.json) (`2024-01-17T17:35:02.713`) -* [CVE-2024-0646](CVE-2024/CVE-2024-06xx/CVE-2024-0646.json) (`2024-01-17T17:35:02.713`) -* [CVE-2024-0642](CVE-2024/CVE-2024-06xx/CVE-2024-0642.json) (`2024-01-17T17:35:08.140`) -* [CVE-2024-0643](CVE-2024/CVE-2024-06xx/CVE-2024-0643.json) (`2024-01-17T17:35:08.140`) -* [CVE-2024-0645](CVE-2024/CVE-2024-06xx/CVE-2024-0645.json) (`2024-01-17T17:35:08.140`) -* [CVE-2024-0389](CVE-2024/CVE-2024-03xx/CVE-2024-0389.json) (`2024-01-17T17:35:31.857`) -* [CVE-2024-0470](CVE-2024/CVE-2024-04xx/CVE-2024-0470.json) (`2024-01-17T18:27:01.340`) -* [CVE-2024-0471](CVE-2024/CVE-2024-04xx/CVE-2024-0471.json) (`2024-01-17T18:27:15.440`) -* [CVE-2024-0469](CVE-2024/CVE-2024-04xx/CVE-2024-0469.json) (`2024-01-17T18:29:59.303`) -* [CVE-2024-0468](CVE-2024/CVE-2024-04xx/CVE-2024-0468.json) (`2024-01-17T18:30:21.263`) +* [CVE-2023-50930](CVE-2023/CVE-2023-509xx/CVE-2023-50930.json) (`2024-01-17T20:28:33.167`) +* [CVE-2023-50931](CVE-2023/CVE-2023-509xx/CVE-2023-50931.json) (`2024-01-17T20:29:51.137`) +* [CVE-2023-50932](CVE-2023/CVE-2023-509xx/CVE-2023-50932.json) (`2024-01-17T20:30:07.037`) +* [CVE-2023-48248](CVE-2023/CVE-2023-482xx/CVE-2023-48248.json) (`2024-01-17T20:31:27.257`) +* [CVE-2023-48250](CVE-2023/CVE-2023-482xx/CVE-2023-48250.json) (`2024-01-17T20:31:45.153`) +* [CVE-2023-6504](CVE-2023/CVE-2023-65xx/CVE-2023-6504.json) (`2024-01-17T20:32:01.283`) +* [CVE-2023-48251](CVE-2023/CVE-2023-482xx/CVE-2023-48251.json) (`2024-01-17T20:32:27.957`) +* [CVE-2023-48253](CVE-2023/CVE-2023-482xx/CVE-2023-48253.json) (`2024-01-17T20:35:48.133`) +* [CVE-2023-48252](CVE-2023/CVE-2023-482xx/CVE-2023-48252.json) (`2024-01-17T20:37:04.070`) +* [CVE-2023-6737](CVE-2023/CVE-2023-67xx/CVE-2023-6737.json) (`2024-01-17T20:38:08.660`) +* [CVE-2023-6556](CVE-2023/CVE-2023-65xx/CVE-2023-6556.json) (`2024-01-17T20:39:02.927`) +* [CVE-2023-6742](CVE-2023/CVE-2023-67xx/CVE-2023-6742.json) (`2024-01-17T20:39:17.207`) +* [CVE-2023-6645](CVE-2023/CVE-2023-66xx/CVE-2023-6645.json) (`2024-01-17T20:40:42.557`) +* [CVE-2023-6684](CVE-2023/CVE-2023-66xx/CVE-2023-6684.json) (`2024-01-17T20:41:05.143`) +* [CVE-2023-6520](CVE-2023/CVE-2023-65xx/CVE-2023-6520.json) (`2024-01-17T20:43:01.987`) +* [CVE-2023-6634](CVE-2023/CVE-2023-66xx/CVE-2023-6634.json) (`2024-01-17T20:44:44.217`) +* [CVE-2023-42866](CVE-2023/CVE-2023-428xx/CVE-2023-42866.json) (`2024-01-17T20:46:08.067`) +* [CVE-2023-42833](CVE-2023/CVE-2023-428xx/CVE-2023-42833.json) (`2024-01-17T20:50:04.980`) +* [CVE-2023-42865](CVE-2023/CVE-2023-428xx/CVE-2023-42865.json) (`2024-01-17T20:51:12.820`) +* [CVE-2023-42831](CVE-2023/CVE-2023-428xx/CVE-2023-42831.json) (`2024-01-17T20:51:35.577`) +* [CVE-2023-42862](CVE-2023/CVE-2023-428xx/CVE-2023-42862.json) (`2024-01-17T20:51:42.080`) +* [CVE-2023-42830](CVE-2023/CVE-2023-428xx/CVE-2023-42830.json) (`2024-01-17T20:56:33.957`) +* [CVE-2024-22714](CVE-2024/CVE-2024-227xx/CVE-2024-22714.json) (`2024-01-17T19:22:17.977`) +* [CVE-2024-22715](CVE-2024/CVE-2024-227xx/CVE-2024-22715.json) (`2024-01-17T19:22:17.977`) +* [CVE-2024-0310](CVE-2024/CVE-2024-03xx/CVE-2024-0310.json) (`2024-01-17T20:33:20.540`) ## Download and Usage