admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-11T13:00:55.136401+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-11 13:00:58 +00:00
parent 12ca42bc0a
commit 77b996cb73
32 changed files with 330 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-486xx/CVE-2022-48614.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-48614",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.410",
"lastModified": "2023-12-10T19:15:07.410",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS."
},
{
"lang": "es",
"value": "Especial:Preguntar en Semantic MediaWiki antes de 4.0.2 permite Reflected XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-484xx/CVE-2023-48417.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48417",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-11T06:15:42.667",
"lastModified": "2023-12-11T06:15:42.667",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application"
},
{
"lang": "es",
"value": "Verificaciones de permisos faltantes que resultan en acceso no autorizado y manipulaci\u00f3n en la aplicaci\u00f3n KeyChainActivity"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-484xx/CVE-2023-48424.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48424",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-11T06:15:42.767",
"lastModified": "2023-12-11T06:15:42.767",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "U-Boot shell vulnerability resulting in Privilege escalation in a production device"
},
{
"lang": "es",
"value": "Vulnerabilidad del shell U-Boot que provoca una escalada de privilegios en un dispositivo de producci\u00f3n"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-484xx/CVE-2023-48425.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48425",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-11T06:15:42.813",
"lastModified": "2023-12-11T06:15:42.813",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "U-Boot vulnerability resulting in persistent Code Execution\u00a0"
},
{
"lang": "es",
"value": "Vulnerabilidad de U-Boot que resulta en una ejecuci\u00f3n de c\u00f3digo persistente"
}
],
"metrics": {},

47
CVE-2023/CVE-2023-486xx/CVE-2023-48698.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48698",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T01:15:09.353",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T12:52:26.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,10 +74,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:azure_rtos_usbx:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.0",
"matchCriteriaId": "8DFED452-108C-4B30-95FD-076DB22072F5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-grhp-f66q-x857",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-493xx/CVE-2023-49355.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49355",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T07:15:07.003",
"lastModified": "2023-12-11T07:15:07.003",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the \" []-1.2e-1111111111\" input."
},
{
"lang": "es",
"value": "decToString en decNumber/decNumber.c en jq 88f01a7 tiene una escritura fuera de los l\u00edmites de un byte a trav\u00e9s de la entrada \"[]-1.2e-1111111111\"."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-499xx/CVE-2023-49964.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49964",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T08:15:06.603",
"lastModified": "2023-12-11T08:15:06.603",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Hyland Alfresco Community Edition hasta 7.2.0. Al insertar contenido malicioso en el archivo folder.get.html.ftl, un atacante puede realizar ataques SSTI (inyecci\u00f3n de plantilla del lado del servidor), que pueden aprovechar los objetos expuestos de FreeMarker para evitar las restricciones y lograr RCE (ejecuci\u00f3n remota de c\u00f3digo). NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2020-12873."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50446.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50446",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T17:15:07.070",
"lastModified": "2023-12-10T17:15:07.070",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la aplicaci\u00f3n Mullvad VPN para Windows antes de 2023.6-beta1. Los permisos insuficientes en un directorio permiten que cualquier usuario local sin privilegios escale privilegios al SYSTEM."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50449.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50449",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T18:15:07.103",
"lastModified": "2023-12-10T18:15:07.103",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter."
},
{
"lang": "es",
"value": "JFinalCMS 5.0.0 podr\u00eda permitir a un atacante remoto leer archivos a trav\u00e9s de ../ Directory Traversal en el par\u00e1metro /common/down/file fileKey."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50453.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50453",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.480",
"lastModified": "2023-12-10T19:15:07.480",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.2.0. Utiliza el endpoint p\u00fablico /api/v1/signshow para su pantalla de inicio de sesi\u00f3n. Este endpoint devuelve datos de configuraci\u00f3n interna de los atributos del objeto del usuario, como valores seleccionables, que no deber\u00edan ser visibles para el p\u00fablico."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50454.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50454",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.530",
"lastModified": "2023-12-10T19:15:07.530",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.2.0. En varios subsistemas, se utiliz\u00f3 SSL/TLS para establecer conexiones a servicios externos sin la validaci\u00f3n adecuada del nombre de host y la autoridad certificadora. Esto es aprovechable por atacantes intermediarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50455.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50455",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.580",
"lastModified": "2023-12-10T19:15:07.580",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the \"email address verification\" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.2.0. Debido a la falta de limitaci\u00f3n de velocidad en la funci\u00f3n \"verificaci\u00f3n de direcci\u00f3n de correo electr\u00f3nico\", un atacante podr\u00eda enviar muchas solicitudes a una direcci\u00f3n conocida para provocar una denegaci\u00f3n de servicio (generaci\u00f3n de muchos correos electr\u00f3nicos, que tambi\u00e9n enviar\u00edan spam a la v\u00edctima)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50456.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50456",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.637",
"lastModified": "2023-12-10T19:15:07.637",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.2.0. Un atacante puede activar enlaces de phishing en correos electr\u00f3nicos de notificaci\u00f3n generados a trav\u00e9s de un nombre o apellido manipulados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50457.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50457",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.687",
"lastModified": "2023-12-10T19:15:07.687",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.2.0. Al enumerar tickets vinculados a una respuesta de la base de conocimientos, o respuestas de la base de conocimientos de un ticket, un usuario podr\u00eda ver entradas para las que carece de permisos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50463.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50463",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T23:15:07.247",
"lastModified": "2023-12-10T23:15:07.247",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions)."
},
{
"lang": "es",
"value": "El middleware caddy-geo-ip (tambi\u00e9n conocido como GeoIP) hasta la versi\u00f3n 0.6.0 para Caddy 2, cuando se utiliza trust_header X-Forwarded-For, permite a los atacantes falsificar su direcci\u00f3n IP de origen a trav\u00e9s de un encabezado X-Forwarded-For, que puede eludir un mecanismo de protecci\u00f3n (directiva Trusted_proxy en Reverse_Proxy o restricciones de rango de direcciones IP)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-504xx/CVE-2023-50465.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50465",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T01:15:07.013",
"lastModified": "2023-12-11T01:15:07.013",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Monica (tambi\u00e9n conocida como MonicaHQ) 4.0.0 a trav\u00e9s de un documento SVG subido por un usuario autenticado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-55xx/CVE-2023-5500.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5500",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-11T07:15:07.160",
"lastModified": "2023-12-11T07:15:07.160",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a un atacante remoto con pocos privilegios hacer un uso indebido del control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") para obtener el control total del dispositivo afectado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5868.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5868",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.163",
"lastModified": "2023-12-10T18:15:07.163",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de divulgaci\u00f3n de memoria en PostgreSQL que permite a usuarios remotos acceder a informaci\u00f3n confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \"desconocido\". El manejo de valores de tipo \"desconocido\" de cadenas literales sin designaci\u00f3n de tipo puede revelar bytes, lo que potencialmente revela informaci\u00f3n importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5869.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5869",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.410",
"lastModified": "2023-12-10T18:15:07.410",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar c\u00f3digo arbitrario al faltar verificaciones de desbordamiento durante la modificaci\u00f3n del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificaci\u00f3n de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. Esto permite la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema de destino, lo que permite a los usuarios escribir bytes arbitrarios en la memoria y leer ampliamente la memoria del servidor."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5870.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5870",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.643",
"lastModified": "2023-12-10T18:15:07.643",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en PostgreSQL que involucra la funci\u00f3n pg_cancel_backend que se\u00f1ala a los trabajadores en segundo plano, incluido el iniciador de replicaci\u00f3n l\u00f3gica, los trabajadores de autovacuum y el iniciador de autovacuum. La explotaci\u00f3n exitosa requiere una extensi\u00f3n no central con un trabajador en segundo plano menos resistente y afectar\u00eda \u00fanicamente a ese trabajador en segundo plano espec\u00edfico. Este problema puede permitir que un usuario remoto con privilegios elevados lance un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6181.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6181",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-11T06:15:42.893",
"lastModified": "2023-12-11T06:15:42.893",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An oversight in BCB handling of reboot reason that allows for persistent code execution"
},
{
"lang": "es",
"value": "Un descuido en el manejo del BCB del motivo de reinicio que permite la ejecuci\u00f3n persistente del c\u00f3digo."
}
],
"metrics": {},

43
CVE-2023/CVE-2023-61xx/CVE-2023-6185.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-6185",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2023-12-11T12:15:07.037",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@documentfoundation.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185",
"source": "security@documentfoundation.org"
}
]
}

43
CVE-2023/CVE-2023-61xx/CVE-2023-6186.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-6186",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2023-12-11T12:15:07.713",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\n\nIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@documentfoundation.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186",
"source": "security@documentfoundation.org"
}
]
}

8
CVE-2023/CVE-2023-66xx/CVE-2023-6652.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6652",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T12:15:07.310",
"lastModified": "2023-12-10T12:15:07.310",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los proyectos de c\u00f3digo Matrimonial Site 1.0. Ha sido declarada cr\u00edtica. La funci\u00f3n registro del archivo /register.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247345."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6653.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6653",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T13:15:07.073",
"lastModified": "2023-12-10T13:15:07.073",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Teacher Subject Allocation Management System 1.0. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/subject.php del componente Create a new Subject es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento cid conduce a cross-site request forgery. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-247346 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6654.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6654",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T15:15:07.160",
"lastModified": "2023-12-10T15:15:07.160",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPEMS 6.x/7.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida en la librer\u00eda lib/session.cls.php del componente Session Data Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247357."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6655.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6655",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T16:15:07.067",
"lastModified": "2023-12-10T16:15:07.067",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Hongjing e-HR 2020 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree es afectada por esta vulnerabilidad del componente Interfaz de Inicio de Sesi\u00f3n. La manipulaci\u00f3n del argumento parentid conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-247358 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6656.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6656",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T21:15:07.093",
"lastModified": "2023-12-10T21:15:07.093",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en DF.wf.288res.384.92.72.22 previamente entrenado en DeepFaceLab. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo DFLIMG/DFLJPG.py es afectada por este problema. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque puede lanzarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El identificador de esta vulnerabilidad es VDB-247364. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6657.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6657",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T21:15:07.343",
"lastModified": "2023-12-10T21:15:07.343",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en SourceCodester Simple Student Attendance System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /modals/student_form.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247365.Una vulnerabilidad ha sido encontrada en SourceCodester Simple Student Attendance System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /modals/student_form.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247365."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6658.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6658",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T23:15:07.313",
"lastModified": "2023-12-10T23:15:07.313",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Simple Student Attendance System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo ajax-api.php?action=save_attendance. La manipulaci\u00f3n del argumento class_id conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-247366 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6659.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6659",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-11T01:15:07.073",
"lastModified": "2023-12-11T01:15:07.073",
"vulnStatus": "Received",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0. This issue affects some unknown processing of the file /libsystem/login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247367."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Campcodes Web-Based Student Clearance System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /libsystem/login.php. La manipulaci\u00f3n del argumento estudiante conduce a la inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-247367."
}
],
"metrics": {

38
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-11T11:00:18.978799+00:00
2023-12-11T13:00:55.136401+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-11T09:15:06.907000+00:00
2023-12-11T12:52:26.990000+00:00
```
### Last Data Feed Release
@ -29,20 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232704
232706
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `2`
* [CVE-2023-6185](CVE-2023/CVE-2023-61xx/CVE-2023-6185.json) (`2023-12-11T12:15:07.037`)
* [CVE-2023-6186](CVE-2023/CVE-2023-61xx/CVE-2023-6186.json) (`2023-12-11T12:15:07.713`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `29`
* [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2023-12-11T09:15:06.907`)
* [CVE-2023-50456](CVE-2023/CVE-2023-504xx/CVE-2023-50456.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-50457](CVE-2023/CVE-2023-504xx/CVE-2023-50457.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-6656](CVE-2023/CVE-2023-66xx/CVE-2023-6656.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-6657](CVE-2023/CVE-2023-66xx/CVE-2023-6657.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-50463](CVE-2023/CVE-2023-504xx/CVE-2023-50463.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-6658](CVE-2023/CVE-2023-66xx/CVE-2023-6658.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-50465](CVE-2023/CVE-2023-504xx/CVE-2023-50465.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-6659](CVE-2023/CVE-2023-66xx/CVE-2023-6659.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-48417](CVE-2023/CVE-2023-484xx/CVE-2023-48417.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-48424](CVE-2023/CVE-2023-484xx/CVE-2023-48424.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-48425](CVE-2023/CVE-2023-484xx/CVE-2023-48425.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-6181](CVE-2023/CVE-2023-61xx/CVE-2023-6181.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-49355](CVE-2023/CVE-2023-493xx/CVE-2023-49355.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-5500](CVE-2023/CVE-2023-55xx/CVE-2023-5500.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-49964](CVE-2023/CVE-2023-499xx/CVE-2023-49964.json) (`2023-12-11T12:20:45.887`)
* [CVE-2023-6652](CVE-2023/CVE-2023-66xx/CVE-2023-6652.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-6653](CVE-2023/CVE-2023-66xx/CVE-2023-6653.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-6654](CVE-2023/CVE-2023-66xx/CVE-2023-6654.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-6655](CVE-2023/CVE-2023-66xx/CVE-2023-6655.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-50446](CVE-2023/CVE-2023-504xx/CVE-2023-50446.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-50449](CVE-2023/CVE-2023-504xx/CVE-2023-50449.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2023-12-11T12:20:50.310`)
* [CVE-2023-48698](CVE-2023/CVE-2023-486xx/CVE-2023-48698.json) (`2023-12-11T12:52:26.990`)
## Download and Usage