admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-09 03:57:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-19T23:00:24.337297+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-19 23:00:27 +00:00
parent 3cfdbc45a2
commit 7384c37e6d
28 changed files with 1351 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-434xx/CVE-2022-43450.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-43450",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:07.267",
"lastModified": "2023-12-19T22:15:07.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/stream/wordpress-stream-plugin-3-9-2-auth-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-358xx/CVE-2023-35883.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35883",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:07.687",
"lastModified": "2023-12-19T21:15:07.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/core-web-vitals-pagespeed-booster/wordpress-core-web-vitals-pagespeed-booster-plugin-1-0-12-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

81
CVE-2023/CVE-2023-35xx/CVE-2023-3511.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3511",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:43.053",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T21:14:37.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 8.17 anteriores a 16.4.4, todas las versiones desde 16.5 anteriores a 16.5.4, todas las versiones desde 16.6 anteriores a 16.6.2. Los usuarios auditores pudieron bifurcar y enviar solicitudes de fusi\u00f3n a proyectos privados de los que no son miembros."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.17",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "FF46E870-A12D-45CF-9265-63BEC4068D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "B9D88266-872E-4BD9-B3DF-D1C540E66AFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "D5C45787-C8C9-432E-8DAF-6F5264BBE0B3"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416961",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2046752",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37982.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37982",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:07.897",
"lastModified": "2023-12-19T21:15:07.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-381xx/CVE-2023-38126.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38126",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-12-19T22:15:07.460",
"lastModified": "2023-12-19T22:15:07.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1058/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

80
CVE-2023/CVE-2023-39xx/CVE-2023-3904.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3904",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:43.387",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T21:41:11.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones anteriores a 16.4.4, todas las versiones anteriores a 16.5 anteriores a 16.5.4, todas las versiones anteriores a 16.6 anteriores a 16.6.2. Ha sido posble hacer un desbordamiento del tiempo dedicado a un issue que alter\u00f3 los detalles mostrados en los tableros de issues."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "8C804A75-C14D-4AD1-8347-3F85B8889C5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "B9D88266-872E-4BD9-B3DF-D1C540E66AFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "D5C45787-C8C9-432E-8DAF-6F5264BBE0B3"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418226",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2053154",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

6
CVE-2023/CVE-2023-428xx/CVE-2023-42883.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42883",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.330",
"lastModified": "2023-12-18T04:15:48.663",
"lastModified": "2023-12-19T21:15:08.097",
"vulnStatus": "Modified",
"descriptions": [
{
@ -213,6 +213,10 @@
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5580",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42940.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42940",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-19T22:15:07.630",
"lastModified": "2023-12-19T22:15:07.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214048",
"source": "product-security@apple.com"
}
]
}

6
CVE-2023/CVE-2023-438xx/CVE-2023-43826.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43826",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T20:15:08.300",
"lastModified": "2023-12-19T20:15:08.300",
"lastModified": "2023-12-19T21:15:08.190",
"vulnStatus": "Received",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/4",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6",
"source": "security@apache.org"

55
CVE-2023/CVE-2023-466xx/CVE-2023-46624.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46624",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:07.673",
"lastModified": "2023-12-19T22:15:07.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-parcel-pro/wordpress-parcel-pro-plugin-1-6-3-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-471xx/CVE-2023-47146.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47146",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-19T22:15:07.863",
"lastModified": "2023-12-19T22:15:07.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270372",
"source": "psirt@us.ibm.com"
},
{
"url": "https://https://www.ibm.com/support/pages/node/7099297",
"source": "psirt@us.ibm.com"
}
]
}

20
CVE-2023/CVE-2023-472xx/CVE-2023-47267.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T22:15:08.060",
"lastModified": "2023-12-19T22:15:08.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file."
}
],
"metrics": {},
"references": [
{
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48327.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48327",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.290",
"lastModified": "2023-12-19T21:15:08.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors \u2013 WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors \u2013 WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wc-vendors/wordpress-wc-vendors-marketplace-plugin-2-4-7-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48738.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48738",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.527",
"lastModified": "2023-12-19T21:15:08.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/porto-functionality/wordpress-porto-theme-functionality-plugin-2-11-1-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48741.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48741",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.737",
"lastModified": "2023-12-19T21:15:08.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48764.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.943",
"lastModified": "2023-12-19T21:15:08.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection \u2013 Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection \u2013 Stop Brute Force Attacks: from n/a through 2.2.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/guardgiant/wordpress-wordpress-brute-force-protection-stop-brute-force-attacks-plugin-2-2-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-490xx/CVE-2023-49004.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49004",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T22:15:08.103",
"lastModified": "2023-12-19T22:15:08.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md",
"source": "cve@mitre.org"
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49159.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49159",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:43.710",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T22:54:58.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Elegant Digital Solutions CommentLuv. Este problema afecta a CommentLuv: desde n/a hasta 3.0.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sean-barton:commentluv:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.4",
"matchCriteriaId": "ED222DCB-9765-4D37-AB61-556712C663DD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/commentluv/wordpress-commentluv-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49164.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49164",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:08.143",
"lastModified": "2023-12-19T22:15:08.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ocean-extra/wordpress-ocean-extra-plugin-2-2-2-csrf-leading-to-arbitrary-plugin-activation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49750.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49750",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.137",
"lastModified": "2023-12-19T21:15:09.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/couponis/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49764.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.333",
"lastModified": "2023-12-19T21:15:09.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-database-cleaner/wordpress-advanced-database-cleaner-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49812.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.530",
"lastModified": "2023-12-19T21:15:09.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-504xx/CVE-2023-50466.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50466",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T21:15:09.740",
"lastModified": "2023-12-19T21:15:09.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://literate-bakery-10b.notion.site/Weintek-EasyWeb-cMT-Reports-3fc0b10798b54f51a61d719395c408da?pvs=4",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50835.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50835",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:08.330",
"lastModified": "2023-12-19T22:15:08.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a through 0.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-category-template/wordpress-advanced-category-template-plugin-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

102
CVE-2023/CVE-2023-50xx/CVE-2023-5061.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5061",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:45.930",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T22:55:31.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 9.3 anteriores a 16.4.4, todas las versiones desde 16.5 anteriores a 16.5.4, todas las versiones desde 16.6 anteriores a 16.6.2. En determinadas situaciones, es posible que los desarrolladores hayan podido anular las variables de CI predefinidas a trav\u00e9s de la API REST."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "6343DEF7-EABF-4327-B171-DB8A8F2E46F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "27D94FEC-A537-428F-AEE2-B4E35F6BAADB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "3C213E8A-B47E-4D1F-8253-90CB866744F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "E6EBFF85-99EE-48D7-8991-02AA59E78374"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "17596227-79F6-439A-89EC-B87F03EF73AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "53E94AC5-C346-4511-B68C-DC0D86E575FC"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425521",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2125189",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

102
CVE-2023/CVE-2023-55xx/CVE-2023-5512.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5512",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-15T16:15:46.300",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T22:56:44.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 16.3 anteriores a 16.4.4, todas las versiones desde 16.5 anteriores a 16.5.4, todas las versiones desde 16.6 anteriores a 16.6.2. La integridad del archivo puede verse comprometida cuando se utiliza una codificaci\u00f3n HTML espec\u00edfica para nombres de archivos que provocan una representaci\u00f3n incorrecta en la interfaz de usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "FC12E182-B115-419E-B2DF-AC30E3EF5F10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.4.4",
"matchCriteriaId": "E4A325F9-7186-4061-B299-106849B7A5DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "3C213E8A-B47E-4D1F-8253-90CB866744F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.5.4",
"matchCriteriaId": "E6EBFF85-99EE-48D7-8991-02AA59E78374"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "17596227-79F6-439A-89EC-B87F03EF73AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.2",
"matchCriteriaId": "53E94AC5-C346-4511-B68C-DC0D86E575FC"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427827",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2194607",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

6
CVE-2023/CVE-2023-62xx/CVE-2023-6265.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6265",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-22T20:15:09.600",
"lastModified": "2023-11-30T05:04:31.060",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-19T21:15:09.793",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported."
"value": "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported."
},
{
"lang": "es",

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-19T21:00:24.455304+00:00
2023-12-19T23:00:24.337297+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-19T20:53:28.300000+00:00
2023-12-19T22:56:44.743000+00:00
```
### Last Data Feed Release
@ -29,53 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233760
233779
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `19`
* [CVE-2023-49706](CVE-2023/CVE-2023-497xx/CVE-2023-49706.json) (`2023-12-19T19:15:07.800`)
* [CVE-2023-34027](CVE-2023/CVE-2023-340xx/CVE-2023-34027.json) (`2023-12-19T20:15:07.140`)
* [CVE-2023-34382](CVE-2023/CVE-2023-343xx/CVE-2023-34382.json) (`2023-12-19T20:15:07.340`)
* [CVE-2023-38478](CVE-2023/CVE-2023-384xx/CVE-2023-38478.json) (`2023-12-19T20:15:07.527`)
* [CVE-2023-38481](CVE-2023/CVE-2023-384xx/CVE-2023-38481.json) (`2023-12-19T20:15:07.717`)
* [CVE-2023-40602](CVE-2023/CVE-2023-406xx/CVE-2023-40602.json) (`2023-12-19T20:15:07.920`)
* [CVE-2023-41648](CVE-2023/CVE-2023-416xx/CVE-2023-41648.json) (`2023-12-19T20:15:08.113`)
* [CVE-2023-43826](CVE-2023/CVE-2023-438xx/CVE-2023-43826.json) (`2023-12-19T20:15:08.300`)
* [CVE-2023-45105](CVE-2023/CVE-2023-451xx/CVE-2023-45105.json) (`2023-12-19T20:15:08.530`)
* [CVE-2022-43450](CVE-2022/CVE-2022-434xx/CVE-2022-43450.json) (`2023-12-19T22:15:07.267`)
* [CVE-2023-35883](CVE-2023/CVE-2023-358xx/CVE-2023-35883.json) (`2023-12-19T21:15:07.687`)
* [CVE-2023-37982](CVE-2023/CVE-2023-379xx/CVE-2023-37982.json) (`2023-12-19T21:15:07.897`)
* [CVE-2023-48327](CVE-2023/CVE-2023-483xx/CVE-2023-48327.json) (`2023-12-19T21:15:08.290`)
* [CVE-2023-48738](CVE-2023/CVE-2023-487xx/CVE-2023-48738.json) (`2023-12-19T21:15:08.527`)
* [CVE-2023-48741](CVE-2023/CVE-2023-487xx/CVE-2023-48741.json) (`2023-12-19T21:15:08.737`)
* [CVE-2023-48764](CVE-2023/CVE-2023-487xx/CVE-2023-48764.json) (`2023-12-19T21:15:08.943`)
* [CVE-2023-49750](CVE-2023/CVE-2023-497xx/CVE-2023-49750.json) (`2023-12-19T21:15:09.137`)
* [CVE-2023-49764](CVE-2023/CVE-2023-497xx/CVE-2023-49764.json) (`2023-12-19T21:15:09.333`)
* [CVE-2023-49812](CVE-2023/CVE-2023-498xx/CVE-2023-49812.json) (`2023-12-19T21:15:09.530`)
* [CVE-2023-50466](CVE-2023/CVE-2023-504xx/CVE-2023-50466.json) (`2023-12-19T21:15:09.740`)
* [CVE-2023-38126](CVE-2023/CVE-2023-381xx/CVE-2023-38126.json) (`2023-12-19T22:15:07.460`)
* [CVE-2023-42940](CVE-2023/CVE-2023-429xx/CVE-2023-42940.json) (`2023-12-19T22:15:07.630`)
* [CVE-2023-46624](CVE-2023/CVE-2023-466xx/CVE-2023-46624.json) (`2023-12-19T22:15:07.673`)
* [CVE-2023-47146](CVE-2023/CVE-2023-471xx/CVE-2023-47146.json) (`2023-12-19T22:15:07.863`)
* [CVE-2023-47267](CVE-2023/CVE-2023-472xx/CVE-2023-47267.json) (`2023-12-19T22:15:08.060`)
* [CVE-2023-49004](CVE-2023/CVE-2023-490xx/CVE-2023-49004.json) (`2023-12-19T22:15:08.103`)
* [CVE-2023-49164](CVE-2023/CVE-2023-491xx/CVE-2023-49164.json) (`2023-12-19T22:15:08.143`)
* [CVE-2023-50835](CVE-2023/CVE-2023-508xx/CVE-2023-50835.json) (`2023-12-19T22:15:08.330`)
### CVEs modified in the last Commit
Recently modified CVEs: `41`
Recently modified CVEs: `8`
* [CVE-2023-49188](CVE-2023/CVE-2023-491xx/CVE-2023-49188.json) (`2023-12-19T20:20:29.910`)
* [CVE-2023-49187](CVE-2023/CVE-2023-491xx/CVE-2023-49187.json) (`2023-12-19T20:22:11.963`)
* [CVE-2023-49181](CVE-2023/CVE-2023-491xx/CVE-2023-49181.json) (`2023-12-19T20:25:34.397`)
* [CVE-2023-36878](CVE-2023/CVE-2023-368xx/CVE-2023-36878.json) (`2023-12-19T20:31:24.683`)
* [CVE-2023-50722](CVE-2023/CVE-2023-507xx/CVE-2023-50722.json) (`2023-12-19T20:33:20.713`)
* [CVE-2023-50723](CVE-2023/CVE-2023-507xx/CVE-2023-50723.json) (`2023-12-19T20:33:39.183`)
* [CVE-2023-49182](CVE-2023/CVE-2023-491xx/CVE-2023-49182.json) (`2023-12-19T20:36:56.557`)
* [CVE-2023-4020](CVE-2023/CVE-2023-40xx/CVE-2023-4020.json) (`2023-12-19T20:37:21.960`)
* [CVE-2023-50264](CVE-2023/CVE-2023-502xx/CVE-2023-50264.json) (`2023-12-19T20:37:45.463`)
* [CVE-2023-50265](CVE-2023/CVE-2023-502xx/CVE-2023-50265.json) (`2023-12-19T20:37:58.280`)
* [CVE-2023-50266](CVE-2023/CVE-2023-502xx/CVE-2023-50266.json) (`2023-12-19T20:38:21.357`)
* [CVE-2023-49183](CVE-2023/CVE-2023-491xx/CVE-2023-49183.json) (`2023-12-19T20:41:36.987`)
* [CVE-2023-50469](CVE-2023/CVE-2023-504xx/CVE-2023-50469.json) (`2023-12-19T20:43:15.477`)
* [CVE-2023-49184](CVE-2023/CVE-2023-491xx/CVE-2023-49184.json) (`2023-12-19T20:43:19.030`)
* [CVE-2023-50728](CVE-2023/CVE-2023-507xx/CVE-2023-50728.json) (`2023-12-19T20:43:55.837`)
* [CVE-2023-49185](CVE-2023/CVE-2023-491xx/CVE-2023-49185.json) (`2023-12-19T20:45:06.317`)
* [CVE-2023-6051](CVE-2023/CVE-2023-60xx/CVE-2023-6051.json) (`2023-12-19T20:46:20.970`)
* [CVE-2023-41151](CVE-2023/CVE-2023-411xx/CVE-2023-41151.json) (`2023-12-19T20:48:30.317`)
* [CVE-2023-6680](CVE-2023/CVE-2023-66xx/CVE-2023-6680.json) (`2023-12-19T20:51:03.237`)
* [CVE-2023-50089](CVE-2023/CVE-2023-500xx/CVE-2023-50089.json) (`2023-12-19T20:51:17.553`)
* [CVE-2023-50471](CVE-2023/CVE-2023-504xx/CVE-2023-50471.json) (`2023-12-19T20:51:50.550`)
* [CVE-2023-50719](CVE-2023/CVE-2023-507xx/CVE-2023-50719.json) (`2023-12-19T20:51:50.893`)
* [CVE-2023-50720](CVE-2023/CVE-2023-507xx/CVE-2023-50720.json) (`2023-12-19T20:52:05.350`)
* [CVE-2023-50721](CVE-2023/CVE-2023-507xx/CVE-2023-50721.json) (`2023-12-19T20:52:23.670`)
* [CVE-2023-50472](CVE-2023/CVE-2023-504xx/CVE-2023-50472.json) (`2023-12-19T20:53:28.300`)
* [CVE-2023-3511](CVE-2023/CVE-2023-35xx/CVE-2023-3511.json) (`2023-12-19T21:14:37.470`)
* [CVE-2023-42883](CVE-2023/CVE-2023-428xx/CVE-2023-42883.json) (`2023-12-19T21:15:08.097`)
* [CVE-2023-43826](CVE-2023/CVE-2023-438xx/CVE-2023-43826.json) (`2023-12-19T21:15:08.190`)
* [CVE-2023-6265](CVE-2023/CVE-2023-62xx/CVE-2023-6265.json) (`2023-12-19T21:15:09.793`)
* [CVE-2023-3904](CVE-2023/CVE-2023-39xx/CVE-2023-3904.json) (`2023-12-19T21:41:11.020`)
* [CVE-2023-49159](CVE-2023/CVE-2023-491xx/CVE-2023-49159.json) (`2023-12-19T22:54:58.657`)
* [CVE-2023-5061](CVE-2023/CVE-2023-50xx/CVE-2023-5061.json) (`2023-12-19T22:55:31.227`)
* [CVE-2023-5512](CVE-2023/CVE-2023-55xx/CVE-2023-5512.json) (`2023-12-19T22:56:44.743`)
## Download and Usage