admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-21T17:00:24.950171+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-21 17:00:28 +00:00
parent c6f3539a43
commit 73ec39824a
54 changed files with 2160 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
CVE-2023/CVE-2023-02xx/CVE-2023-0248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0248",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2023-12-14T21:15:07.553",
"lastModified": "2023-12-15T22:15:07.070",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T15:12:05.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "productsecurity@jci.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
},
{
"source": "productsecurity@jci.com",
"type": "Secondary",
@ -54,14 +84,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.07.02",
"matchCriteriaId": "2EAD2797-79E8-4ED4-87EC-914F08698414"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC9CD38-BBD7-4AB8-A7E1-87246BCD7812"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02",
"source": "productsecurity@jci.com"
"source": "productsecurity@jci.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"source": "productsecurity@jci.com"
"source": "productsecurity@jci.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-226xx/CVE-2023-22674.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-22674",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:08.137",
"lastModified": "2023-12-21T15:15:08.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dashicons-cpt/wordpress-dashicons-custom-post-types-plugin-1-0-2-broken-access-control?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2023/CVE-2023-314xx/CVE-2023-31438.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31438",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.707",
"lastModified": "2023-11-07T04:14:19.130",
"lastModified": "2023-12-21T15:15:08.503",
"vulnStatus": "Modified",
"descriptions": [
{
@ -78,6 +78,10 @@
"Technical Description"
]
},
{
"url": "https://github.com/systemd/systemd/pull/28886",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/systemd/systemd/releases",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-314xx/CVE-2023-31439.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31439",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.753",
"lastModified": "2023-11-07T04:14:19.180",
"lastModified": "2023-12-21T15:15:08.630",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,10 @@
"Technical Description"
]
},
{
"url": "https://github.com/systemd/systemd/pull/28885",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/systemd/systemd/releases",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-427xx/CVE-2023-42792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42792",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-14T10:15:10.377",
"lastModified": "2023-10-18T18:50:16.153",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-21T15:15:08.710",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -79,6 +79,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/21/1",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/airflow/pull/34366",
"source": "security@apache.org",

67
CVE-2023/CVE-2023-42xx/CVE-2023-4255.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-4255",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T16:15:10.017",
"lastModified": "2023-12-21T16:15:10.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/tats/w3m/issues/268",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/tats/w3m/pull/273",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-42xx/CVE-2023-4256.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4256",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T16:15:10.400",
"lastModified": "2023-12-21T16:15:10.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255212",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/appneta/tcpreplay/issues/813",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45115.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45115",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:07.517",
"lastModified": "2023-12-21T16:15:07.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'ch' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45116.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45116",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:08.040",
"lastModified": "2023-12-21T16:15:08.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'demail' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45117.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45117",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:08.380",
"lastModified": "2023-12-21T16:15:08.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'eid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45118.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45118",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:08.750",
"lastModified": "2023-12-21T16:15:08.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'fdid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45119.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45119",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:09.197",
"lastModified": "2023-12-21T16:15:09.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'n' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
}
]
}

8
CVE-2023/CVE-2023-454xx/CVE-2023-45498.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45498",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T04:15:10.487",
"lastModified": "2023-11-08T14:08:01.397",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-21T15:15:08.843",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -78,6 +78,10 @@
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/31",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-454xx/CVE-2023-45499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45499",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T04:15:10.617",
"lastModified": "2023-11-08T14:07:34.800",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-21T15:15:08.953",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -78,6 +78,10 @@
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/31",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-472xx/CVE-2023-47265.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47265",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-21T10:15:35.713",
"lastModified": "2023-12-21T13:22:15.910",
"lastModified": "2023-12-21T15:15:09.020",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/21/2",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/airflow/pull/35460",
"source": "security@apache.org"

55
CVE-2023/CVE-2023-475xx/CVE-2023-47525.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47525",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:09.097",
"lastModified": "2023-12-21T15:15:09.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-475xx/CVE-2023-47527.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47527",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:09.340",
"lastModified": "2023-12-21T15:15:09.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS.This issue affects WP Edit Username: from n/a through 1.0.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-edit-username/wordpress-wp-edit-username-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

24
CVE-2023/CVE-2023-481xx/CVE-2023-48114.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48114",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T15:15:09.587",
"lastModified": "2023-12-21T16:15:09.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name."
}
],
"metrics": {},
"references": [
{
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114",
"source": "cve@mitre.org"
},
{
"url": "https://www.smartertools.com/smartermail/release-notes/current",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-481xx/CVE-2023-48115.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48115",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T15:15:09.637",
"lastModified": "2023-12-21T16:15:09.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request."
}
],
"metrics": {},
"references": [
{
"url": "https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail",
"source": "cve@mitre.org"
},
{
"url": "https://www.smartertools.com/smartermail/release-notes/current",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-481xx/CVE-2023-48116.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48116",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T15:15:09.697",
"lastModified": "2023-12-21T16:15:09.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment."
}
],
"metrics": {},
"references": [
{
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116",
"source": "cve@mitre.org"
},
{
"url": "https://www.smartertools.com/smartermail/release-notes/current",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-482xx/CVE-2023-48291.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48291",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-21T10:15:36.043",
"lastModified": "2023-12-21T13:22:15.910",
"lastModified": "2023-12-21T15:15:09.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/21/1",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/airflow/pull/34366",
"source": "security@apache.org"

58
CVE-2023/CVE-2023-483xx/CVE-2023-48374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48374",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T08:15:44.563",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T15:46:58.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,10 +35,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC0021-D5D9-4794-9ABE-DF8F1B21F6A2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-483xx/CVE-2023-48378.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48378",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T08:15:45.547",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T15:51:05.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*",
"versionEndIncluding": "230330",
"matchCriteriaId": "FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-483xx/CVE-2023-48379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48379",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T08:15:45.803",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T15:50:53.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*",
"versionEndIncluding": "230330",
"matchCriteriaId": "FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7597-fff54-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-483xx/CVE-2023-48380.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48380",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:07.577",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T15:58:54.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*",
"versionEndExcluding": "230330",
"matchCriteriaId": "30D54AFA-951B-44FD-84F6-0C16F338E2CE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7598-37b03-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-483xx/CVE-2023-48382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48382",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:07.967",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T15:43:01.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*",
"versionEndExcluding": "230330",
"matchCriteriaId": "30D54AFA-951B-44FD-84F6-0C16F338E2CE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7600-dd072-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49189.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49189",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:43.913",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T16:48:17.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: from n/a through 4.3.12.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io permite XSS almacenado. Este problema afecta a Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: de n/a hasta el 4.3.12."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getsocial:social_share_buttons_\\&_analytics:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.3.12",
"matchCriteriaId": "BFA63335-888A-42EB-9FC0-1F5E26B084D6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-share-buttons-analytics-by-getsocial/wordpress-social-share-buttons-analytics-plugin-getsocial-io-plugin-4-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49190.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49190",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T16:15:44.120",
"lastModified": "2023-12-15T16:53:06.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T16:49:34.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode permite almacenar XSS. Este problema afecta a Site Offline Or Coming Soon Or Maintenance Mode: desde n/a hasta 1.5.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freehtmldesigns:site_offline:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.6",
"matchCriteriaId": "7D8C7701-3549-40A3-B5BA-7DC967FE465E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/site-offline/wordpress-site-offline-or-coming-soon-or-maintenance-mode-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-499xx/CVE-2023-49920.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49920",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-21T10:15:36.330",
"lastModified": "2023-12-21T13:22:15.910",
"lastModified": "2023-12-21T15:15:09.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/21/3",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/airflow/pull/36026",
"source": "security@apache.org"

14
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2023-11-07T04:23:09.110",
"lastModified": "2023-12-21T15:15:09.890",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-11-21",
"cisaActionDue": "2023-12-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "GNU C Library Buffer Overflow Vulnerability",
"descriptions": [
{
"lang": "en",
@ -37,7 +41,7 @@
"impactScore": 5.9
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +74,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -152,6 +156,10 @@
"url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html",
"source": "secalert@redhat.com"
},
{
"url": "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/11",
"source": "secalert@redhat.com"

15
CVE-2023/CVE-2023-501xx/CVE-2023-50119.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-50119",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T15:15:10.157",
"lastModified": "2023-12-21T15:15:10.157",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45292. Reason: This record is a reservation duplicate of CVE-2023-45292. Notes: All CVE users should reference CVE-2023-45292 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}

55
CVE-2023/CVE-2023-503xx/CVE-2023-50377.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50377",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:10.290",
"lastModified": "2023-12-21T15:15:10.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.This issue affects Simple Counter: from n/a through 1.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/abwp-simple-counter/wordpress-simple-counter-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

63
CVE-2023/CVE-2023-507xx/CVE-2023-50724.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-50724",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T15:15:10.573",
"lastModified": "2023-12-21T15:15:10.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Resque (pronounced like \"rescue\") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/resque/resque/issues/1679",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/resque/resque/pull/1687",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-507xx/CVE-2023-50783.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50783",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-21T10:15:36.607",
"lastModified": "2023-12-21T13:22:15.910",
"lastModified": "2023-12-21T15:15:10.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/21/4",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/airflow/pull/33932",
"source": "security@apache.org"

75
CVE-2023/CVE-2023-507xx/CVE-2023-50784.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-50784",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-16T23:15:40.770",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T16:09:40.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en websockets en UnrealIRCd 6.1.0 hasta 6.1.3 anterior a 6.1.4 permite que un atacante remoto no autenticado bloquee el servidor enviando un paquete de gran tama\u00f1o (si un puerto websocket est\u00e1 abierto). La ejecuci\u00f3n remota de c\u00f3digo podr\u00eda ser posible en algunas plataformas antiguas y poco comunes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndExcluding": "6.1.4",
"matchCriteriaId": "574ACE08-97D7-4495-BF19-0F2EA0631ECA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://forums.unrealircd.org/viewtopic.php?t=9340",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.unrealircd.org/index/news",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50822.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50822",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:10.927",
"lastModified": "2023-12-21T15:15:10.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget \u2013 Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget \u2013 Exchange Rates: from n/a through 3.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/currency-converter-widget/wordpress-currency-converter-widget-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50823.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50823",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:11.187",
"lastModified": "2023-12-21T15:15:11.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/css-javascript-toolbox/wordpress-css-javascript-toolbox-plugin-11-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50824.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50824",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:11.487",
"lastModified": "2023-12-21T15:15:11.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/insert-or-embed-articulate-content-into-wordpress/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000021-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50825.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50825",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:11.953",
"lastModified": "2023-12-21T15:15:11.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/iframe-shortcode/wordpress-iframe-shortcode-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50826.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50826",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:12.213",
"lastModified": "2023-12-21T15:15:12.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.This issue affects Menu Image, Icons made easy: from n/a through 3.10.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/menu-image/wordpress-menu-image-icons-made-easy-plugin-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50827.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50827",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:12.497",
"lastModified": "2023-12-21T15:15:12.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accredible-certificates/wordpress-accredible-certificates-open-badges-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-508xx/CVE-2023-50828.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50828",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:12.990",
"lastModified": "2023-12-21T15:15:12.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard \u2013 Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard \u2013 Custom WordPress Dashboard: from n/a through 3.7.11.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-dashboard/wordpress-ultimate-dashboard-plugin-3-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51048.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:10.797",
"lastModified": "2023-12-21T16:15:10.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51049.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51049",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:10.903",
"lastModified": "2023-12-21T16:15:10.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51050.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51050",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:11.000",
"lastModified": "2023-12-21T16:15:11.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51051.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51051",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:11.110",
"lastModified": "2023-12-21T16:15:11.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51052.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51052",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:11.220",
"lastModified": "2023-12-21T16:15:11.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51442.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51442",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T15:15:13.397",
"lastModified": "2023-12-21T15:15:13.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key \"not so secret\". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-516xx/CVE-2023-51656.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51656",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-21T12:15:08.050",
"lastModified": "2023-12-21T13:22:15.910",
"lastModified": "2023-12-21T15:15:13.863",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/21/5",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/zy3klwpv11vl5n65josbfo2fyzxg3dxc",
"source": "security@apache.org"

65
CVE-2023/CVE-2023-68xx/CVE-2023-6831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6831",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-15T01:15:08.140",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-21T15:10:23.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -39,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -50,14 +82,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.2",
"matchCriteriaId": "6B5585E2-CC70-4BED-AA89-B791F081ACFC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-70xx/CVE-2023-7035.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7035",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T15:15:13.967",
"lastModified": "2023-12-21T15:15:13.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\\standard\\templates\\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Stored%20Cross%20Site%20Scripting%20(XSS)",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.248684",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.248684",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-70xx/CVE-2023-7036.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7036",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T16:15:11.320",
"lastModified": "2023-12-21T16:15:11.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.248685",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.248685",
"source": "cna@vuldb.com"
}
]
}

20
CVE-2023/CVE-2023-70xx/CVE-2023-7047.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-7047",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-12-21T15:15:14.427",
"lastModified": "2023-12-21T15:15:14.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nInadequate validation of permissions when employing remote tools and \nmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and \nearlier permits a user to initiate a connection without proper execution\n rights via the remote tools feature. This affects only SQL data sources.\n"
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0024/",
"source": "security@devolutions.net"
}
]
}

89
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-21T15:00:24.355779+00:00
2023-12-21T17:00:24.950171+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-21T14:47:05.363000+00:00
2023-12-21T16:49:34.847000+00:00
```
### Last Data Feed Release
@ -23,56 +23,71 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-12-21T01:00:28.247707+00:00
2023-12-21T15:02:34.756081+00:00
```
### Total Number of included CVEs
```plain
233945
233977
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `32`
* [CVE-2022-45377](CVE-2022/CVE-2022-453xx/CVE-2022-45377.json) (`2023-12-21T13:15:08.330`)
* [CVE-2023-32242](CVE-2023/CVE-2023-322xx/CVE-2023-32242.json) (`2023-12-21T13:15:08.710`)
* [CVE-2023-49762](CVE-2023/CVE-2023-497xx/CVE-2023-49762.json) (`2023-12-21T13:15:08.990`)
* [CVE-2023-49778](CVE-2023/CVE-2023-497xx/CVE-2023-49778.json) (`2023-12-21T13:15:09.287`)
* [CVE-2023-49826](CVE-2023/CVE-2023-498xx/CVE-2023-49826.json) (`2023-12-21T13:15:09.557`)
* [CVE-2023-28421](CVE-2023/CVE-2023-284xx/CVE-2023-28421.json) (`2023-12-21T14:15:07.370`)
* [CVE-2023-2487](CVE-2023/CVE-2023-24xx/CVE-2023-2487.json) (`2023-12-21T14:15:07.750`)
* [CVE-2023-48288](CVE-2023/CVE-2023-482xx/CVE-2023-48288.json) (`2023-12-21T14:15:08.293`)
* [CVE-2023-49162](CVE-2023/CVE-2023-491xx/CVE-2023-49162.json) (`2023-12-21T14:15:08.773`)
* [CVE-2023-6122](CVE-2023/CVE-2023-61xx/CVE-2023-6122.json) (`2023-12-21T14:15:09.063`)
* [CVE-2023-6145](CVE-2023/CVE-2023-61xx/CVE-2023-6145.json) (`2023-12-21T14:15:09.430`)
* [CVE-2023-50823](CVE-2023/CVE-2023-508xx/CVE-2023-50823.json) (`2023-12-21T15:15:11.187`)
* [CVE-2023-50824](CVE-2023/CVE-2023-508xx/CVE-2023-50824.json) (`2023-12-21T15:15:11.487`)
* [CVE-2023-50825](CVE-2023/CVE-2023-508xx/CVE-2023-50825.json) (`2023-12-21T15:15:11.953`)
* [CVE-2023-50826](CVE-2023/CVE-2023-508xx/CVE-2023-50826.json) (`2023-12-21T15:15:12.213`)
* [CVE-2023-50827](CVE-2023/CVE-2023-508xx/CVE-2023-50827.json) (`2023-12-21T15:15:12.497`)
* [CVE-2023-50828](CVE-2023/CVE-2023-508xx/CVE-2023-50828.json) (`2023-12-21T15:15:12.990`)
* [CVE-2023-51442](CVE-2023/CVE-2023-514xx/CVE-2023-51442.json) (`2023-12-21T15:15:13.397`)
* [CVE-2023-7035](CVE-2023/CVE-2023-70xx/CVE-2023-7035.json) (`2023-12-21T15:15:13.967`)
* [CVE-2023-7047](CVE-2023/CVE-2023-70xx/CVE-2023-7047.json) (`2023-12-21T15:15:14.427`)
* [CVE-2023-45115](CVE-2023/CVE-2023-451xx/CVE-2023-45115.json) (`2023-12-21T16:15:07.517`)
* [CVE-2023-45116](CVE-2023/CVE-2023-451xx/CVE-2023-45116.json) (`2023-12-21T16:15:08.040`)
* [CVE-2023-45117](CVE-2023/CVE-2023-451xx/CVE-2023-45117.json) (`2023-12-21T16:15:08.380`)
* [CVE-2023-45118](CVE-2023/CVE-2023-451xx/CVE-2023-45118.json) (`2023-12-21T16:15:08.750`)
* [CVE-2023-45119](CVE-2023/CVE-2023-451xx/CVE-2023-45119.json) (`2023-12-21T16:15:09.197`)
* [CVE-2023-48114](CVE-2023/CVE-2023-481xx/CVE-2023-48114.json) (`2023-12-21T15:15:09.587`)
* [CVE-2023-48115](CVE-2023/CVE-2023-481xx/CVE-2023-48115.json) (`2023-12-21T15:15:09.637`)
* [CVE-2023-48116](CVE-2023/CVE-2023-481xx/CVE-2023-48116.json) (`2023-12-21T15:15:09.697`)
* [CVE-2023-4255](CVE-2023/CVE-2023-42xx/CVE-2023-4255.json) (`2023-12-21T16:15:10.017`)
* [CVE-2023-4256](CVE-2023/CVE-2023-42xx/CVE-2023-4256.json) (`2023-12-21T16:15:10.400`)
* [CVE-2023-51048](CVE-2023/CVE-2023-510xx/CVE-2023-51048.json) (`2023-12-21T16:15:10.797`)
* [CVE-2023-51049](CVE-2023/CVE-2023-510xx/CVE-2023-51049.json) (`2023-12-21T16:15:10.903`)
* [CVE-2023-51050](CVE-2023/CVE-2023-510xx/CVE-2023-51050.json) (`2023-12-21T16:15:11.000`)
* [CVE-2023-51051](CVE-2023/CVE-2023-510xx/CVE-2023-51051.json) (`2023-12-21T16:15:11.110`)
* [CVE-2023-51052](CVE-2023/CVE-2023-510xx/CVE-2023-51052.json) (`2023-12-21T16:15:11.220`)
* [CVE-2023-7036](CVE-2023/CVE-2023-70xx/CVE-2023-7036.json) (`2023-12-21T16:15:11.320`)
### CVEs modified in the last Commit
Recently modified CVEs: `20`
Recently modified CVEs: `21`
* [CVE-2023-7025](CVE-2023/CVE-2023-70xx/CVE-2023-7025.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-7026](CVE-2023/CVE-2023-70xx/CVE-2023-7026.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-2585](CVE-2023/CVE-2023-25xx/CVE-2023-2585.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-47265](CVE-2023/CVE-2023-472xx/CVE-2023-47265.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-48291](CVE-2023/CVE-2023-482xx/CVE-2023-48291.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-49920](CVE-2023/CVE-2023-499xx/CVE-2023-49920.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-50783](CVE-2023/CVE-2023-507xx/CVE-2023-50783.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-51655](CVE-2023/CVE-2023-516xx/CVE-2023-51655.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-5988](CVE-2023/CVE-2023-59xx/CVE-2023-5988.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-5989](CVE-2023/CVE-2023-59xx/CVE-2023-5989.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-50473](CVE-2023/CVE-2023-504xx/CVE-2023-50473.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-50475](CVE-2023/CVE-2023-504xx/CVE-2023-50475.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-50477](CVE-2023/CVE-2023-504xx/CVE-2023-50477.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-50481](CVE-2023/CVE-2023-504xx/CVE-2023-50481.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-51656](CVE-2023/CVE-2023-516xx/CVE-2023-51656.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-5594](CVE-2023/CVE-2023-55xx/CVE-2023-5594.json) (`2023-12-21T13:22:15.910`)
* [CVE-2023-46445](CVE-2023/CVE-2023-464xx/CVE-2023-46445.json) (`2023-12-21T14:15:08.013`)
* [CVE-2023-46446](CVE-2023/CVE-2023-464xx/CVE-2023-46446.json) (`2023-12-21T14:15:08.207`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-21T14:15:08.590`)
* [CVE-2023-6832](CVE-2023/CVE-2023-68xx/CVE-2023-6832.json) (`2023-12-21T14:47:05.363`)
* [CVE-2023-6831](CVE-2023/CVE-2023-68xx/CVE-2023-6831.json) (`2023-12-21T15:10:23.390`)
* [CVE-2023-0248](CVE-2023/CVE-2023-02xx/CVE-2023-0248.json) (`2023-12-21T15:12:05.170`)
* [CVE-2023-31438](CVE-2023/CVE-2023-314xx/CVE-2023-31438.json) (`2023-12-21T15:15:08.503`)
* [CVE-2023-31439](CVE-2023/CVE-2023-314xx/CVE-2023-31439.json) (`2023-12-21T15:15:08.630`)
* [CVE-2023-42792](CVE-2023/CVE-2023-427xx/CVE-2023-42792.json) (`2023-12-21T15:15:08.710`)
* [CVE-2023-45498](CVE-2023/CVE-2023-454xx/CVE-2023-45498.json) (`2023-12-21T15:15:08.843`)
* [CVE-2023-45499](CVE-2023/CVE-2023-454xx/CVE-2023-45499.json) (`2023-12-21T15:15:08.953`)
* [CVE-2023-47265](CVE-2023/CVE-2023-472xx/CVE-2023-47265.json) (`2023-12-21T15:15:09.020`)
* [CVE-2023-48291](CVE-2023/CVE-2023-482xx/CVE-2023-48291.json) (`2023-12-21T15:15:09.747`)
* [CVE-2023-49920](CVE-2023/CVE-2023-499xx/CVE-2023-49920.json) (`2023-12-21T15:15:09.817`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-12-21T15:15:09.890`)
* [CVE-2023-50783](CVE-2023/CVE-2023-507xx/CVE-2023-50783.json) (`2023-12-21T15:15:10.860`)
* [CVE-2023-51656](CVE-2023/CVE-2023-516xx/CVE-2023-51656.json) (`2023-12-21T15:15:13.863`)
* [CVE-2023-48382](CVE-2023/CVE-2023-483xx/CVE-2023-48382.json) (`2023-12-21T15:43:01.890`)
* [CVE-2023-48374](CVE-2023/CVE-2023-483xx/CVE-2023-48374.json) (`2023-12-21T15:46:58.293`)
* [CVE-2023-48379](CVE-2023/CVE-2023-483xx/CVE-2023-48379.json) (`2023-12-21T15:50:53.093`)
* [CVE-2023-48378](CVE-2023/CVE-2023-483xx/CVE-2023-48378.json) (`2023-12-21T15:51:05.667`)
* [CVE-2023-48380](CVE-2023/CVE-2023-483xx/CVE-2023-48380.json) (`2023-12-21T15:58:54.407`)
* [CVE-2023-50784](CVE-2023/CVE-2023-507xx/CVE-2023-50784.json) (`2023-12-21T16:09:40.850`)
* [CVE-2023-49189](CVE-2023/CVE-2023-491xx/CVE-2023-49189.json) (`2023-12-21T16:48:17.663`)
* [CVE-2023-49190](CVE-2023/CVE-2023-491xx/CVE-2023-49190.json) (`2023-12-21T16:49:34.847`)
## Download and Usage