From 73ec39824a1e7e90edc6302a98cb00de7573d939 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 21 Dec 2023 17:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-21T17:00:24.950171+00:00 --- CVE-2023/CVE-2023-02xx/CVE-2023-0248.json | 75 ++++++++++++++++- CVE-2023/CVE-2023-226xx/CVE-2023-22674.json | 59 ++++++++++++++ CVE-2023/CVE-2023-314xx/CVE-2023-31438.json | 6 +- CVE-2023/CVE-2023-314xx/CVE-2023-31439.json | 6 +- CVE-2023/CVE-2023-427xx/CVE-2023-42792.json | 8 +- CVE-2023/CVE-2023-42xx/CVE-2023-4255.json | 67 ++++++++++++++++ CVE-2023/CVE-2023-42xx/CVE-2023-4256.json | 59 ++++++++++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45115.json | 59 ++++++++++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45116.json | 59 ++++++++++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45117.json | 59 ++++++++++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45118.json | 59 ++++++++++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45119.json | 59 ++++++++++++++ CVE-2023/CVE-2023-454xx/CVE-2023-45498.json | 8 +- CVE-2023/CVE-2023-454xx/CVE-2023-45499.json | 8 +- CVE-2023/CVE-2023-472xx/CVE-2023-47265.json | 6 +- CVE-2023/CVE-2023-475xx/CVE-2023-47525.json | 55 +++++++++++++ CVE-2023/CVE-2023-475xx/CVE-2023-47527.json | 55 +++++++++++++ CVE-2023/CVE-2023-481xx/CVE-2023-48114.json | 24 ++++++ CVE-2023/CVE-2023-481xx/CVE-2023-48115.json | 24 ++++++ CVE-2023/CVE-2023-481xx/CVE-2023-48116.json | 24 ++++++ CVE-2023/CVE-2023-482xx/CVE-2023-48291.json | 6 +- CVE-2023/CVE-2023-483xx/CVE-2023-48374.json | 58 +++++++++++++- CVE-2023/CVE-2023-483xx/CVE-2023-48378.json | 37 ++++++++- CVE-2023/CVE-2023-483xx/CVE-2023-48379.json | 37 ++++++++- CVE-2023/CVE-2023-483xx/CVE-2023-48380.json | 59 +++++++++++++- CVE-2023/CVE-2023-483xx/CVE-2023-48382.json | 37 ++++++++- CVE-2023/CVE-2023-491xx/CVE-2023-49189.json | 51 +++++++++++- CVE-2023/CVE-2023-491xx/CVE-2023-49190.json | 51 +++++++++++- CVE-2023/CVE-2023-499xx/CVE-2023-49920.json | 6 +- CVE-2023/CVE-2023-49xx/CVE-2023-4911.json | 14 +++- CVE-2023/CVE-2023-501xx/CVE-2023-50119.json | 15 ++++ CVE-2023/CVE-2023-503xx/CVE-2023-50377.json | 55 +++++++++++++ CVE-2023/CVE-2023-507xx/CVE-2023-50724.json | 63 +++++++++++++++ CVE-2023/CVE-2023-507xx/CVE-2023-50783.json | 6 +- CVE-2023/CVE-2023-507xx/CVE-2023-50784.json | 75 +++++++++++++++-- CVE-2023/CVE-2023-508xx/CVE-2023-50822.json | 55 +++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50823.json | 55 +++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50824.json | 55 +++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50825.json | 55 +++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50826.json | 55 +++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50827.json | 55 +++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50828.json | 55 +++++++++++++ CVE-2023/CVE-2023-510xx/CVE-2023-51048.json | 20 +++++ CVE-2023/CVE-2023-510xx/CVE-2023-51049.json | 20 +++++ CVE-2023/CVE-2023-510xx/CVE-2023-51050.json | 20 +++++ CVE-2023/CVE-2023-510xx/CVE-2023-51051.json | 20 +++++ CVE-2023/CVE-2023-510xx/CVE-2023-51052.json | 20 +++++ CVE-2023/CVE-2023-514xx/CVE-2023-51442.json | 59 ++++++++++++++ CVE-2023/CVE-2023-516xx/CVE-2023-51656.json | 6 +- CVE-2023/CVE-2023-68xx/CVE-2023-6831.json | 65 ++++++++++++++- CVE-2023/CVE-2023-70xx/CVE-2023-7035.json | 88 ++++++++++++++++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7036.json | 88 ++++++++++++++++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7047.json | 20 +++++ README.md | 89 ++++++++++++--------- 54 files changed, 2160 insertions(+), 89 deletions(-) create mode 100644 CVE-2023/CVE-2023-226xx/CVE-2023-22674.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4255.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4256.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45115.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45116.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45117.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45118.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45119.json create mode 100644 CVE-2023/CVE-2023-475xx/CVE-2023-47525.json create mode 100644 CVE-2023/CVE-2023-475xx/CVE-2023-47527.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48114.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48115.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48116.json create mode 100644 CVE-2023/CVE-2023-501xx/CVE-2023-50119.json create mode 100644 CVE-2023/CVE-2023-503xx/CVE-2023-50377.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50724.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50822.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50823.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50824.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50825.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50826.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50827.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50828.json create mode 100644 CVE-2023/CVE-2023-510xx/CVE-2023-51048.json create mode 100644 CVE-2023/CVE-2023-510xx/CVE-2023-51049.json create mode 100644 CVE-2023/CVE-2023-510xx/CVE-2023-51050.json create mode 100644 CVE-2023/CVE-2023-510xx/CVE-2023-51051.json create mode 100644 CVE-2023/CVE-2023-510xx/CVE-2023-51052.json create mode 100644 CVE-2023/CVE-2023-514xx/CVE-2023-51442.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7035.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7036.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7047.json diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0248.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0248.json index 4727342702d..34676bca447 100644 --- a/CVE-2023/CVE-2023-02xx/CVE-2023-0248.json +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0248.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0248", "sourceIdentifier": "productsecurity@jci.com", "published": "2023-12-14T21:15:07.553", - "lastModified": "2023-12-15T22:15:07.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T15:12:05.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, { "source": "productsecurity@jci.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + }, { "source": "productsecurity@jci.com", "type": "Secondary", @@ -54,14 +84,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.07.02", + "matchCriteriaId": "2EAD2797-79E8-4ED4-87EC-914F08698414" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FC9CD38-BBD7-4AB8-A7E1-87246BCD7812" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02", - "source": "productsecurity@jci.com" + "source": "productsecurity@jci.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", - "source": "productsecurity@jci.com" + "source": "productsecurity@jci.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22674.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22674.json new file mode 100644 index 00000000000..86c9d160bc0 --- /dev/null +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22674.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-22674", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:08.137", + "lastModified": "2023-12-21T15:15:08.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/dashicons-cpt/wordpress-dashicons-custom-post-types-plugin-1-0-2-broken-access-control?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json index 5318728281f..c44abf278f1 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31438", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.707", - "lastModified": "2023-11-07T04:14:19.130", + "lastModified": "2023-12-21T15:15:08.503", "vulnStatus": "Modified", "descriptions": [ { @@ -78,6 +78,10 @@ "Technical Description" ] }, + { + "url": "https://github.com/systemd/systemd/pull/28886", + "source": "cve@mitre.org" + }, { "url": "https://github.com/systemd/systemd/releases", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json index 8f8a5bc88ac..2672107ab4a 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31439", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.753", - "lastModified": "2023-11-07T04:14:19.180", + "lastModified": "2023-12-21T15:15:08.630", "vulnStatus": "Modified", "descriptions": [ { @@ -79,6 +79,10 @@ "Technical Description" ] }, + { + "url": "https://github.com/systemd/systemd/pull/28885", + "source": "cve@mitre.org" + }, { "url": "https://github.com/systemd/systemd/releases", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42792.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42792.json index cd1ce858615..3fd0537aa1c 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42792.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42792.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42792", "sourceIdentifier": "security@apache.org", "published": "2023-10-14T10:15:10.377", - "lastModified": "2023-10-18T18:50:16.153", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-21T15:15:08.710", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -79,6 +79,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/1", + "source": "security@apache.org" + }, { "url": "https://github.com/apache/airflow/pull/34366", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4255.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4255.json new file mode 100644 index 00000000000..0c562c8e3ce --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4255.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-4255", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-21T16:15:10.017", + "lastModified": "2023-12-21T16:15:10.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/tats/w3m/issues/268", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/tats/w3m/pull/273", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4256.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4256.json new file mode 100644 index 00000000000..9cc72c3a327 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4256.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4256", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-21T16:15:10.400", + "lastModified": "2023-12-21T16:15:10.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255212", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/appneta/tcpreplay/issues/813", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45115.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45115.json new file mode 100644 index 00000000000..2c4e12bf4ed --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45115.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45115", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T16:15:07.517", + "lastModified": "2023-12-21T16:15:07.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'ch' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45116.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45116.json new file mode 100644 index 00000000000..346883f5910 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45116.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45116", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T16:15:08.040", + "lastModified": "2023-12-21T16:15:08.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'demail' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45117.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45117.json new file mode 100644 index 00000000000..667f26e8188 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45117.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45117", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T16:15:08.380", + "lastModified": "2023-12-21T16:15:08.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'eid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45118.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45118.json new file mode 100644 index 00000000000..09c74a9273c --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45118.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45118", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T16:15:08.750", + "lastModified": "2023-12-21T16:15:08.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'fdid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45119.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45119.json new file mode 100644 index 00000000000..8eab9777402 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45119.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45119", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T16:15:09.197", + "lastModified": "2023-12-21T16:15:09.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'n' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45498.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45498.json index 0b3501496e2..da12ab1f168 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45498.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45498.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45498", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T04:15:10.487", - "lastModified": "2023-11-08T14:08:01.397", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-21T15:15:08.843", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -78,6 +78,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Oct/31", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45499.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45499.json index 8d5fbc3fbb4..e772ef47868 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45499.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45499.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45499", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T04:15:10.617", - "lastModified": "2023-11-08T14:07:34.800", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-21T15:15:08.953", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -78,6 +78,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Oct/31", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47265.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47265.json index aa6301eea85..57774c71c66 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47265.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47265.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47265", "sourceIdentifier": "security@apache.org", "published": "2023-12-21T10:15:35.713", - "lastModified": "2023-12-21T13:22:15.910", + "lastModified": "2023-12-21T15:15:09.020", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -28,6 +28,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/2", + "source": "security@apache.org" + }, { "url": "https://github.com/apache/airflow/pull/35460", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47525.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47525.json new file mode 100644 index 00000000000..276f511a9e8 --- /dev/null +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47525.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47525", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:09.097", + "lastModified": "2023-12-21T15:15:09.097", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47527.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47527.json new file mode 100644 index 00000000000..fe0443ace65 --- /dev/null +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47527.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47527", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:09.340", + "lastModified": "2023-12-21T15:15:09.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS.This issue affects WP Edit Username: from n/a through 1.0.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-edit-username/wordpress-wp-edit-username-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48114.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48114.json new file mode 100644 index 00000000000..9204aede01c --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48114.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48114", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T15:15:09.587", + "lastModified": "2023-12-21T16:15:09.620", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114", + "source": "cve@mitre.org" + }, + { + "url": "https://www.smartertools.com/smartermail/release-notes/current", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48115.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48115.json new file mode 100644 index 00000000000..ebaa3c901e4 --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48115.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48115", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T15:15:09.637", + "lastModified": "2023-12-21T16:15:09.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail", + "source": "cve@mitre.org" + }, + { + "url": "https://www.smartertools.com/smartermail/release-notes/current", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48116.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48116.json new file mode 100644 index 00000000000..fa558c6a8d8 --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48116.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48116", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T15:15:09.697", + "lastModified": "2023-12-21T16:15:09.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116", + "source": "cve@mitre.org" + }, + { + "url": "https://www.smartertools.com/smartermail/release-notes/current", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48291.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48291.json index f38179a6042..668525d8254 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48291.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48291.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48291", "sourceIdentifier": "security@apache.org", "published": "2023-12-21T10:15:36.043", - "lastModified": "2023-12-21T13:22:15.910", + "lastModified": "2023-12-21T15:15:09.747", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -28,6 +28,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/1", + "source": "security@apache.org" + }, { "url": "https://github.com/apache/airflow/pull/34366", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48374.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48374.json index e189e2d97ee..3e39bb4bae6 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48374.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48374", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-12-15T08:15:44.563", - "lastModified": "2023-12-15T13:42:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T15:46:58.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,10 +35,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 2.5 + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "twcert@cert.org.tw", "type": "Secondary", @@ -50,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*", + "matchCriteriaId": "10CC0021-D5D9-4794-9ABE-DF8F1B21F6A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48378.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48378.json index 793fb42c90b..d456cc8e3ab 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48378.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48378.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48378", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-12-15T08:15:45.547", - "lastModified": "2023-12-15T13:42:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T15:51:05.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -39,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "twcert@cert.org.tw", "type": "Secondary", @@ -50,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*", + "versionEndIncluding": "230330", + "matchCriteriaId": "FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48379.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48379.json index 4eac1eebe14..7d186ecbdcf 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48379.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48379.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48379", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-12-15T08:15:45.803", - "lastModified": "2023-12-15T13:42:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T15:50:53.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -39,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "twcert@cert.org.tw", "type": "Secondary", @@ -50,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*", + "versionEndIncluding": "230330", + "matchCriteriaId": "FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7597-fff54-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48380.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48380.json index ab8f85805ac..9bd3a424f4d 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48380.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48380.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48380", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-12-15T09:15:07.577", - "lastModified": "2023-12-15T13:42:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T15:58:54.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "twcert@cert.org.tw", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230330", + "matchCriteriaId": "30D54AFA-951B-44FD-84F6-0C16F338E2CE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7598-37b03-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48382.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48382.json index ed6bc6d1c01..40b50d55efb 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48382.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48382.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48382", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-12-15T09:15:07.967", - "lastModified": "2023-12-15T13:42:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T15:43:01.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -39,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "twcert@cert.org.tw", "type": "Secondary", @@ -50,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230330", + "matchCriteriaId": "30D54AFA-951B-44FD-84F6-0C16F338E2CE" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7600-dd072-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49189.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49189.json index f819c201d23..5a3bd95c080 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49189.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49189.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49189", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-15T16:15:43.913", - "lastModified": "2023-12-15T16:53:06.030", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T16:48:17.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: from n/a through 4.3.12.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io permite XSS almacenado. Este problema afecta a Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: de n/a hasta el 4.3.12." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getsocial:social_share_buttons_\\&_analytics:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.3.12", + "matchCriteriaId": "BFA63335-888A-42EB-9FC0-1F5E26B084D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-share-buttons-analytics-by-getsocial/wordpress-social-share-buttons-analytics-plugin-getsocial-io-plugin-4-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49190.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49190.json index f9773d7c02e..24ebe678145 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49190.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49190.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49190", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-15T16:15:44.120", - "lastModified": "2023-12-15T16:53:06.030", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T16:49:34.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode permite almacenar XSS. Este problema afecta a Site Offline Or Coming Soon Or Maintenance Mode: desde n/a hasta 1.5.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freehtmldesigns:site_offline:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.6", + "matchCriteriaId": "7D8C7701-3549-40A3-B5BA-7DC967FE465E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/site-offline/wordpress-site-offline-or-coming-soon-or-maintenance-mode-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49920.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49920.json index 3060b1b62af..4bed2d5e507 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49920.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49920.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49920", "sourceIdentifier": "security@apache.org", "published": "2023-12-21T10:15:36.330", - "lastModified": "2023-12-21T13:22:15.910", + "lastModified": "2023-12-21T15:15:09.817", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -28,6 +28,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/3", + "source": "security@apache.org" + }, { "url": "https://github.com/apache/airflow/pull/36026", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json index 36459dd28a0..5c1067b87ba 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json @@ -2,8 +2,12 @@ "id": "CVE-2023-4911", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-03T18:15:10.463", - "lastModified": "2023-11-07T04:23:09.110", + "lastModified": "2023-12-21T15:15:09.890", "vulnStatus": "Undergoing Analysis", + "cisaExploitAdd": "2023-11-21", + "cisaActionDue": "2023-12-12", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "GNU C Library Buffer Overflow Vulnerability", "descriptions": [ { "lang": "en", @@ -37,7 +41,7 @@ "impactScore": 5.9 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +74,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -152,6 +156,10 @@ "url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html", "source": "secalert@redhat.com" }, + { + "url": "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html", + "source": "secalert@redhat.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Oct/11", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50119.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50119.json new file mode 100644 index 00000000000..fc77b5813be --- /dev/null +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50119.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-50119", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T15:15:10.157", + "lastModified": "2023-12-21T15:15:10.157", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45292. Reason: This record is a reservation duplicate of CVE-2023-45292. Notes: All CVE users should reference CVE-2023-45292 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50377.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50377.json new file mode 100644 index 00000000000..4d5f7047e00 --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50377.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50377", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:10.290", + "lastModified": "2023-12-21T15:15:10.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.This issue affects Simple Counter: from n/a through 1.0.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/abwp-simple-counter/wordpress-simple-counter-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50724.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50724.json new file mode 100644 index 00000000000..e69ec769df0 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50724.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50724", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-21T15:15:10.573", + "lastModified": "2023-12-21T15:15:10.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Resque (pronounced like \"rescue\") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/resque/resque/issues/1679", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/resque/resque/pull/1687", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50783.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50783.json index 99adb47274e..72160ed0015 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50783.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50783.json @@ -2,7 +2,7 @@ "id": "CVE-2023-50783", "sourceIdentifier": "security@apache.org", "published": "2023-12-21T10:15:36.607", - "lastModified": "2023-12-21T13:22:15.910", + "lastModified": "2023-12-21T15:15:10.860", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -28,6 +28,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/4", + "source": "security@apache.org" + }, { "url": "https://github.com/apache/airflow/pull/33932", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json index 737d104e86c..bf89b6e44bb 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json @@ -2,23 +2,88 @@ "id": "CVE-2023-50784", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-16T23:15:40.770", - "lastModified": "2023-12-18T14:05:28.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T16:09:40.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms." + }, + { + "lang": "es", + "value": "Un desbordamiento de b\u00fafer en websockets en UnrealIRCd 6.1.0 hasta 6.1.3 anterior a 6.1.4 permite que un atacante remoto no autenticado bloquee el servidor enviando un paquete de gran tama\u00f1o (si un puerto websocket est\u00e1 abierto). La ejecuci\u00f3n remota de c\u00f3digo podr\u00eda ser posible en algunas plataformas antiguas y poco comunes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.1.4", + "matchCriteriaId": "574ACE08-97D7-4495-BF19-0F2EA0631ECA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://forums.unrealircd.org/viewtopic.php?t=9340", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.unrealircd.org/index/news", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50822.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50822.json new file mode 100644 index 00000000000..76afb0e314d --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50822.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50822", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:10.927", + "lastModified": "2023-12-21T15:15:10.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget \u2013 Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget \u2013 Exchange Rates: from n/a through 3.0.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/currency-converter-widget/wordpress-currency-converter-widget-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50823.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50823.json new file mode 100644 index 00000000000..9a9f26bfff3 --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50823.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50823", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:11.187", + "lastModified": "2023-12-21T15:15:11.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/css-javascript-toolbox/wordpress-css-javascript-toolbox-plugin-11-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50824.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50824.json new file mode 100644 index 00000000000..b6c9f6ddb3d --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50824.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50824", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:11.487", + "lastModified": "2023-12-21T15:15:11.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/insert-or-embed-articulate-content-into-wordpress/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000021-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50825.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50825.json new file mode 100644 index 00000000000..c8f22c37d1c --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50825.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50825", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:11.953", + "lastModified": "2023-12-21T15:15:11.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/iframe-shortcode/wordpress-iframe-shortcode-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50826.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50826.json new file mode 100644 index 00000000000..b83e733f796 --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50826.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50826", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:12.213", + "lastModified": "2023-12-21T15:15:12.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.This issue affects Menu Image, Icons made easy: from n/a through 3.10.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/menu-image/wordpress-menu-image-icons-made-easy-plugin-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50827.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50827.json new file mode 100644 index 00000000000..4e3ad6776c7 --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50827.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50827", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:12.497", + "lastModified": "2023-12-21T15:15:12.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/accredible-certificates/wordpress-accredible-certificates-open-badges-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50828.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50828.json new file mode 100644 index 00000000000..01e41184ceb --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50828.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50828", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T15:15:12.990", + "lastModified": "2023-12-21T15:15:12.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard \u2013 Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard \u2013 Custom WordPress Dashboard: from n/a through 3.7.11.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ultimate-dashboard/wordpress-ultimate-dashboard-plugin-3-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51048.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51048.json new file mode 100644 index 00000000000..ab463b97df9 --- /dev/null +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51048.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51048", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T16:15:10.797", + "lastModified": "2023-12-21T16:15:10.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51049.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51049.json new file mode 100644 index 00000000000..813d939696d --- /dev/null +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51049.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51049", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T16:15:10.903", + "lastModified": "2023-12-21T16:15:10.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51050.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51050.json new file mode 100644 index 00000000000..2d317d0d082 --- /dev/null +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51050.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51050", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T16:15:11.000", + "lastModified": "2023-12-21T16:15:11.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51051.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51051.json new file mode 100644 index 00000000000..188bc01589c --- /dev/null +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51051.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51051", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T16:15:11.110", + "lastModified": "2023-12-21T16:15:11.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51052.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51052.json new file mode 100644 index 00000000000..b6db3dc72f4 --- /dev/null +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51052.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51052", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-21T16:15:11.220", + "lastModified": "2023-12-21T16:15:11.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51442.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51442.json new file mode 100644 index 00000000000..c4178783b84 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51442.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51442", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-21T15:15:13.397", + "lastModified": "2023-12-21T15:15:13.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key \"not so secret\". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json index 3d8904b8366..7adfe1f28b6 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51656", "sourceIdentifier": "security@apache.org", "published": "2023-12-21T12:15:08.050", - "lastModified": "2023-12-21T13:22:15.910", + "lastModified": "2023-12-21T15:15:13.863", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/5", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/zy3klwpv11vl5n65josbfo2fyzxg3dxc", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json index b5322deec41..49bfe5f3c56 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6831", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-15T01:15:08.140", - "lastModified": "2023-12-15T13:42:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T15:10:23.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -39,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security@huntr.dev", "type": "Secondary", @@ -50,14 +82,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.9.2", + "matchCriteriaId": "6B5585E2-CC70-4BED-AA89-B791F081ACFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7035.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7035.json new file mode 100644 index 00000000000..55fb9d0688e --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7035.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7035", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-21T15:15:13.967", + "lastModified": "2023-12-21T15:15:13.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\\standard\\templates\\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Stored%20Cross%20Site%20Scripting%20(XSS)", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.248684", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.248684", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7036.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7036.json new file mode 100644 index 00000000000..dd2dadf1f31 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7036.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7036", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-21T16:15:11.320", + "lastModified": "2023-12-21T16:15:11.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.248685", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.248685", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7047.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7047.json new file mode 100644 index 00000000000..8a26c3b152d --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7047.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-7047", + "sourceIdentifier": "security@devolutions.net", + "published": "2023-12-21T15:15:14.427", + "lastModified": "2023-12-21T15:15:14.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nInadequate validation of permissions when employing remote tools and \nmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and \nearlier permits a user to initiate a connection without proper execution\n rights via the remote tools feature. This affects only SQL data sources.\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2023-0024/", + "source": "security@devolutions.net" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6155e210e96..67f4e2b882d 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-21T15:00:24.355779+00:00 +2023-12-21T17:00:24.950171+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-21T14:47:05.363000+00:00 +2023-12-21T16:49:34.847000+00:00 ``` ### Last Data Feed Release @@ -23,56 +23,71 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-12-21T01:00:28.247707+00:00 +2023-12-21T15:02:34.756081+00:00 ``` ### Total Number of included CVEs ```plain -233945 +233977 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `32` -* [CVE-2022-45377](CVE-2022/CVE-2022-453xx/CVE-2022-45377.json) (`2023-12-21T13:15:08.330`) -* [CVE-2023-32242](CVE-2023/CVE-2023-322xx/CVE-2023-32242.json) (`2023-12-21T13:15:08.710`) -* [CVE-2023-49762](CVE-2023/CVE-2023-497xx/CVE-2023-49762.json) (`2023-12-21T13:15:08.990`) -* [CVE-2023-49778](CVE-2023/CVE-2023-497xx/CVE-2023-49778.json) (`2023-12-21T13:15:09.287`) -* [CVE-2023-49826](CVE-2023/CVE-2023-498xx/CVE-2023-49826.json) (`2023-12-21T13:15:09.557`) -* [CVE-2023-28421](CVE-2023/CVE-2023-284xx/CVE-2023-28421.json) (`2023-12-21T14:15:07.370`) -* [CVE-2023-2487](CVE-2023/CVE-2023-24xx/CVE-2023-2487.json) (`2023-12-21T14:15:07.750`) -* [CVE-2023-48288](CVE-2023/CVE-2023-482xx/CVE-2023-48288.json) (`2023-12-21T14:15:08.293`) -* [CVE-2023-49162](CVE-2023/CVE-2023-491xx/CVE-2023-49162.json) (`2023-12-21T14:15:08.773`) -* [CVE-2023-6122](CVE-2023/CVE-2023-61xx/CVE-2023-6122.json) (`2023-12-21T14:15:09.063`) -* [CVE-2023-6145](CVE-2023/CVE-2023-61xx/CVE-2023-6145.json) (`2023-12-21T14:15:09.430`) +* [CVE-2023-50823](CVE-2023/CVE-2023-508xx/CVE-2023-50823.json) (`2023-12-21T15:15:11.187`) +* [CVE-2023-50824](CVE-2023/CVE-2023-508xx/CVE-2023-50824.json) (`2023-12-21T15:15:11.487`) +* [CVE-2023-50825](CVE-2023/CVE-2023-508xx/CVE-2023-50825.json) (`2023-12-21T15:15:11.953`) +* [CVE-2023-50826](CVE-2023/CVE-2023-508xx/CVE-2023-50826.json) (`2023-12-21T15:15:12.213`) +* [CVE-2023-50827](CVE-2023/CVE-2023-508xx/CVE-2023-50827.json) (`2023-12-21T15:15:12.497`) +* [CVE-2023-50828](CVE-2023/CVE-2023-508xx/CVE-2023-50828.json) (`2023-12-21T15:15:12.990`) +* [CVE-2023-51442](CVE-2023/CVE-2023-514xx/CVE-2023-51442.json) (`2023-12-21T15:15:13.397`) +* [CVE-2023-7035](CVE-2023/CVE-2023-70xx/CVE-2023-7035.json) (`2023-12-21T15:15:13.967`) +* [CVE-2023-7047](CVE-2023/CVE-2023-70xx/CVE-2023-7047.json) (`2023-12-21T15:15:14.427`) +* [CVE-2023-45115](CVE-2023/CVE-2023-451xx/CVE-2023-45115.json) (`2023-12-21T16:15:07.517`) +* [CVE-2023-45116](CVE-2023/CVE-2023-451xx/CVE-2023-45116.json) (`2023-12-21T16:15:08.040`) +* [CVE-2023-45117](CVE-2023/CVE-2023-451xx/CVE-2023-45117.json) (`2023-12-21T16:15:08.380`) +* [CVE-2023-45118](CVE-2023/CVE-2023-451xx/CVE-2023-45118.json) (`2023-12-21T16:15:08.750`) +* [CVE-2023-45119](CVE-2023/CVE-2023-451xx/CVE-2023-45119.json) (`2023-12-21T16:15:09.197`) +* [CVE-2023-48114](CVE-2023/CVE-2023-481xx/CVE-2023-48114.json) (`2023-12-21T15:15:09.587`) +* [CVE-2023-48115](CVE-2023/CVE-2023-481xx/CVE-2023-48115.json) (`2023-12-21T15:15:09.637`) +* [CVE-2023-48116](CVE-2023/CVE-2023-481xx/CVE-2023-48116.json) (`2023-12-21T15:15:09.697`) +* [CVE-2023-4255](CVE-2023/CVE-2023-42xx/CVE-2023-4255.json) (`2023-12-21T16:15:10.017`) +* [CVE-2023-4256](CVE-2023/CVE-2023-42xx/CVE-2023-4256.json) (`2023-12-21T16:15:10.400`) +* [CVE-2023-51048](CVE-2023/CVE-2023-510xx/CVE-2023-51048.json) (`2023-12-21T16:15:10.797`) +* [CVE-2023-51049](CVE-2023/CVE-2023-510xx/CVE-2023-51049.json) (`2023-12-21T16:15:10.903`) +* [CVE-2023-51050](CVE-2023/CVE-2023-510xx/CVE-2023-51050.json) (`2023-12-21T16:15:11.000`) +* [CVE-2023-51051](CVE-2023/CVE-2023-510xx/CVE-2023-51051.json) (`2023-12-21T16:15:11.110`) +* [CVE-2023-51052](CVE-2023/CVE-2023-510xx/CVE-2023-51052.json) (`2023-12-21T16:15:11.220`) +* [CVE-2023-7036](CVE-2023/CVE-2023-70xx/CVE-2023-7036.json) (`2023-12-21T16:15:11.320`) ### CVEs modified in the last Commit -Recently modified CVEs: `20` +Recently modified CVEs: `21` -* [CVE-2023-7025](CVE-2023/CVE-2023-70xx/CVE-2023-7025.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-7026](CVE-2023/CVE-2023-70xx/CVE-2023-7026.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-2585](CVE-2023/CVE-2023-25xx/CVE-2023-2585.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-47265](CVE-2023/CVE-2023-472xx/CVE-2023-47265.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-48291](CVE-2023/CVE-2023-482xx/CVE-2023-48291.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-49920](CVE-2023/CVE-2023-499xx/CVE-2023-49920.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-50783](CVE-2023/CVE-2023-507xx/CVE-2023-50783.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-51655](CVE-2023/CVE-2023-516xx/CVE-2023-51655.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-5988](CVE-2023/CVE-2023-59xx/CVE-2023-5988.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-5989](CVE-2023/CVE-2023-59xx/CVE-2023-5989.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-50473](CVE-2023/CVE-2023-504xx/CVE-2023-50473.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-50475](CVE-2023/CVE-2023-504xx/CVE-2023-50475.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-50477](CVE-2023/CVE-2023-504xx/CVE-2023-50477.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-50481](CVE-2023/CVE-2023-504xx/CVE-2023-50481.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-51656](CVE-2023/CVE-2023-516xx/CVE-2023-51656.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-5594](CVE-2023/CVE-2023-55xx/CVE-2023-5594.json) (`2023-12-21T13:22:15.910`) -* [CVE-2023-46445](CVE-2023/CVE-2023-464xx/CVE-2023-46445.json) (`2023-12-21T14:15:08.013`) -* [CVE-2023-46446](CVE-2023/CVE-2023-464xx/CVE-2023-46446.json) (`2023-12-21T14:15:08.207`) -* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-21T14:15:08.590`) -* [CVE-2023-6832](CVE-2023/CVE-2023-68xx/CVE-2023-6832.json) (`2023-12-21T14:47:05.363`) +* [CVE-2023-6831](CVE-2023/CVE-2023-68xx/CVE-2023-6831.json) (`2023-12-21T15:10:23.390`) +* [CVE-2023-0248](CVE-2023/CVE-2023-02xx/CVE-2023-0248.json) (`2023-12-21T15:12:05.170`) +* [CVE-2023-31438](CVE-2023/CVE-2023-314xx/CVE-2023-31438.json) (`2023-12-21T15:15:08.503`) +* [CVE-2023-31439](CVE-2023/CVE-2023-314xx/CVE-2023-31439.json) (`2023-12-21T15:15:08.630`) +* [CVE-2023-42792](CVE-2023/CVE-2023-427xx/CVE-2023-42792.json) (`2023-12-21T15:15:08.710`) +* [CVE-2023-45498](CVE-2023/CVE-2023-454xx/CVE-2023-45498.json) (`2023-12-21T15:15:08.843`) +* [CVE-2023-45499](CVE-2023/CVE-2023-454xx/CVE-2023-45499.json) (`2023-12-21T15:15:08.953`) +* [CVE-2023-47265](CVE-2023/CVE-2023-472xx/CVE-2023-47265.json) (`2023-12-21T15:15:09.020`) +* [CVE-2023-48291](CVE-2023/CVE-2023-482xx/CVE-2023-48291.json) (`2023-12-21T15:15:09.747`) +* [CVE-2023-49920](CVE-2023/CVE-2023-499xx/CVE-2023-49920.json) (`2023-12-21T15:15:09.817`) +* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-12-21T15:15:09.890`) +* [CVE-2023-50783](CVE-2023/CVE-2023-507xx/CVE-2023-50783.json) (`2023-12-21T15:15:10.860`) +* [CVE-2023-51656](CVE-2023/CVE-2023-516xx/CVE-2023-51656.json) (`2023-12-21T15:15:13.863`) +* [CVE-2023-48382](CVE-2023/CVE-2023-483xx/CVE-2023-48382.json) (`2023-12-21T15:43:01.890`) +* [CVE-2023-48374](CVE-2023/CVE-2023-483xx/CVE-2023-48374.json) (`2023-12-21T15:46:58.293`) +* [CVE-2023-48379](CVE-2023/CVE-2023-483xx/CVE-2023-48379.json) (`2023-12-21T15:50:53.093`) +* [CVE-2023-48378](CVE-2023/CVE-2023-483xx/CVE-2023-48378.json) (`2023-12-21T15:51:05.667`) +* [CVE-2023-48380](CVE-2023/CVE-2023-483xx/CVE-2023-48380.json) (`2023-12-21T15:58:54.407`) +* [CVE-2023-50784](CVE-2023/CVE-2023-507xx/CVE-2023-50784.json) (`2023-12-21T16:09:40.850`) +* [CVE-2023-49189](CVE-2023/CVE-2023-491xx/CVE-2023-49189.json) (`2023-12-21T16:48:17.663`) +* [CVE-2023-49190](CVE-2023/CVE-2023-491xx/CVE-2023-49190.json) (`2023-12-21T16:49:34.847`) ## Download and Usage