admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-06T21:00:19.039827+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-06 21:00:22 +00:00
parent 25a3ec6608
commit 73085c0a44
46 changed files with 2710 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2023/CVE-2023-211xx/CVE-2023-21162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21162",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.217",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:57:57.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-211xx/CVE-2023-21163.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21163",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.377",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:58:03.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-211xx/CVE-2023-21164.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21164",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.430",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:58:10.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-211xx/CVE-2023-21166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21166",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.477",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:58:17.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-212xx/CVE-2023-21215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21215",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.523",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:58:23.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-212xx/CVE-2023-21216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21216",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.570",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:58:30.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-212xx/CVE-2023-21217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21217",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.617",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:58:37.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-212xx/CVE-2023-21218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21218",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.667",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:58:43.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Hay elevaci\u00f3n de privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-288xx/CVE-2023-28895.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28895",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-12-01T14:15:07.540",
"lastModified": "2023-12-01T14:49:03.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:56:18.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.\n\nVulnerability found on\u00a0\u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022."
},
{
"lang": "es",
"value": "La contrase\u00f1a para acceder a la consola de depuraci\u00f3n PoWer Controller chip (PWC) del infoentretenimiento MIB3 est\u00e1 codificada en el firmware. La consola permite a los atacantes con acceso f\u00edsico a la unidad MIB3 obtener control total sobre el chip PWC. Vulnerabilidad encontrada en \u0160koda Superb III (3V3) - 2.0 TDI fabricado en 2022."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:preh:mib3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0304",
"matchCriteriaId": "235F232E-9A13-4CB9-8932-CD4760251CDD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:preh:mib3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124BB4C3-02DD-4CE9-81AA-CC8D378B75E4"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/hard-coded-password-for-access-to-power-controller-chip-memory/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-288xx/CVE-2023-28896.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28896",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-12-01T14:15:07.747",
"lastModified": "2023-12-01T14:49:03.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:56:05.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3\u00a0(MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.\n\nVulnerability discovered on\u00a0\u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El acceso a Unified Diagnostics Services (UDS) cr\u00edticos de Modular Infotainment Platform 3 (MIB3) se transmite a trav\u00e9s del bus Controller Area Network (CAN) en una forma que los atacantes con acceso f\u00edsico al veh\u00edculo pueden decodificar f\u00e1cilmente. Vulnerabilidad descubierta en \u0160koda Superb III (3V3) - 2.0 TDI fabricado en 2022."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:preh:mib3_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0304",
"matchCriteriaId": "1025AE60-628B-44BE-B253-AC14D2D7D620"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:preh:mib3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124BB4C3-02DD-4CE9-81AA-CC8D378B75E4"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/cve-2023-28896/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-392xx/CVE-2023-39257.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39257",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-02T05:15:08.080",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:55:05.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.\n\n"
},
{
"lang": "es",
"value": "Dell Rugged Control Center, versi\u00f3n anterior a la 4.7, contiene una vulnerabilidad de control de acceso inadecuado. Un usuario est\u00e1ndar malicioso local podr\u00eda explotar esta vulnerabilidad para modificar el contenido de una carpeta no segura cuando se realiza la reparaci\u00f3n de la instalaci\u00f3n del producto, lo que provocar\u00eda una escalada de privilegios en el sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:rugged_control_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7",
"matchCriteriaId": "01646831-B95F-4537-A0D0-0BE43594030B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000217705/dsa-2023-340",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-436xx/CVE-2023-43628.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-43628",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-12-05T12:15:43.000",
"lastModified": "2023-12-05T18:15:11.920",
"lastModified": "2023-12-06T19:15:07.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability."
"value": "An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability."
},
{
"lang": "es",

96
CVE-2023/CVE-2023-43xx/CVE-2023-4317.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4317",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:10.197",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T19:21:43.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "8CA7AD90-9FD3-42C2-B080-16E710EC77A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "15FC7658-7A3E-4B65-93A9-0CAABC1F339E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "B1AC7763-4EA9-4E9A-8711-FEEA9D111D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*",
"matchCriteriaId": "FAB408DE-FE19-4CD6-B026-44AF7AD36405"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421846",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2089517",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-443xx/CVE-2023-44381.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44381",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:09.573",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:55:24.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15."
},
{
"lang": "es",
"value": "October es Content Management System (CMS) y una plataforma web para ayudar con el flujo de trabajo de desarrollo. Un usuario backend autenticado con los permisos `editor.cms_pages`, `editor.cms_layouts` o `editor.cms_partials` a quien normalmente no se le permitir\u00eda proporcionar c\u00f3digo PHP para que lo ejecute el CMS debido a que `cms.safe_mode` est\u00e1 habilitado puede manipular una solicitud especial para incluir c\u00f3digo PHP en la plantilla CMS. Este problema se solucion\u00f3 en la versi\u00f3n 3.4.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.4.15",
"matchCriteriaId": "19EF8091-8849-4A30-831A-E158A085871B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-443xx/CVE-2023-44382.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44382",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:09.780",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:54:53.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15."
},
{
"lang": "es",
"value": "October es Content Management System (CMS) y una plataforma web para ayudar con el flujo de trabajo de desarrollo. Un usuario backend autenticado con los permisos `editor.cms_pages`, `editor.cms_layouts` o `editor.cms_partials` a quien normalmente no se le permitir\u00eda proporcionar c\u00f3digo PHP para que lo ejecute el CMS debido a que `cms.safe_mode` est\u00e1 habilitado puede escribir c\u00f3digo Twig espec\u00edfico para escapar de la sandbox de Twig y ejecutar PHP arbitrario. Este problema se solucion\u00f3 en 3.4.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.4.15",
"matchCriteriaId": "19EF8091-8849-4A30-831A-E158A085871B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

119
CVE-2023/CVE-2023-444xx/CVE-2023-44402.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44402",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:09.970",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:34:42.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
},
{
"lang": "es",
"value": "Electron es un framework de c\u00f3digo abierto para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Esto solo afecta a las aplicaciones que tienen habilitados los fusibles \"embeddedAsarIntegrityValidation\" y \"onlyLoadAppFromAsar\". Las aplicaciones sin estos fusibles habilitados no se ven afectadas. Este problema es espec\u00edfico de macOS, ya que actualmente estos fusibles solo son compatibles con macOS. Espec\u00edficamente, este problema solo puede explotarse si su aplicaci\u00f3n se inicia desde un sistema de archivos en el que el atacante tambi\u00e9n tiene acceso de escritura, es decir, la capacidad de editar archivos dentro del paquete `.app` en macOS contra el cual se supone que protegen estos fusibles. No existen workarounds en la aplicaci\u00f3n; debe actualizar a una versi\u00f3n parcheada de Electron."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,103 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "22.3.24",
"matchCriteriaId": "6006372D-2948-4C30-9A18-9C5519423031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "23.0.0",
"versionEndIncluding": "23.3.14",
"matchCriteriaId": "5FDAA109-329D-474B-9D23-8EFF99774F76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "24.0.0",
"versionEndIncluding": "24.8.3",
"matchCriteriaId": "2164B3AC-FCFB-4D1B-9963-8E697F2C3A42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "25.0.0",
"versionEndIncluding": "25.8.1",
"matchCriteriaId": "2A10085B-F308-4465-B350-B57CFF2664FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "26.0.0",
"versionEndIncluding": "26.2.1",
"matchCriteriaId": "834EBAA7-160F-48CE-889A-D0D764EB6AB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "6AE1C9EE-76CF-406C-96E4-3BC2F84A1CEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "79F654E8-C55B-43D3-8583-7918F830934B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "39B4D77B-02AE-4ED1-BA12-F147FAAD5C92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "AE44F8C9-B82B-4150-9491-AA9FDCF355F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "2D68602C-470C-4278-B282-F4F992F349B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "F930816D-73B0-4FF9-B7C2-E5F1C83F88E7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/electron/electron/pull/39788",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-463xx/CVE-2023-46326.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-46326",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.330",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T19:46:54.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation."
},
{
"lang": "es",
"value": "ZStack Cloud versi\u00f3n 3.10.38 y anteriores permite el acceso API no autenticado a la lista de UUID de trabajos activos y al ID de sesi\u00f3n para cada uno de ellos. Esto conduce a una escalada de privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zstack:zstack:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.10.38",
"matchCriteriaId": "ECBBB9BF-7859-4003-A194-88990835C074"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zstackio/zstack/security/advisories/GHSA-w2rv-x3pp-h67q",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-467xx/CVE-2023-46746.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46746",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.167",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:31:27.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "PostHog proporciona an\u00e1lisis de productos de c\u00f3digo abierto, grabaci\u00f3n de sesiones, marcado de funciones y pruebas A/B que usted mismo puede alojar. En Posthog se encontr\u00f3 server-side request forgery (SSRF), que s\u00f3lo puede ser explotada por usuarios autenticados. Posthog no verific\u00f3 si una URL era local al habilitar los webhooks, lo que permiti\u00f3 a los usuarios autenticados falsificar una solicitud POST. Esta vulnerabilidad se solucion\u00f3 en `22bd5942` y se incluir\u00e1 en versiones posteriores. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:posthog:posthog:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.43.1",
"matchCriteriaId": "DA68EBBF-D850-4812-BEF5-05E2EDE7FA28"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PostHog/posthog/commit/22bd5942638d5d9bc4bd603a9bfe8f8a95572292",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PostHog/posthog/security/advisories/GHSA-wqqw-r8c5-j67c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-467xx/CVE-2023-46751.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-46751",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T20:15:07.163",
"lastModified": "2023-12-06T20:15:07.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer."
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707264",
"source": "cve@mitre.org"
},
{
"url": "https://ghostscript.com/",
"source": "cve@mitre.org"
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=dcdbc595c13c9d11d235702dff46bb74c80f7698",
"source": "cve@mitre.org"
}
]
}

77
CVE-2023/CVE-2023-46xx/CVE-2023-4658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4658",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:10.807",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T19:22:50.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.13.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "ED3112DB-4343-44FC-BF0C-91336099167C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423835",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2104540",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-473xx/CVE-2023-47307.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-47307",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T23:15:07.953",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T19:29:24.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en /apply.cgi en Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 permite a atacantes provocar una denegaci\u00f3n de servicio a trav\u00e9s del par\u00e1metro ApCliAuthMode."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:szlbt:lbt-t300-t310_firmware:2.2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F69BCC70-7917-4625-B03A-C0EA49819AB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:szlbt:lbt-t300-t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A05E178-573F-4CEE-897D-FC72415CB0F7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/forever-more-cjy/overflow/blob/main/LBT-T310%20Buffer%20overflow.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-481xx/CVE-2023-48123.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-48123",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T20:15:07.240",
"lastModified": "2023-12-06T20:15:07.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.netgate.com/downloads/pfSense-SA-23_11.webgui.asc",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pfsense/pfsense/commit/f72618c4abb61ea6346938d0c93df9078736b775",
"source": "cve@mitre.org"
},
{
"url": "https://redmine.pfsense.org/issues/14809",
"source": "cve@mitre.org"
}
]
}

51
CVE-2023/CVE-2023-483xx/CVE-2023-48314.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48314",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.360",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:29:23.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Collabora Online es una suite ofim\u00e1tica colaborativa en l\u00ednea basada en la tecnolog\u00eda LibreOffice. Los usuarios de Nextcloud con la aplicaci\u00f3n CODE Server incorporada de Collabora Online pueden ser vulnerables a ataques a trav\u00e9s de proxy.php. Esta vulnerabilidad se ha corregido en Collabora Online - Servidor CODE integrado (richdocumentscode) versi\u00f3n 23.5.403. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:collaboraoffice:collabora_online:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.5.403",
"matchCriteriaId": "3315E6BB-96DD-4D90-8926-A309F3DDBF2B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-488xx/CVE-2023-48801.json
View File

@ -2,23 +2,99 @@
"id": "CVE-2023-48801",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T23:15:07.840",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:20:21.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability."
},
{
"lang": "es",
"value": "En TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, la funci\u00f3n del archivo shttpd sub_415534 obtiene campos del front-end, los conecta a trav\u00e9s de la funci\u00f3n snprintf y los pasa a la funci\u00f3n CsteSystem, lo que genera una vulnerabilidad de ejecuci\u00f3n de comandos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://palm-jump-676.notion.site/CVE-2023-48801-40d4553fc7a649fe833201fcecf76f2b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.notion.so/X6000R-sub_415534-40d4553fc7a649fe833201fcecf76f2b?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-488xx/CVE-2023-48803.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-48803",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T18:15:07.770",
"lastModified": "2023-11-30T18:18:28.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T19:14:15.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability."
},
{
"lang": "es",
"value": "En TOTOLINK X6000R V9.4.0cu.852_B20230719, el archivo shttpd, la funci\u00f3n sub_4119A0 obtiene campos del front-end a trav\u00e9s de Uci_ Set_. La funci\u00f3n Str cuando se pasa a la funci\u00f3n CsteSystem crea una vulnerabilidad de ejecuci\u00f3n de comandos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/X6000R-sub_4119A0-4-aead0a851416422ea2e282409eec3351?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-488xx/CVE-2023-48886.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-48886",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T23:15:07.920",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:20:06.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de deserializaci\u00f3n en NettyRpc v1.2 permite a los atacantes ejecutar comandos arbitrarios enviando una solicitud RPC manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:luxiaoxun:nettyrpc:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "950F4B86-CD1E-4630-B86F-B14F7439FF04"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/luxiaoxun/NettyRpc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/luxiaoxun/NettyRpc/issues/53",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

77
CVE-2023/CVE-2023-488xx/CVE-2023-48887.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-48887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T23:15:07.967",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:14:56.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de deserializaci\u00f3n en Jupiter v1.3.1 permite a los atacantes ejecutar comandos arbitrarios enviando una solicitud RPC manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fengjiachun:jupiter:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B5331-436C-4FB7-86F3-3CFC618F4E68"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/fengjiachun/Jupiter",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/fengjiachun/Jupiter/issues/115",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/welk1n/JNDI-Injection-Exploit/releases/tag/v1.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

75
CVE-2023/CVE-2023-490xx/CVE-2023-49096.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-49096",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-06T20:15:07.287",
"lastModified": "2023-12-06T20:15:07.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos/<itemId>/stream` and `/Videos/<itemId>/stream.<container>` endpoints which are present in the current Jellyfin version. Additional endpoints in the AudioController might also be vulnerable, as they differ only slightly in execution. Those endpoints are reachable by an unauthenticated user. In order to exploit this vulnerability an unauthenticated attacker has to guess an itemId, which is a completely random GUID. It\u2019s a very unlikely case even for a large media database with lots of items. Without an additional information leak, this vulnerability shouldn\u2019t be directly exploitable, even if the instance is reachable from the Internet. There are a lot of query parameters that get accepted by the method. At least two of those, videoCodec and audioCodec are vulnerable to the argument injection. The values can be traced through a lot of code and might be changed in the process. However, the fallback is to always use them as-is, which means we can inject our own arguments. Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can\u2019t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. There is probably a way of overwriting an arbitrary file with malicious content. This vulnerability has been addressed in version 10.8.13. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/88.html",
"source": "security-advisories@github.com"
},
{
"url": "https://en.wikipedia.org/wiki/Pass_the_hash",
"source": "security-advisories@github.com"
},
{
"url": "https://ffmpeg.org/ffmpeg-filters.html#drawtext-1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jellyfin/jellyfin/commit/a656799dc879d16d21bf2ce7ad412ebd5d45394a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jellyfin/jellyfin/issues/5415",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-866x-wj5j-2vf4",
"source": "security-advisories@github.com"
}
]
}

58
CVE-2023/CVE-2023-492xx/CVE-2023-49276.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49276",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.563",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:29:13.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Uptime Kuma es una herramienta de monitoreo autohospedada de c\u00f3digo abierto. En las versiones afectadas, el elemento Google Analytics es vulnerable a la inyecci\u00f3n de atributos que conduce a Cross-Site-Scripting (XSS). Dado que la interfaz de estado personalizada puede establecer un ID de Google Analytics independiente y la plantilla no ha sido sanitizada, aqu\u00ed existe una vulnerabilidad de inyecci\u00f3n de atributos, que puede provocar ataques XSS. Esta vulnerabilidad se ha solucionado en el commit `f28dccf4e` que se incluye en la versi\u00f3n 1.23.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.20.0",
"versionEndExcluding": "1.23.7",
"matchCriteriaId": "738D525E-0E73-4F2D-BFE6-47646D61CD65"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/louislam/uptime-kuma/commit/f28dccf4e11f041564293e4f407e69ab9ee2277f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-v4v2-8h88-65qj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-492xx/CVE-2023-49277.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49277",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T21:15:08.857",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:55:31.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability."
},
{
"lang": "es",
"value": "dpaste es una aplicaci\u00f3n de Pastebin de c\u00f3digo abierto escrita en Python utilizando el framework Django. Se ha identificado una vulnerabilidad de seguridad en el par\u00e1metro de caducidad de la API dpaste, lo que permite un ataque POST Reflected XSS. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo JavaScript arbitrario en el contexto del navegador de un usuario, lo que podr\u00eda provocar acceso no autorizado, robo de datos u otras actividades maliciosas. Se recomienda encarecidamente a los usuarios que actualicen a la versi\u00f3n v3.8 de dpaste o versiones posteriores, ya que las versiones de dpaste anteriores a la v3.8 son susceptibles a vulnerabilidad de seguridad identificada. No se han identificado workarounds conocidos y aplicar el parche es la forma m\u00e1s eficaz de remediar la vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:darrennathanael:dpaste:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8",
"matchCriteriaId": "52C6FF15-547C-4FAF-B1EC-4E0C090D9A69"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DarrenOfficial/dpaste/commit/44a666a79b3b29ed4f340600bfcf55113bfb7086",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/DarrenOfficial/dpaste/security/advisories/GHSA-r8j9-5cj7-cv39",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-492xx/CVE-2023-49281.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49281",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.760",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:27:26.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. "
},
{
"lang": "es",
"value": "Calendarinho es una aplicaci\u00f3n de calendario de c\u00f3digo abierto para gestionar grandes equipos de consultores. Se produce un problema de Open Redirect cuando una aplicaci\u00f3n web redirige a los usuarios a URL externas sin la validaci\u00f3n adecuada. Esto puede provocar ataques de phishing, en los que se enga\u00f1a a los usuarios para que visiten sitios maliciosos, lo que podr\u00eda provocar robo de informaci\u00f3n y da\u00f1os a la reputaci\u00f3n del sitio web utilizado para la redirecci\u00f3n. El problema se solucion\u00f3 en el commit `15b2393`. Se recomienda a los usuarios que actualicen a un commit posterior a `15b2393`. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cainor:calendarinho:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-10-11",
"matchCriteriaId": "8D975889-305E-45BB-9FB9-C48AB8019E9B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Cainor/Calendarinho/commit/15b2393efd69101727d27a4e710880ce46e84d70",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Cainor/Calendarinho/commit/9a0174bef939565a76cbe7762996ecddca9ba55e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Cainor/Calendarinho/commit/c77defeb0103c1f7a4709799b8751aaeb0d09eed",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Cainor/Calendarinho/security/advisories/GHSA-g2gp-x888-6xrj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-499xx/CVE-2023-49926.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-49926",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-03T03:15:07.593",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:51:09.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget."
},
{
"lang": "es",
"value": "app/Lib/Tools/EventTimelineTool.php en MISP anterior a 2.4.179 permite XSS en el widget de l\u00ednea de tiempo de eventos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.179",
"matchCriteriaId": "181D80EC-D9FA-4EE9-AB6D-64CF451F8BED"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/dc73287ee2000476e3a5800ded402825ca10f7e8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.178...v2.4.179",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

77
CVE-2023/CVE-2023-49xx/CVE-2023-4912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4912",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-01T07:15:11.387",
"lastModified": "2023-12-05T12:15:44.170",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-06T19:50:26.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "10.5.0",
"versionEndExcluding": "16.4.3",
"matchCriteriaId": "582A4F39-AFFB-4F2F-AEEE-DE4CFF955576"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.3",
"matchCriteriaId": "6B77E904-2562-4F78-A787-7F51871054BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D5674D6-E26B-4F62-9B59-C15DEEDDB4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424882",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2137421",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-54xx/CVE-2023-5427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5427",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-12-01T11:15:07.980",
"lastModified": "2023-12-04T16:15:12.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:56:58.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para obtener acceso a la memoria ya liberada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "arm-security@arm.com",
"type": "Secondary",
@ -27,14 +60,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r44p0",
"versionEndExcluding": "r46p0",
"matchCriteriaId": "06D1F37D-D25D-42CA-AF3A-5E7D239BDFE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r44p0",
"versionEndExcluding": "r46p0",
"matchCriteriaId": "3A7D4429-1C36-496C-BF64-BC48C0F907CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r44p0",
"versionEndExcluding": "r46p0",
"matchCriteriaId": "4CFE2FBA-96F3-424F-892D-04568BD1E605"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176029/ARM-Mali-r44p0-Use-After-Free.html",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-59xx/CVE-2023-5908.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5908",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-30T22:15:09.923",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T19:57:54.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\n\n\n\n\n"
},
{
"lang": "es",
"value": "KEPServerEX es vulnerable a un desbordamiento del b\u00fafer que puede permitir que un atacante bloquee el producto al que se accede o filtre informaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.614",
"matchCriteriaId": "FAC36939-C47F-4426-A684-0252C014CB05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "3C003AF3-3140-4AD9-8407-D3C216D72AA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14",
"matchCriteriaId": "B0A4FE5D-D1DD-4854-B709-3E0A54D6BE97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.7",
"matchCriteriaId": "E8B99ED4-CEB0-463D-9900-426C6108A009"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "14930935-3DE4-403F-9F6A-9E4490C3B95D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "40663AD6-24DE-4D75-AA95-0D4E6A2ADF04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "CB7C7A8B-38A0-4A48-B78A-F5FAA2A9E20F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

103
CVE-2023/CVE-2023-59xx/CVE-2023-5909.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5909",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-30T22:15:10.163",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T19:54:23.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "KEPServerEX no valida adecuadamente los certificados de los clientes, lo que puede permitir que se conecten usuarios no autenticados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.614",
"matchCriteriaId": "FAC36939-C47F-4426-A684-0252C014CB05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "3C003AF3-3140-4AD9-8407-D3C216D72AA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14",
"matchCriteriaId": "B0A4FE5D-D1DD-4854-B709-3E0A54D6BE97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.7",
"matchCriteriaId": "E8B99ED4-CEB0-463D-9900-426C6108A009"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "14930935-3DE4-403F-9F6A-9E4490C3B95D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "40663AD6-24DE-4D75-AA95-0D4E6A2ADF04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.14.263.0",
"matchCriteriaId": "CB7C7A8B-38A0-4A48-B78A-F5FAA2A9E20F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

6
CVE-2023/CVE-2023-60xx/CVE-2023-6019.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6019",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:08.830",
"lastModified": "2023-12-01T15:22:26.807",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-06T20:15:07.523",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.\n\n"
"value": "A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-... https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 \n"
},
{
"lang": "es",

6
CVE-2023/CVE-2023-60xx/CVE-2023-6020.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6020",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T21:15:09.443",
"lastModified": "2023-12-01T15:22:23.380",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-06T20:15:07.637",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n\n"
"value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-... https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 "
},
{
"lang": "es",

6
CVE-2023/CVE-2023-60xx/CVE-2023-6021.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6021",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:09.020",
"lastModified": "2023-12-01T15:22:19.813",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-06T20:15:07.740",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n\n"
"value": "LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 "
},
{
"lang": "es",

79
CVE-2023/CVE-2023-64xx/CVE-2023-6449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6449",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-01T11:15:08.310",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:56:48.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,26 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.8.4",
"matchCriteriaId": "CEC7BD65-A3F1-4800-A8F4-E0C6322CEBB0"
}
]
}
]
}
],
"references": [
{
"url": "https://contactform7.com/2023/11/30/contact-form-7-584/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/rocklobster-in/contact-form-7/compare/v5.8.3...v5.8.4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7/tags/5.8.3/includes/formatting.php#L275",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3003556/contact-form-7",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-64xx/CVE-2023-6462.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-01T22:15:10.960",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:20:30.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester User Registration and Login System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /endpoint/delete-user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento usuario conduce a cross-site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-246612."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:user_registration_and_login_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D8C849-F36A-4939-8822-1A056EC68C26"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qqisee/vulndis/blob/main/xss_delete_user.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246612",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246612",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-64xx/CVE-2023-6463.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-01T23:15:08.023",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:10:36.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester User Registration and Login System 1.0 y se clasific\u00f3 como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /endpoint/add-user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento first_name conduce a cross-site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-246613."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:user_registration_and_login_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D8C849-F36A-4939-8822-1A056EC68C26"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qqisee/vulndis/blob/main/xss_add_user.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246613",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246613",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-64xx/CVE-2023-6464.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6464",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-02T09:15:42.160",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:48:36.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester User Registration and Login System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /endpoint/add-user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento usuario conduce a la inyecci\u00f3n SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-246614 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:user_registration_and_login_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D8C849-F36A-4939-8822-1A056EC68C26"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qqisee/vulndis/blob/main/sqlInjection_delete_user.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246614",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246614",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-64xx/CVE-2023-6465.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6465",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-02T12:15:06.933",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:51:35.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Nipah Virus Testing Management System 1.0. Ha sido clasificada como problem\u00e1tica. Una parte desconocida del archivologging-user-testing.php afecta a una parte desconocida. La manipulaci\u00f3n del argumento n\u00famero de registro conduce a cross-site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-246615."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:nipah_virus_testing_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D720C8-26A6-4C73-974C-285291A71100"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dhabaleshwar/niv_testing_reflectedxss/blob/main/exploit.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246615",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246615",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-64xx/CVE-2023-6467.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6467",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-02T14:15:07.647",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-06T20:33:19.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Thecosy IceCMS 2.0.1. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /Websquare/likeClickComment/ del componente Comment Like Handler. La manipulaci\u00f3n conduce a la ejecuci\u00f3n inadecuada de una acci\u00f3n \u00fanica y \u00fanica. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-246617."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BFA839-61F5-4B6F-9A53-5BF6F0DADF20"
}
]
}
]
}
],
"references": [
{
"url": "http://39.106.130.187/wenjian/2.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246617",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246617",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-06T19:00:18.767547+00:00
2023-12-06T21:00:19.039827+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-06T18:59:59.893000+00:00
2023-12-06T20:58:43.987000+00:00
```
### Last Data Feed Release
@ -29,47 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232418
232421
```
### CVEs added in the last Commit
Recently added CVEs: `3`
* [CVE-2023-39326](CVE-2023/CVE-2023-393xx/CVE-2023-39326.json) (`2023-12-06T17:15:07.147`)
* [CVE-2023-45285](CVE-2023/CVE-2023-452xx/CVE-2023-45285.json) (`2023-12-06T17:15:07.320`)
* [CVE-2023-6393](CVE-2023/CVE-2023-63xx/CVE-2023-6393.json) (`2023-12-06T17:15:07.377`)
* [CVE-2023-46751](CVE-2023/CVE-2023-467xx/CVE-2023-46751.json) (`2023-12-06T20:15:07.163`)
* [CVE-2023-48123](CVE-2023/CVE-2023-481xx/CVE-2023-48123.json) (`2023-12-06T20:15:07.240`)
* [CVE-2023-49096](CVE-2023/CVE-2023-490xx/CVE-2023-49096.json) (`2023-12-06T20:15:07.287`)
### CVEs modified in the last Commit
Recently modified CVEs: `66`
Recently modified CVEs: `42`
* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-12-06T18:47:43.140`)
* [CVE-2023-48894](CVE-2023/CVE-2023-488xx/CVE-2023-48894.json) (`2023-12-06T18:48:22.700`)
* [CVE-2023-47207](CVE-2023/CVE-2023-472xx/CVE-2023-47207.json) (`2023-12-06T18:48:48.427`)
* [CVE-2023-46690](CVE-2023/CVE-2023-466xx/CVE-2023-46690.json) (`2023-12-06T18:49:11.797`)
* [CVE-2023-32268](CVE-2023/CVE-2023-322xx/CVE-2023-32268.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-6288](CVE-2023/CVE-2023-62xx/CVE-2023-6288.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-48859](CVE-2023/CVE-2023-488xx/CVE-2023-48859.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-36655](CVE-2023/CVE-2023-366xx/CVE-2023-36655.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-39538](CVE-2023/CVE-2023-395xx/CVE-2023-39538.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-39539](CVE-2023/CVE-2023-395xx/CVE-2023-39539.json) (`2023-12-06T18:49:19.267`)
* [CVE-2023-26024](CVE-2023/CVE-2023-260xx/CVE-2023-26024.json) (`2023-12-06T18:51:10.323`)
* [CVE-2023-5995](CVE-2023/CVE-2023-59xx/CVE-2023-5995.json) (`2023-12-06T18:52:42.327`)
* [CVE-2023-42006](CVE-2023/CVE-2023-420xx/CVE-2023-42006.json) (`2023-12-06T18:52:49.500`)
* [CVE-2023-6033](CVE-2023/CVE-2023-60xx/CVE-2023-6033.json) (`2023-12-06T18:53:10.447`)
* [CVE-2023-48893](CVE-2023/CVE-2023-488xx/CVE-2023-48893.json) (`2023-12-06T18:53:44.693`)
* [CVE-2023-48813](CVE-2023/CVE-2023-488xx/CVE-2023-48813.json) (`2023-12-06T18:53:57.517`)
* [CVE-2023-48842](CVE-2023/CVE-2023-488xx/CVE-2023-48842.json) (`2023-12-06T18:54:07.467`)
* [CVE-2023-4518](CVE-2023/CVE-2023-45xx/CVE-2023-4518.json) (`2023-12-06T18:55:10.680`)
* [CVE-2023-5226](CVE-2023/CVE-2023-52xx/CVE-2023-5226.json) (`2023-12-06T18:57:33.787`)
* [CVE-2023-49371](CVE-2023/CVE-2023-493xx/CVE-2023-49371.json) (`2023-12-06T18:58:20.680`)
* [CVE-2023-45168](CVE-2023/CVE-2023-451xx/CVE-2023-45168.json) (`2023-12-06T18:58:31.920`)
* [CVE-2023-5637](CVE-2023/CVE-2023-56xx/CVE-2023-5637.json) (`2023-12-06T18:59:08.660`)
* [CVE-2023-5636](CVE-2023/CVE-2023-56xx/CVE-2023-5636.json) (`2023-12-06T18:59:28.783`)
* [CVE-2023-5635](CVE-2023/CVE-2023-56xx/CVE-2023-5635.json) (`2023-12-06T18:59:51.757`)
* [CVE-2023-5634](CVE-2023/CVE-2023-56xx/CVE-2023-5634.json) (`2023-12-06T18:59:59.893`)
* [CVE-2023-49281](CVE-2023/CVE-2023-492xx/CVE-2023-49281.json) (`2023-12-06T20:27:26.550`)
* [CVE-2023-49276](CVE-2023/CVE-2023-492xx/CVE-2023-49276.json) (`2023-12-06T20:29:13.000`)
* [CVE-2023-48314](CVE-2023/CVE-2023-483xx/CVE-2023-48314.json) (`2023-12-06T20:29:23.740`)
* [CVE-2023-46746](CVE-2023/CVE-2023-467xx/CVE-2023-46746.json) (`2023-12-06T20:31:27.170`)
* [CVE-2023-6467](CVE-2023/CVE-2023-64xx/CVE-2023-6467.json) (`2023-12-06T20:33:19.333`)
* [CVE-2023-44402](CVE-2023/CVE-2023-444xx/CVE-2023-44402.json) (`2023-12-06T20:34:42.520`)
* [CVE-2023-6464](CVE-2023/CVE-2023-64xx/CVE-2023-6464.json) (`2023-12-06T20:48:36.220`)
* [CVE-2023-49926](CVE-2023/CVE-2023-499xx/CVE-2023-49926.json) (`2023-12-06T20:51:09.867`)
* [CVE-2023-6465](CVE-2023/CVE-2023-64xx/CVE-2023-6465.json) (`2023-12-06T20:51:35.523`)
* [CVE-2023-44382](CVE-2023/CVE-2023-443xx/CVE-2023-44382.json) (`2023-12-06T20:54:53.870`)
* [CVE-2023-39257](CVE-2023/CVE-2023-392xx/CVE-2023-39257.json) (`2023-12-06T20:55:05.077`)
* [CVE-2023-44381](CVE-2023/CVE-2023-443xx/CVE-2023-44381.json) (`2023-12-06T20:55:24.417`)
* [CVE-2023-49277](CVE-2023/CVE-2023-492xx/CVE-2023-49277.json) (`2023-12-06T20:55:31.683`)
* [CVE-2023-28896](CVE-2023/CVE-2023-288xx/CVE-2023-28896.json) (`2023-12-06T20:56:05.353`)
* [CVE-2023-28895](CVE-2023/CVE-2023-288xx/CVE-2023-28895.json) (`2023-12-06T20:56:18.560`)
* [CVE-2023-6449](CVE-2023/CVE-2023-64xx/CVE-2023-6449.json) (`2023-12-06T20:56:48.923`)
* [CVE-2023-5427](CVE-2023/CVE-2023-54xx/CVE-2023-5427.json) (`2023-12-06T20:56:58.567`)
* [CVE-2023-21162](CVE-2023/CVE-2023-211xx/CVE-2023-21162.json) (`2023-12-06T20:57:57.817`)
* [CVE-2023-21163](CVE-2023/CVE-2023-211xx/CVE-2023-21163.json) (`2023-12-06T20:58:03.277`)
* [CVE-2023-21164](CVE-2023/CVE-2023-211xx/CVE-2023-21164.json) (`2023-12-06T20:58:10.400`)
* [CVE-2023-21166](CVE-2023/CVE-2023-211xx/CVE-2023-21166.json) (`2023-12-06T20:58:17.677`)
* [CVE-2023-21215](CVE-2023/CVE-2023-212xx/CVE-2023-21215.json) (`2023-12-06T20:58:23.767`)
* [CVE-2023-21216](CVE-2023/CVE-2023-212xx/CVE-2023-21216.json) (`2023-12-06T20:58:30.607`)
* [CVE-2023-21217](CVE-2023/CVE-2023-212xx/CVE-2023-21217.json) (`2023-12-06T20:58:37.277`)
* [CVE-2023-21218](CVE-2023/CVE-2023-212xx/CVE-2023-21218.json) (`2023-12-06T20:58:43.987`)
## Download and Usage