admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-28T19:00:24.853584+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-28 19:00:28 +00:00
parent e502d34b13
commit 739753174b
48 changed files with 3827 additions and 623 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2014/CVE-2014-99xx/CVE-2014-9940.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-9940",
"sourceIdentifier": "security@android.com",
"published": "2017-05-02T21:59:00.167",
"lastModified": "2023-09-28T22:06:37.327",
"lastModified": "2023-12-28T18:11:41.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "3.16.45",
"matchCriteriaId": "7E941F20-32AC-4C41-8F38-24A76BD73BF1"
"versionStartExcluding": "3.10",
"versionEndExcluding": "3.16.45",
"matchCriteriaId": "2FA9A690-FCB0-461A-82EE-2FC830BD9BE1"
},
{
"vulnerable": true,
@ -94,6 +95,46 @@
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.52",
"matchCriteriaId": "8104AAC1-9700-4372-8E11-37B09309A76F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:-:*:*:*:*:*:*",
"matchCriteriaId": "82D28405-E1F2-43CF-AA38-B228805AFFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8220D375-BEB3-49DA-9FE2-E33CE9727E33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6A9D64B9-B500-46DD-807A-7AE8898D814F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7B933742-22C3-41D1-9588-C7E7A126DDD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DC6F70D0-FB0D-4CCA-B54B-2D50D7E05C79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:rc5:*:*:*:*:*:*",
"matchCriteriaId": "7531C844-BA6E-44F3-BCBC-1036C21541C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:rc6:*:*:*:*:*:*",
"matchCriteriaId": "2DD6E1E7-AF5F-46ED-A729-288651810FFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:rc7:*:*:*:*:*:*",
"matchCriteriaId": "7EDF2BC7-2812-4297-9FF3-2CFFE1EE8584"
}
]
}

81
CVE-2019/CVE-2019-168xx/CVE-2019-16892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-16892",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-25T22:15:10.023",
"lastModified": "2023-11-16T23:15:07.863",
"vulnStatus": "Modified",
"lastModified": "2023-12-28T17:04:56.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "NVD-CWE-noinfo"
}
]
}
@ -91,20 +91,74 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:cloudforms:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4E936928-D918-4C0E-9ECB-4AA1814740F3"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHBA-2019:4047",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:4201",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/rubyzip/rubyzip/pull/403",
@ -118,15 +172,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J45KSFPP6DFVWLC7Z73L7SX735CKZYO6/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWWPORMSBHZTMP4PGF4DQD22TTKBQMMC/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X255K6ZBAQC462PQN2ND5HOTTQEJ2G2X/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}
]
}

66
CVE-2019/CVE-2019-251xx/CVE-2019-25158.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2019-25158",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-19T13:15:43.133",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:15:25.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en pedroetb tts-api hasta 2.1.4 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n onSpeechDone del archivo app.js. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. La actualizaci\u00f3n a la versi\u00f3n 2.2.0 puede solucionar este problema. El parche se identifica como 29d9c25415911ea2f8b6de247cb5c4607d13d434. Se recomienda actualizar el componente afectado. VDB-248278 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pedroetb:tts-api:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "6A7BC92B-21CF-43A4-87DC-12008F7AC264"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pedroetb/tts-api/commit/29d9c25415911ea2f8b6de247cb5c4607d13d434",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pedroetb/tts-api/releases/tag/v2.2.0",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.248278",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.248278",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2020/CVE-2020-367xx/CVE-2020-36754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36754",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-20T08:15:11.250",
"lastModified": "2023-11-07T03:22:32.750",
"vulnStatus": "Modified",
"lastModified": "2023-12-28T17:32:46.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 1.4
},
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paidmembershipspro:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.2",
"matchCriteriaId": "6E4AD015-E3FF-4AB7-8CCB-ECB0A0043953"
"matchCriteriaId": "42246A2F-153C-4BFE-AD26-1126A54BB14F"
}
]
}

6
CVE-2021/CVE-2021-206xx/CVE-2021-20678.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-20678",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2021-03-18T01:15:12.450",
"lastModified": "2021-03-23T15:37:14.267",
"lastModified": "2023-12-28T18:33:11.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paidmembershipspro:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.6",
"matchCriteriaId": "EDE4ECCB-EF41-4BF0-99F3-1DAA792F8787"
"matchCriteriaId": "7C956371-CBBE-4173-B139-9324222D0A67"
}
]
}

56
CVE-2021/CVE-2021-467xx/CVE-2021-46758.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46758",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-11-14T19:15:10.310",
"lastModified": "2023-11-22T15:15:58.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T17:38:00.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -313,8 +313,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_9_4900h_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "D80DB0DF-2AFE-42A3-A1C1-CC94D92A7DC4"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "4573D5E6-B8D5-4D44-83B0-D177CF2E83D5"
}
]
},
@ -341,8 +341,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_9_4900hs_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "EB4EA10C-DCF0-465D-80CF-B2715B0CEBA7"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "30359C5D-88AB-4286-9468-4FE173E45E8B"
}
]
},
@ -369,8 +369,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_7_4800h_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "44DEFA65-46E4-429B-9714-B79FEFF3AB4F"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "0EBE8F69-555F-4B64-9199-24C10FED9127"
}
]
},
@ -397,8 +397,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_7_4800hs_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "6DE3BC04-F91D-4137-9A80-76655BF71BB5"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "74DCE941-2A4F-4CF0-9D9F-89161F33495D"
}
]
},
@ -425,8 +425,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_7_4980u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "EA9F88FB-DFC4-4615-91CF-0393A561D39E"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "6D0C6F1C-E39D-44D1-BAA3-8F07161FE24F"
}
]
},
@ -453,8 +453,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_7_4800u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "FC6F4EC5-D2A1-4CE5-AE9B-B73CA3DD3410"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "30439972-C4D9-4E00-863B-19E01F6D4320"
}
]
},
@ -481,8 +481,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_7_4700u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "D127625C-0504-404D-8884-2D2C1A7BBF13"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "2549BDE9-3D73-4EBF-A48F-B892221DA7AE"
}
]
},
@ -509,8 +509,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_4600h_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "581B3797-99E7-449F-A349-974FA0FAFF96"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "4AEFEE44-B315-4EB1-9DDA-8B0A5A35829A"
}
]
},
@ -537,8 +537,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_4600hs_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "C1B74DB0-26F3-42FB-88F8-D3E7864500C3"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "9FDFD005-C279-4EE9-A3D1-2BDB542E919A"
}
]
},
@ -565,8 +565,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_4680u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "824D80CC-BB03-43B2-BD3C-41804288F29C"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "47E2BA17-847C-43E5-9C45-7AE16BF63CC1"
}
]
},
@ -593,8 +593,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_4600u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "526E7278-B02C-4A20-A9AC-297616C4F85D"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "2AC2378F-DE0C-480C-A9BD-8B0058EEC41A"
}
]
},
@ -621,8 +621,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_4500u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "1FE64AB8-3930-4D05-A872-4E38221EF7B9"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "B9F4C091-DB5A-42AF-9D9F-F18AA5873E56"
}
]
},
@ -649,8 +649,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_3_4300u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "renoirpi-fp6_1.0.0.a_comboam4v2_pi_1.2.0.8",
"matchCriteriaId": "069481DA-EA6F-46CA-9E6D-4BE6F01DCE23"
"versionEndExcluding": "renoirpi-fp6_1.0.0.a",
"matchCriteriaId": "3EC71AAC-5AB6-496F-BC94-20B8CFEC79D2"
}
]
},

20
CVE-2022/CVE-2022-48xx/CVE-2022-4830.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4830",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-02-13T15:15:20.090",
"lastModified": "2023-11-07T03:59:02.217",
"vulnStatus": "Modified",
"lastModified": "2023-12-28T18:59:31.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,6 +34,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
@ -43,9 +55,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paidmembershipspro:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.9.9",
"matchCriteriaId": "9644B911-B691-4060-A51E-55D0E7E527A6"
"matchCriteriaId": "3AFF0B35-22E1-4EE8-8A23-7F631FC82C87"
}
]
}

162
CVE-2023/CVE-2023-224xx/CVE-2023-22439.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-22439",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:07.807",
"lastModified": "2023-12-19T13:42:29.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T18:50:15.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u00a0optional\u00a0diagnostic web interface (Port 80)\u00a0can be used to perform a Denial of Service of the diagnostic web interface.\n\nThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n"
},
{
"lang": "es",
"value": "Se puede utilizar una validaci\u00f3n de entrada incorrecta de una solicitud HTTP grande en la interfaz web de diagn\u00f3stico opcional de Controller 6000 y Controller 7000 (puerto 80) para realizar una denegaci\u00f3n de servicio de la interfaz web de diagn\u00f3stico. Este problema afecta a: \nGallagher Controller 6000 y 7000 8.90 antes de vCR8.90.231204a (distribuido en 8.90.1620 (MR2)), \n8.80 antes de vCR8.80.231204a (distribuido en 8.80.1369 (MR3)), \n8.70 antes de vCR8. 70.231204a (distribuido en 8.70.2375 (MR5)), \n8.60 antes de vCR8.60.231116a (distribuido en 8.60.2550 (MR7)), \ntodas las versiones de 8.50 y anteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
@ -46,10 +80,132 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.50",
"matchCriteriaId": "3183049E-D5F5-416E-B5B6-140B02510BC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.60",
"versionEndExcluding": "8.60.231116a",
"matchCriteriaId": "162DF4B0-4F15-48D0-9D67-2AD509FD1FAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.70",
"versionEndExcluding": "8.70.231204a",
"matchCriteriaId": "30EEB0FF-D2F2-47DA-9666-6532730B195F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.80",
"versionEndExcluding": "8.80.231204a",
"matchCriteriaId": "D11F6F34-20E1-4BF8-BA36-819F2B153320"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.90",
"versionEndExcluding": "8.90.231204a",
"matchCriteriaId": "715CA029-60DF-422B-90BA-C806DCE041FC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.50",
"matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.60",
"versionEndExcluding": "8.60.231116a",
"matchCriteriaId": "189BCB50-4E9F-4E0B-B03F-D703BD14B6C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.70",
"versionEndExcluding": "8.70.231204a",
"matchCriteriaId": "63286868-84A7-492C-8F48-E0FB883C5666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.80",
"versionEndExcluding": "8.80.231204a",
"matchCriteriaId": "48DE400E-2C3D-485C-8C8E-DA79BC155E7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.90",
"versionEndExcluding": "8.90.231204a",
"matchCriteriaId": "14A61AE2-E3D1-4BEE-B5E1-361E6E0A617E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gallagher:controller_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F7F6A6-8F69-45C1-A59D-D9FB3FD0C1C7"
}
]
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439",
"source": "disclosures@gallagher.com"
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-238xx/CVE-2023-23840.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23840",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-09-13T23:15:07.820",
"lastModified": "2023-09-15T13:25:01.493",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-28T17:15:08.677",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges."
},
{
"lang": "es",
"value": "La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparaci\u00f3n Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED."
}
],
"metrics": {
@ -56,7 +60,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "psirt@solarwinds.com",
"type": "Primary",
"description": [
{
@ -66,12 +70,12 @@
]
},
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-749"
"value": "CWE-697"
}
]
}

14
CVE-2023/CVE-2023-238xx/CVE-2023-23845.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23845",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-09-13T23:15:08.283",
"lastModified": "2023-09-15T13:24:58.180",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-28T17:15:08.827",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges."
},
{
"lang": "es",
"value": "La plataforma SolarWinds era susceptible a la vulnerabilidad de Comparaci\u00f3n Incorrecta. Esta vulnerabilidad permite a los usuarios con acceso administrativo a SolarWinds Web Console ejecutar comandos arbitrarios con privilegios de SERVICIO DE RED."
}
],
"metrics": {
@ -56,7 +60,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "psirt@solarwinds.com",
"type": "Primary",
"description": [
{
@ -66,12 +70,12 @@
]
},
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-749"
"value": "CWE-697"
}
]
}

6
CVE-2023/CVE-2023-332xx/CVE-2023-33225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33225",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T14:15:10.417",
"lastModified": "2023-11-15T02:54:12.713",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-28T17:15:08.980",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-862"
"value": "CWE-697"
}
]
},

46
CVE-2023/CVE-2023-351xx/CVE-2023-35185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35185",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-10-19T15:15:09.330",
"lastModified": "2023-10-25T20:19:07.667",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-28T17:15:09.107",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "psirt@solarwinds.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
@ -35,26 +55,6 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

6
CVE-2023/CVE-2023-36xx/CVE-2023-3622.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3622",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T15:15:10.803",
"lastModified": "2023-10-30T19:42:12.173",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-28T17:15:09.333",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-287"
}
]
},

24
CVE-2023/CVE-2023-395xx/CVE-2023-39548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39548",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-17T06:15:34.077",
"lastModified": "2023-11-24T18:22:13.360",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T17:55:54.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -187,6 +187,16 @@
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "247EC97F-02F6-4EF3-A450-602BA5FEF257"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "321507E4-C76E-412D-9159-2E319598F0A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "66930816-7173-4B3D-B4A9-B099DB110F31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*",
@ -306,6 +316,16 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0F366B5-3A07-435F-BE9E-79688D3BBF79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "1B21ABC2-9955-4A11-96F9-1B491F43466F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E2837245-A053-4BCB-A741-2968F1A949F9"
}
]
}

22
CVE-2023/CVE-2023-400xx/CVE-2023-40053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40053",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-12-06T04:15:07.523",
"lastModified": "2023-12-11T18:42:29.597",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-28T17:15:09.460",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "psirt@solarwinds.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -37,24 +37,24 @@
"impactScore": 1.4
},
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},

46
CVE-2023/CVE-2023-400xx/CVE-2023-40061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40061",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-11-01T16:15:08.590",
"lastModified": "2023-11-09T13:35:02.493",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-28T18:15:45.650",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "psirt@solarwinds.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -35,26 +55,6 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.3
}
]
},

65
CVE-2023/CVE-2023-421xx/CVE-2023-42183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42183",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T01:15:08.047",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T18:11:09.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "lockss-daemon (tambi\u00e9n conocido como Classic LOCKSS Daemon) anterior a 1.77.3 realiza una normalizaci\u00f3n posterior a Unicode, lo que puede permitir eludir las restricciones de acceso previstas, como cuando U+1FEF se convierte en una comilla invertida."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lockss:classic_lockss_daemon:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.77.3",
"matchCriteriaId": "B8051589-52AD-45A4-8A98-1A1B9173C412"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lockss/lockss-daemon/security/advisories/GHSA-mgqj-hphf-9588",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

15
CVE-2023/CVE-2023-42xx/CVE-2023-4295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4295",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-11-07T16:15:29.340",
"lastModified": "2023-12-08T17:15:07.540",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T17:14:36.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -45,7 +45,11 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-416"
}
]
},
@ -93,7 +97,10 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",

20
CVE-2023/CVE-2023-457xx/CVE-2023-45794.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45794",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.970",
"lastModified": "2023-11-20T14:11:34.617",
"lastModified": "2023-12-28T18:59:23.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -79,31 +79,31 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:medix:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.23.37",
"matchCriteriaId": "EF898A30-27CD-4122-BBB6-036D044E10AF"
"matchCriteriaId": "9349FE43-89A4-4C6D-8DB4-CB7F001C4997"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:medix:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.18.27",
"matchCriteriaId": "C67B1540-3F5A-48D2-97B4-1F99CEEA9341"
"matchCriteriaId": "1310418B-0106-4E1E-A4A7-1FF7FF2EA297"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:medix:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.24.10",
"matchCriteriaId": "FBAB63A3-97EB-4639-8552-48999E5A6E04"
"matchCriteriaId": "3E92B744-3CC1-4980-8DA0-781C9B4B18B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:medix:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.4.0",
"matchCriteriaId": "47C1CB19-009C-44A2-8E62-A82B9F6FE88B"
"matchCriteriaId": "AB61E750-0A04-44E0-B0AE-4451D4ACA46E"
}
]
}

14
CVE-2023/CVE-2023-458xx/CVE-2023-45809.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45809",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-19T19:15:15.867",
"lastModified": "2023-10-31T18:51:51.687",
"lastModified": "2023-12-28T18:58:51.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -93,23 +93,23 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wagtail:wagtail:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.9",
"matchCriteriaId": "3B8C2042-E854-4CFF-B05E-ED6A3B60008B"
"matchCriteriaId": "974BDF97-9C1D-44BB-AD65-7BF0C5BF2EA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wagtail:wagtail:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2",
"versionEndExcluding": "5.0.5",
"matchCriteriaId": "65578772-BEF0-42B7-BB33-7D2E94563C5F"
"matchCriteriaId": "7DAC1931-ECF9-47BA-9DFA-322E8DA9CCEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wagtail:wagtail:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "34A0955D-6A4C-4294-8C5C-F99F9148E6C8"
"matchCriteriaId": "288CEC75-D1C5-4C43-9802-CF30E66DB5D2"
}
]
}

2
CVE-2023/CVE-2023-458xx/CVE-2023-45835.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45835",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-25T18:17:35.180",
"lastModified": "2023-11-01T15:19:29.947",
"lastModified": "2023-12-28T18:55:19.140",
"vulnStatus": "Analyzed",
"descriptions": [
{

79
CVE-2023/CVE-2023-472xx/CVE-2023-47272.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47272",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T00:15:09.380",
"lastModified": "2023-12-05T01:15:07.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T17:24:36.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -94,6 +94,56 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
@ -120,23 +170,38 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00005.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GILSR762MJB3BNJOVOCMW2JXEPV46IIQ/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFRGBPET73URF6364CI547ZVWQESJLGK/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4F4DUA3Q46ZVB2RD7BFP4XMNS4RYFFQ/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5572",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-473xx/CVE-2023-47363.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:07.907",
"lastModified": "2023-11-17T14:20:37.830",
"lastModified": "2023-12-28T17:34:14.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f.b.p._members_project:f.b.p._members:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "370A2DC9-F1B4-4397-924E-6256BF139107"
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}

6
CVE-2023/CVE-2023-473xx/CVE-2023-47364.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:07.970",
"lastModified": "2023-11-17T14:22:55.423",
"lastModified": "2023-12-28T17:34:46.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagaoka_taxi_project:nagaoka_taxi:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "716A6D4A-2082-4151-A8C8-C89B54E63815"
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}

6
CVE-2023/CVE-2023-473xx/CVE-2023-47365.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47365",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:08.013",
"lastModified": "2023-11-17T14:28:56.487",
"lastModified": "2023-12-28T17:35:10.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reisinnova:lil.off-price_store:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "34B95965-5B0C-4C45-964C-BF31C161B806"
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}

46
CVE-2023/CVE-2023-482xx/CVE-2023-48231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48231",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-16T23:15:08.607",
"lastModified": "2023-12-27T15:15:45.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T17:39:29.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -61,7 +61,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -86,6 +86,31 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
@ -112,7 +137,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/",
@ -124,11 +152,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0008/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-487xx/CVE-2023-48738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48738",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.527",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:19:48.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:portotheme:functionality:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.12.1",
"matchCriteriaId": "773D7F04-F0A2-4F3C-8770-AC1CC83934D6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/porto-functionality/wordpress-porto-theme-functionality-plugin-2-11-1-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-487xx/CVE-2023-48764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.943",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:25:33.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:guardgiant:guardgiant:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.5",
"matchCriteriaId": "DE1FF87A-8CB3-4B78-845D-059527C77262"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/guardgiant/wordpress-wordpress-brute-force-protection-stop-brute-force-attacks-plugin-2-2-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

1613
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

File diff suppressed because it is too large Load Diff

8
CVE-2023/CVE-2023-490xx/CVE-2023-49092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49092",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T21:15:08.530",
"lastModified": "2023-12-14T23:15:07.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T18:54:22.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -89,8 +89,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rust-lang:rsa:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "600DB2C9-3C8D-4C14-A69F-B5EE18B99EB6"
"criteria": "cpe:2.3:a:rustcrypto:rsa:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "248AAFCD-E795-48F3-AC41-468B1E2EB267"
}
]
}

65
CVE-2023/CVE-2023-497xx/CVE-2023-49734.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49734",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:08.007",
"lastModified": "2023-12-19T15:15:08.633",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:16:28.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Un usuario de Gamma autenticado tiene la capacidad de crear un panel y agregarle gr\u00e1ficos; este usuario se convertir\u00eda autom\u00e1ticamente en uno de los propietarios de los gr\u00e1ficos, lo que le permitir\u00eda tener permisos de escritura incorrectos para estos gr\u00e1ficos. Este problema afecta a Apache Superset: antes de 2.1.2 , desde 3.0.0 antes de 3.0.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.0.2 o 2.1.3, que soluciona el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -46,14 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.2",
"matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.2",
"matchCriteriaId": "23576169-716C-4703-BFB2-7F061CEED2CF"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-497xx/CVE-2023-49736.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49736",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:08.323",
"lastModified": "2023-12-19T15:15:08.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:16:12.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Una macro Where_in JINJA permite a los usuarios especificar una cita, que combinada con una declaraci\u00f3n cuidadosamente manipulada permitir\u00eda la inyecci\u00f3n de SQL en Apache Superset. Este problema afecta a Apache Superset: antes de 2.1.2, desde 3.0.0 antes de 3.0.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.0.2, que soluciona el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -46,14 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.2",
"matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.2",
"matchCriteriaId": "23576169-716C-4703-BFB2-7F061CEED2CF"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50835",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:08.330",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:32:58.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:saurabhspeaks:advanced_category_template:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.1",
"matchCriteriaId": "404C4BAA-2433-4B21-A449-67404FF7CE62"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-category-template/wordpress-advanced-category-template-plugin-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-53xx/CVE-2023-5384.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5384",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:11.360",
"lastModified": "2023-12-18T15:04:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T18:16:28.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Infinispan. Al serializar la configuraci\u00f3n de una cach\u00e9 en XML/JSON/YAML, que contiene credenciales (almac\u00e9n JDBC con agrupaci\u00f3n de conexiones, almac\u00e9n remoto), las credenciales se devuelven en texto plano como parte de la configuraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.4.6",
"matchCriteriaId": "069956BE-8A4A-418E-8913-90BB53FC6A23"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "2BF03A52-4068-47EA-8846-1E5FB708CE1A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6718434-9048-42D0-8E70-40531CA83A16"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7676",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5384",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

6
CVE-2023/CVE-2023-56xx/CVE-2023-5641.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5641",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:09.183",
"lastModified": "2023-12-02T04:36:11.447",
"lastModified": "2023-12-28T18:36:45.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,9 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:martinstools:seo_backlink_link_building_network:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:martinstools:free_\\&_easy_link_building:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.30",
"matchCriteriaId": "8747E5D1-A7C2-4359-B08A-23003BBC6EC8"
"matchCriteriaId": "27359BEF-D8C7-48EE-A71D-F067CF8DFE7A"
}
]
}

791
CVE-2023/CVE-2023-61xx/CVE-2023-6105.json
View File

File diff suppressed because it is too large Load Diff

93
CVE-2023/CVE-2023-62xx/CVE-2023-6228.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6228",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:11.840",
"lastModified": "2023-12-18T15:04:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T18:19:14.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en la utilidad tiffcp distribuida por el paquete libtiff donde un archivo TIFF manipulado durante el procesamiento puede provocar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico y provocar un bloqueo de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,65 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFD25C1-A304-486F-A36B-7167EEF33388"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6228",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240995",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-63xx/CVE-2023-6305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6305",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T01:15:07.463",
"lastModified": "2023-11-30T05:22:45.997",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T18:55:36.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,8 +104,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayuri_k:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A505CD8-96F0-4C93-AFB6-DCC534B5BC45"
"criteria": "cpe:2.3:a:mayurik:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D414DE2C-F2F3-4159-9D7F-A81930652C97"
}
]
}

8
CVE-2023/CVE-2023-63xx/CVE-2023-6306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6306",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T02:15:42.133",
"lastModified": "2023-11-30T05:17:21.207",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-28T18:55:28.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,8 +104,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayuri_k:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A505CD8-96F0-4C93-AFB6-DCC534B5BC45"
"criteria": "cpe:2.3:a:mayurik:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D414DE2C-F2F3-4159-9D7F-A81930652C97"
}
]
}

73
CVE-2023/CVE-2023-66xx/CVE-2023-6691.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6691",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-18T18:15:08.120",
"lastModified": "2023-12-18T19:05:45.340",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T18:28:00.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nCambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Cambium ePMP Force 300-25 versi\u00f3n 4.7.0.1 es afectado por una vulnerabilidad de inyecci\u00f3n de c\u00f3digo que podr\u00eda permitir a un atacante realizar la ejecuci\u00f3n remota de c\u00f3digo y obtener privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cambiumnetworks:epmp_force_300-25_firmware:4.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "032C677B-1B5C-4F88-B3E5-720345A324A9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cambiumnetworks:epmp_force_300-25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF85E46-C4D2-4733-8E50-F11973BF1AA6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

58
CVE-2023/CVE-2023-67xx/CVE-2023-6730.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-6730",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-19T13:15:43.380",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:15:33.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36."
},
{
"lang": "es",
"value": "Deserializaci\u00f3n de datos que no son de confianza en el repositorio de GitHub huggingface/transformers anteriores a 4.36."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.36.0",
"matchCriteriaId": "A7A810D1-9219-4534-83E2-F3FC5402E521"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
}
]
}

68
CVE-2023/CVE-2023-69xx/CVE-2023-6931.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6931",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-19T14:15:08.277",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:00:59.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.\n\n"
},
{
"lang": "es",
"value": "Se puede aprovechar una vulnerabilidad de escritura fuera de los l\u00edmites en la pila en el componente del sistema Performance Events del kernel de Linux para lograr una escalada de privilegios local. El read_size de un perf_event puede desbordarse, lo que lleva a un incremento o escritura fuera de los l\u00edmites en la pila en perf_read_group(). Recomendamos actualizar al commit anterior 382c27f4ed28f803b1f1473ac2d8db0afc795a1b."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3",
"versionEndExcluding": "6.7",
"matchCriteriaId": "964481AD-5E32-43FB-942E-583634AEA4AA"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch"
]
}
]
}

68
CVE-2023/CVE-2023-69xx/CVE-2023-6932.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6932",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-19T14:15:08.460",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:00:43.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de use after free en el componente ipv4: igmp del kernel de Linux se puede explotar para lograr una escalada de privilegios local. Se puede aprovechar una condici\u00f3n de ejecuci\u00f3n para provocar que un temporizador se registre por error en un objeto bloqueado de lectura de RCU que es liberado por otro subproceso. Recomendamos actualizar el commit anterior e2b706c691905fe78468c361aaabc719d0a496f1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "6.7",
"matchCriteriaId": "E2446CA5-FF6C-417F-A095-C5CA491CAA94"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch"
]
}
]
}

62
CVE-2023/CVE-2023-69xx/CVE-2023-6945.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6945",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-19T11:15:08.380",
"lastModified": "2023-12-19T13:42:12.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T17:15:46.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Online Student Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo edit-student-detail.php es afectado por esta vulnerabilidad. La manipulaci\u00f3n del argumento notmsg conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248377."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:online_student_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4865818-EDD5-4878-8BFE-DA5931B7CF16"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Online%20student%20management%20system(XSS)%202.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248377",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248377",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-71xx/CVE-2023-7131.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7131",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T17:15:09.740",
"lastModified": "2023-12-28T17:15:09.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Intern_Membership_Management_System/Intern_Membership_Management_System-SQL-Injection.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249134",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249134",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-71xx/CVE-2023-7132.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7132",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T17:15:09.997",
"lastModified": "2023-12-28T17:15:09.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument userName/firstName/lastName/userEmail with the input \"><ScRiPt>confirm(document.domain)</ScRiPt>h0la leads to cross site scripting. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249135."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Intern_Membership_Management_System/Intern_Membership_Management_System-Stored_Cross_site_Scripting.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249135",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249135",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-71xx/CVE-2023-7133.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7133",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T18:15:45.853",
"lastModified": "2023-12-28T18:15:45.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0m<script>alert(1)</script>p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://1drv.ms/w/s!AgMfVZkPO1NWgSPnwk90DMQIUN_D?e=2Bauy4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249136",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249136",
"source": "cna@vuldb.com"
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-28T17:00:24.440800+00:00
2023-12-28T19:00:24.853584+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-28T16:56:12.793000+00:00
2023-12-28T18:59:31.510000+00:00
```
### Last Data Feed Release
@ -29,54 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234351
234354
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `3`
* [CVE-2023-46987](CVE-2023/CVE-2023-469xx/CVE-2023-46987.json) (`2023-12-28T15:15:07.550`)
* [CVE-2023-50470](CVE-2023/CVE-2023-504xx/CVE-2023-50470.json) (`2023-12-28T15:15:07.617`)
* [CVE-2023-7127](CVE-2023/CVE-2023-71xx/CVE-2023-7127.json) (`2023-12-28T15:15:07.663`)
* [CVE-2023-7128](CVE-2023/CVE-2023-71xx/CVE-2023-7128.json) (`2023-12-28T15:15:07.887`)
* [CVE-2023-50267](CVE-2023/CVE-2023-502xx/CVE-2023-50267.json) (`2023-12-28T16:16:01.650`)
* [CVE-2023-52079](CVE-2023/CVE-2023-520xx/CVE-2023-52079.json) (`2023-12-28T16:16:01.863`)
* [CVE-2023-52081](CVE-2023/CVE-2023-520xx/CVE-2023-52081.json) (`2023-12-28T16:16:02.090`)
* [CVE-2023-52082](CVE-2023/CVE-2023-520xx/CVE-2023-52082.json) (`2023-12-28T16:16:02.290`)
* [CVE-2023-7129](CVE-2023/CVE-2023-71xx/CVE-2023-7129.json) (`2023-12-28T16:16:02.497`)
* [CVE-2023-7163](CVE-2023/CVE-2023-71xx/CVE-2023-7163.json) (`2023-12-28T16:16:02.730`)
* [CVE-2023-7131](CVE-2023/CVE-2023-71xx/CVE-2023-7131.json) (`2023-12-28T17:15:09.740`)
* [CVE-2023-7132](CVE-2023/CVE-2023-71xx/CVE-2023-7132.json) (`2023-12-28T17:15:09.997`)
* [CVE-2023-7133](CVE-2023/CVE-2023-71xx/CVE-2023-7133.json) (`2023-12-28T18:15:45.853`)
### CVEs modified in the last Commit
Recently modified CVEs: `158`
Recently modified CVEs: `44`
* [CVE-2023-4672](CVE-2023/CVE-2023-46xx/CVE-2023-4672.json) (`2023-12-28T15:09:53.403`)
* [CVE-2023-50874](CVE-2023/CVE-2023-508xx/CVE-2023-50874.json) (`2023-12-28T15:09:53.403`)
* [CVE-2023-46918](CVE-2023/CVE-2023-469xx/CVE-2023-46918.json) (`2023-12-28T15:09:59.150`)
* [CVE-2023-49000](CVE-2023/CVE-2023-490xx/CVE-2023-49000.json) (`2023-12-28T15:09:59.150`)
* [CVE-2023-49001](CVE-2023/CVE-2023-490xx/CVE-2023-49001.json) (`2023-12-28T15:09:59.150`)
* [CVE-2023-49002](CVE-2023/CVE-2023-490xx/CVE-2023-49002.json) (`2023-12-28T15:09:59.150`)
* [CVE-2023-3655](CVE-2023/CVE-2023-36xx/CVE-2023-3655.json) (`2023-12-28T15:20:29.200`)
* [CVE-2023-3656](CVE-2023/CVE-2023-36xx/CVE-2023-3656.json) (`2023-12-28T15:20:34.697`)
* [CVE-2023-3654](CVE-2023/CVE-2023-36xx/CVE-2023-3654.json) (`2023-12-28T15:20:38.820`)
* [CVE-2023-5961](CVE-2023/CVE-2023-59xx/CVE-2023-5961.json) (`2023-12-28T15:26:49.127`)
* [CVE-2023-50825](CVE-2023/CVE-2023-508xx/CVE-2023-50825.json) (`2023-12-28T15:38:49.707`)
* [CVE-2023-38200](CVE-2023/CVE-2023-382xx/CVE-2023-38200.json) (`2023-12-28T15:40:32.947`)
* [CVE-2023-48723](CVE-2023/CVE-2023-487xx/CVE-2023-48723.json) (`2023-12-28T15:53:46.960`)
* [CVE-2023-43796](CVE-2023/CVE-2023-437xx/CVE-2023-43796.json) (`2023-12-28T16:13:08.610`)
* [CVE-2023-42627](CVE-2023/CVE-2023-426xx/CVE-2023-42627.json) (`2023-12-28T16:13:12.767`)
* [CVE-2023-42628](CVE-2023/CVE-2023-426xx/CVE-2023-42628.json) (`2023-12-28T16:13:28.370`)
* [CVE-2023-42629](CVE-2023/CVE-2023-426xx/CVE-2023-42629.json) (`2023-12-28T16:13:32.073`)
* [CVE-2023-40791](CVE-2023/CVE-2023-407xx/CVE-2023-40791.json) (`2023-12-28T16:13:37.483`)
* [CVE-2023-45871](CVE-2023/CVE-2023-458xx/CVE-2023-45871.json) (`2023-12-28T16:18:15.007`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-12-28T16:23:01.123`)
* [CVE-2023-2680](CVE-2023/CVE-2023-26xx/CVE-2023-2680.json) (`2023-12-28T16:23:09.520`)
* [CVE-2023-41615](CVE-2023/CVE-2023-416xx/CVE-2023-41615.json) (`2023-12-28T16:23:14.277`)
* [CVE-2023-46846](CVE-2023/CVE-2023-468xx/CVE-2023-46846.json) (`2023-12-28T16:24:10.387`)
* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2023-12-28T16:51:57.970`)
* [CVE-2023-48719](CVE-2023/CVE-2023-487xx/CVE-2023-48719.json) (`2023-12-28T16:56:12.793`)
* [CVE-2023-49734](CVE-2023/CVE-2023-497xx/CVE-2023-49734.json) (`2023-12-28T17:16:28.993`)
* [CVE-2023-48738](CVE-2023/CVE-2023-487xx/CVE-2023-48738.json) (`2023-12-28T17:19:48.890`)
* [CVE-2023-47272](CVE-2023/CVE-2023-472xx/CVE-2023-47272.json) (`2023-12-28T17:24:36.373`)
* [CVE-2023-48764](CVE-2023/CVE-2023-487xx/CVE-2023-48764.json) (`2023-12-28T17:25:33.493`)
* [CVE-2023-50835](CVE-2023/CVE-2023-508xx/CVE-2023-50835.json) (`2023-12-28T17:32:58.013`)
* [CVE-2023-47363](CVE-2023/CVE-2023-473xx/CVE-2023-47363.json) (`2023-12-28T17:34:14.213`)
* [CVE-2023-47364](CVE-2023/CVE-2023-473xx/CVE-2023-47364.json) (`2023-12-28T17:34:46.510`)
* [CVE-2023-47365](CVE-2023/CVE-2023-473xx/CVE-2023-47365.json) (`2023-12-28T17:35:10.877`)
* [CVE-2023-48231](CVE-2023/CVE-2023-482xx/CVE-2023-48231.json) (`2023-12-28T17:39:29.390`)
* [CVE-2023-39548](CVE-2023/CVE-2023-395xx/CVE-2023-39548.json) (`2023-12-28T17:55:54.710`)
* [CVE-2023-42183](CVE-2023/CVE-2023-421xx/CVE-2023-42183.json) (`2023-12-28T18:11:09.047`)
* [CVE-2023-40061](CVE-2023/CVE-2023-400xx/CVE-2023-40061.json) (`2023-12-28T18:15:45.650`)
* [CVE-2023-5384](CVE-2023/CVE-2023-53xx/CVE-2023-5384.json) (`2023-12-28T18:16:28.223`)
* [CVE-2023-6228](CVE-2023/CVE-2023-62xx/CVE-2023-6228.json) (`2023-12-28T18:19:14.730`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-28T18:26:43.827`)
* [CVE-2023-6691](CVE-2023/CVE-2023-66xx/CVE-2023-6691.json) (`2023-12-28T18:28:00.493`)
* [CVE-2023-5641](CVE-2023/CVE-2023-56xx/CVE-2023-5641.json) (`2023-12-28T18:36:45.983`)
* [CVE-2023-6105](CVE-2023/CVE-2023-61xx/CVE-2023-6105.json) (`2023-12-28T18:37:26.820`)
* [CVE-2023-22439](CVE-2023/CVE-2023-224xx/CVE-2023-22439.json) (`2023-12-28T18:50:15.597`)
* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-12-28T18:54:22.443`)
* [CVE-2023-45835](CVE-2023/CVE-2023-458xx/CVE-2023-45835.json) (`2023-12-28T18:55:19.140`)
* [CVE-2023-6306](CVE-2023/CVE-2023-63xx/CVE-2023-6306.json) (`2023-12-28T18:55:28.227`)
* [CVE-2023-6305](CVE-2023/CVE-2023-63xx/CVE-2023-6305.json) (`2023-12-28T18:55:36.773`)
* [CVE-2023-45809](CVE-2023/CVE-2023-458xx/CVE-2023-45809.json) (`2023-12-28T18:58:51.657`)
* [CVE-2023-45794](CVE-2023/CVE-2023-457xx/CVE-2023-45794.json) (`2023-12-28T18:59:23.170`)
## Download and Usage