admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-22T13:00:25.280449+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-22 13:00:29 +00:00
parent 5816545a19
commit 7a6fcf0e8c
111 changed files with 2384 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-475xx/CVE-2022-47532.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-47532",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T04:15:08.610",
"lastModified": "2023-12-22T04:15:08.610",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FileRun 20220519 allows SQL Injection via the \"dir\" parameter in a /?module=users&section=cpanel&page=list request."
},
{
"lang": "es",
"value": "FileRun 20220519 permite la inyecci\u00f3n de SQL a trav\u00e9s del par\u00e1metro \"dir\" en una solicitud /?module=users&section=cpanel&page=list."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-246xx/CVE-2023-24609.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24609",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T04:15:08.673",
"lastModified": "2023-12-22T04:15:08.673",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate."
},
{
"lang": "es",
"value": "Matrix SSL 4.x a 4.6.0 y Rambus TLS Toolkit tienen un desbordamiento de enteros de sustracci\u00f3n de longitud para el an\u00e1lisis de la extensi\u00f3n Client Hello Pre-Shared Key en el servidor TLS 1.3. Un dispositivo atacado calcula un hash SHA-2 en al menos 65 KB (en RAM). Con una gran cantidad de mensajes TLS manipulados, la CPU se carga mucho. Esto ocurre en tls13VerifyBinder y tls13TranscriptHashUpdate."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-273xx/CVE-2023-27319.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27319",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-12-21T22:15:13.100",
"lastModified": "2023-12-21T22:15:13.100",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n"
},
{
"lang": "es",
"value": "Las versiones de ONTAP Mediator anteriores a la 1.7 son susceptibles a una vulnerabilidad que puede permitir que un atacante no autenticado enumere URLs a trav\u00e9s de la API REST."
}
],
"metrics": {

8
CVE-2023/CVE-2023-327xx/CVE-2023-32747.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32747",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:08.160",
"lastModified": "2023-12-21T19:15:08.160",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en WooCommerce WooCommerce Bookings. Este problema afecta a WooCommerce Bookings: desde n/a hasta 1.15.78."
}
],
"metrics": {

8
CVE-2023/CVE-2023-327xx/CVE-2023-32799.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32799",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:08.520",
"lastModified": "2023-12-21T19:15:08.520",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en WooCommerce Shipping Multiple Addresses. Este problema afecta a Shipping Multiple Addresses: desde n/a hasta 3.8.3."
}
],
"metrics": {

47
CVE-2023/CVE-2023-358xx/CVE-2023-35883.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35883",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:07.687",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T11:16:34.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magazine3:core_web_vitals_\\&_pagespeed_booster:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.12",
"matchCriteriaId": "EA5AC13F-288D-41C1-A9DC-0A819C5D7D11"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/core-web-vitals-pagespeed-booster/wordpress-core-web-vitals-pagespeed-booster-plugin-1-0-12-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-375xx/CVE-2023-37519.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37519",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-12-21T22:15:13.930",
"lastModified": "2023-12-21T22:15:13.930",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.\u00a0\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado no autenticada. Esta vulnerabilidad XSS se encuentra en Download Status Report, que proporciona BigFix Server."
}
],
"metrics": {

8
CVE-2023/CVE-2023-375xx/CVE-2023-37520.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37520",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-12-21T23:15:08.453",
"lastModified": "2023-12-21T23:15:08.453",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated\u00a0Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado no autenticada identificada en BigFix Server versi\u00f3n 9.5.12.68, lo que permite una posible filtraci\u00f3n de datos. Esta vulnerabilidad XSS se encuentra en el Gather Status Report, que proporciona BigFix Relay."
}
],
"metrics": {

57
CVE-2023/CVE-2023-379xx/CVE-2023-37982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37982",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:07.897",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T11:17:01.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crmperks:integration_for_salesforce_and_contact_form_7\\,_wpforms\\,_elementor\\,_ninja_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.3",
"matchCriteriaId": "4D58D5F3-ED71-4736-9D4D-08C648DA7400"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-384xx/CVE-2023-38478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38478",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.527",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T11:16:04.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crmperks:integration_for_woocommerce_and_quickbooks:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.3",
"matchCriteriaId": "9FDDBB28-F19E-4F63-A09A-8BD66F9DE247"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-410xx/CVE-2023-41097.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41097",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-12-21T21:15:08.020",
"lastModified": "2023-12-21T21:15:08.020",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.\n\n"
},
{
"lang": "es",
"value": "Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-431xx/CVE-2023-43116.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43116",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T10:15:11.110",
"lastModified": "2023-12-22T10:15:11.110",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script."
},
{
"lang": "es",
"value": "Vulnerabilidad de seguimiento de enlace simb\u00f3lico en Buildkite Elastic CI para versiones de AWS anteriores a 6.7.1 y 5.22.5 permite al usuario buildkite-agent cambiar la propiedad de directorios arbitrarios a trav\u00e9s de la variable PIPELINE_PATH en el script fix-buildkite-agent-builds-permissions."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-437xx/CVE-2023-43741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43741",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T10:15:11.173",
"lastModified": "2023-12-22T10:15:11.173",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script."
},
{
"lang": "es",
"value": "Una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de time-of-check-time-of-use en Buildkite Elastic CI para versiones de AWS anteriores a 6.7.1 y 5.22.5 permite al usuario de buildkite-agent omitir una verificaci\u00f3n de enlace simb\u00f3lico para la variable PIPELINE_PATH en el script -buildkite-agent-build-permissions."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-444xx/CVE-2023-44481.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44481",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T19:15:08.820",
"lastModified": "2023-12-21T19:15:08.820",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Leave Management System Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'setearnleave' del recurso admin/setleaves.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-444xx/CVE-2023-44482.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44482",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T19:15:09.157",
"lastModified": "2023-12-21T19:15:09.157",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Leave Management System Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'setsickleave' del recurso admin/setleaves.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-451xx/CVE-2023-45124.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45124",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T19:15:09.657",
"lastModified": "2023-12-21T19:15:09.657",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'tag' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'tag' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-451xx/CVE-2023-45125.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45125",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T19:15:10.263",
"lastModified": "2023-12-21T19:15:10.263",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'time' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'time' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-451xx/CVE-2023-45126.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45126",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T19:15:10.900",
"lastModified": "2023-12-21T19:15:10.900",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'total' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'total' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-451xx/CVE-2023-45127.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45127",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T19:15:11.357",
"lastModified": "2023-12-21T19:15:11.357",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'wrong' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'wrong' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46645.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46645",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:08.347",
"lastModified": "2023-12-21T21:15:08.347",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de path traversal en GitHub Enterprise Server que permit\u00eda la lectura arbitraria de archivos al crear un sitio de GitHub Pages. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.7.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46646.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46646",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:08.620",
"lastModified": "2023-12-21T21:15:08.620",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the \"Get a check run\" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name.\u00a0This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en todas las versiones de GitHub Enterprise Server permite a usuarios no autorizados ver nombres de repositorios privados a trav\u00e9s del endpoint API \"Get a check run\". Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio adem\u00e1s del nombre. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.7.0 y superiores y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7 3.10.4 y 3.11.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46647.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46647",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:08.930",
"lastModified": "2023-12-21T21:15:08.930",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0."
},
{
"lang": "es",
"value": "La administraci\u00f3n inadecuada de privilegios en todas las versiones de GitHub Enterprise Server permite a los usuarios con acceso autorizado a la consola de administraci\u00f3n con un rol de editor escalar sus privilegios al realizar solicitudes al endpoint utilizado para iniciar la instancia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.6, 3.10.3 y 3.11.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46648.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46648",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:09.257",
"lastModified": "2023-12-21T21:15:09.257",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de entrop\u00eda insuficiente en GitHub Enterprise Server (GHES) que permiti\u00f3 a un atacante forzar por fuerza bruta una invitaci\u00f3n de usuario a la GHES Management Console. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda saber que hay una invitaci\u00f3n de usuario pendiente. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46649.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46649",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:09.573",
"lastModified": "2023-12-21T21:15:09.573",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server que podr\u00eda permitir el acceso de administrador a un atacante. Para aprovechar esto, una organizaci\u00f3n debe ser convertida desde un usuario. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.7.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-467xx/CVE-2023-46791.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46791",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T20:15:07.547",
"lastModified": "2023-12-21T20:15:07.547",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic3' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-471xx/CVE-2023-47191.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47191",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:11.767",
"lastModified": "2023-12-21T19:15:11.767",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en KaineLabs Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. Este problema afecta a Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: desde n/a hasta 1.2.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-482xx/CVE-2023-48298.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48298",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T23:15:09.047",
"lastModified": "2023-12-21T23:15:09.047",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n"
},
{
"lang": "es",
"value": "ClickHouse\u00ae es un sistema de gesti\u00f3n de bases de datos orientado a columnas de c\u00f3digo abierto que permite generar informes de datos anal\u00edticos en tiempo real. Esta vulnerabilidad es un desbordamiento insuficiente de enteros que provoca un bloqueo debido al desbordamiento de b\u00fafer de pila en la descompresi\u00f3n del c\u00f3dec FPC. Puede ser desencadenado y explotado por un atacante no autenticado. La vulnerabilidad es muy similar a CVE-2023-47118 en cuanto a c\u00f3mo se puede explotar la funci\u00f3n vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-483xx/CVE-2023-48308.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48308",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T00:15:34.650",
"lastModified": "2023-12-22T00:15:34.650",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3\n"
},
{
"lang": "es",
"value": "Nextcloud/Cloud es una aplicaci\u00f3n de calendario para Nextcloud. Un atacante puede obtener acceso al seguimiento de pila y a las rutas internas del servidor al generar una excepci\u00f3n al editar una cita del calendario. Se recomienda actualizar la aplicaci\u00f3n Calendario Nextcloud a 4.5.3"
}
],
"metrics": {

8
CVE-2023/CVE-2023-486xx/CVE-2023-48685.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48685",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:09.867",
"lastModified": "2023-12-21T21:15:09.867",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'psd' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'psd' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-486xx/CVE-2023-48686.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48686",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:10.200",
"lastModified": "2023-12-21T21:15:10.200",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'user' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'user' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-486xx/CVE-2023-48687.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48687",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:10.507",
"lastModified": "2023-12-21T21:15:10.507",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'from' parameter of the reservation.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'from' del recurso reservation.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-486xx/CVE-2023-48688.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48688",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:10.830",
"lastModified": "2023-12-21T21:15:10.830",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'to' parameter of the reservation.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'to' del recurso reservation.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-486xx/CVE-2023-48689.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48689",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:11.130",
"lastModified": "2023-12-21T21:15:11.130",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'byname' parameter of the train.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'byname' del recurso train.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-486xx/CVE-2023-48690.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48690",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:11.437",
"lastModified": "2023-12-21T21:15:11.437",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'bynum' parameter of the train.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'bynum' del recurso train.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48716.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48716",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:11.710",
"lastModified": "2023-12-21T21:15:11.710",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_id' parameter of the add_classes.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_id' del recurso add_classes.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48717.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48717",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:12.013",
"lastModified": "2023-12-21T21:15:12.013",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_name' parameter of the add_classes.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_name' del recurso add_classes.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48718.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48718",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:12.297",
"lastModified": "2023-12-21T21:15:12.297",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_name' parameter of the add_students.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_name' del recurso add_students.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48719.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48719",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:12.590",
"lastModified": "2023-12-21T21:15:12.590",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'roll_no' parameter of the add_students.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'roll_no' del recurso add_students.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48720.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48720",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:12.870",
"lastModified": "2023-12-21T21:15:12.870",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'password' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'password' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48722.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48722",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T21:15:13.160",
"lastModified": "2023-12-21T21:15:13.160",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_name' parameter of the add_results.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_name' del recurso add_results.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48723.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48723",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T22:15:14.823",
"lastModified": "2023-12-21T22:15:14.823",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'rno' parameter of the add_results.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'rno' del recurso add_results.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

47
CVE-2023/CVE-2023-487xx/CVE-2023-48741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48741",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.737",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T12:13:54.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.7.8",
"matchCriteriaId": "C187FF04-03F7-4F1E-BA12-5C53C9A7A6AD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-490xx/CVE-2023-49084.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49084",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T23:15:09.337",
"lastModified": "2023-12-21T23:15:09.337",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. "
},
{
"lang": "es",
"value": "Cacti es un framework robusto de gesti\u00f3n de fallos y rendimiento y una interfaz para RRDTool - a Time Series Database (TSDB). Al utilizar la inyecci\u00f3n SQL detectada y el procesamiento insuficiente de la ruta del archivo incluido, es posible ejecutar c\u00f3digo arbitrario en el servidor. La explotaci\u00f3n de la vulnerabilidad es posible para un usuario autorizado. El componente vulnerable es `link.php`. Impacto de la vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49086.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49086",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T00:15:34.857",
"lastModified": "2023-12-22T00:15:34.857",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.\nExploitation of the vulnerability is possible for an authorized user. The vulnerable component is\nthe `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in\nthe attacked user's browser. This issue has been patched in version 1.2.26.\n"
},
{
"lang": "es",
"value": "Cacti es un framework robusto de gesti\u00f3n de fallos y rendimiento y una interfaz para RRDTool - a Time Series Database (TSDB). Omitiendo una soluci\u00f3n anterior (CVE-2023-39360) que provoca un ataque DOM XSS. La explotaci\u00f3n de la vulnerabilidad es posible para un usuario autorizado. El componente vulnerable es `graphs_new.php`. Impacto de la vulnerabilidad: ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el navegador del usuario atacado. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.26."
}
],
"metrics": {

47
CVE-2023/CVE-2023-491xx/CVE-2023-49163.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49163",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.893",
"lastModified": "2023-12-19T13:42:22.313",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T12:16:40.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mtrv:teachpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "ABB46A5F-829B-43B4-AA3E-BAB9FA9DC2A0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-493xx/CVE-2023-49356.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49356",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T10:15:11.323",
"lastModified": "2023-12-22T10:15:11.323",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en MP3Gain v1.6.2 permite a un atacante provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n WriteMP3GainAPETag en apetag.c:592."
}
],
"metrics": {},

20
CVE-2023/CVE-2023-493xx/CVE-2023-49391.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49391",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T11:15:07.517",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/free5gc/free5gc/issues/497",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-496xx/CVE-2023-49677.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49677",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:09.547",
"lastModified": "2023-12-21T23:15:09.547",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'cmbQual' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'cmbQual' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49678.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49678",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:09.780",
"lastModified": "2023-12-21T23:15:09.780",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDesc' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49679.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49679",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.003",
"lastModified": "2023-12-21T23:15:10.003",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTitle' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49680.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49680",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.250",
"lastModified": "2023-12-21T23:15:10.250",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTotal' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49681.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49681",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.457",
"lastModified": "2023-12-21T23:15:10.457",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'cmbQual' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'cmbQual' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49682.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49682",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.693",
"lastModified": "2023-12-21T23:15:10.693",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDate' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDate' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49683.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49683",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.937",
"lastModified": "2023-12-21T23:15:10.937",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDesc' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49684.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49684",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.050",
"lastModified": "2023-12-22T00:15:35.050",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTitle' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49685.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49685",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.237",
"lastModified": "2023-12-22T00:15:35.237",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTime' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTime' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49686.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49686",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.433",
"lastModified": "2023-12-22T00:15:35.433",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTotal' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49687.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49687",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.630",
"lastModified": "2023-12-22T00:15:35.630",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtPass' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtPass' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49688.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49688",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.840",
"lastModified": "2023-12-22T00:15:35.840",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtUser' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtUser' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49689.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49689",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:36.050",
"lastModified": "2023-12-22T00:15:36.050",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'JobId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'JobId' del recurso Employer/DeleteJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49690.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49690",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:36.260",
"lastModified": "2023-12-22T00:15:36.260",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'WalkinId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'WalkinId' del recurso Employer/DeleteJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {

47
CVE-2023/CVE-2023-497xx/CVE-2023-49750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49750",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.137",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T12:14:32.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spoonthemes:couponis:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2",
"matchCriteriaId": "21CB30E2-5FC8-4682-AB66-4C518E1FFD32"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/couponis/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-497xx/CVE-2023-49764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.333",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T12:14:53.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sigmaplugin:advanced_database_cleaner:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "67C40AFB-ECA2-477A-8FA7-8E95B3C6A6F6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-database-cleaner/wordpress-advanced-database-cleaner-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-497xx/CVE-2023-49765.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:12.173",
"lastModified": "2023-12-21T19:15:12.173",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Blaz K. Rate my Post \u2013 WP Rating System. Este problema afecta a Rate my Post \u2013 WP Rating System: desde n/a hasta 3.4.1."
}
],
"metrics": {

20
CVE-2023/CVE-2023-505xx/CVE-2023-50569.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50569",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T11:15:07.840",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-507xx/CVE-2023-50732.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50732",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T20:15:07.900",
"lastModified": "2023-12-21T20:15:07.900",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1."
},
{
"lang": "es",
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Es posible ejecutar un script de Velocity sin script directamente a trav\u00e9s del \u00e1rbol de documentos. Esto ha sido parcheado en XWiki 14.10.7 y 15.2RC1."
}
],
"metrics": {

95
CVE-2023/CVE-2023-507xx/CVE-2023-50761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50761",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.033",
"lastModified": "2023-12-22T01:15:11.647",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:14:18.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,102 @@
"value": "La firma de un mensaje de correo electr\u00f3nico S/MIME firmado digitalmente puede especificar opcionalmente la fecha y hora de creaci\u00f3n de la firma. Si estaba presente, Thunderbird no compar\u00f3 la fecha de creaci\u00f3n de la firma con la fecha y hora del mensaje y mostr\u00f3 una firma v\u00e1lida a pesar de que la fecha y la hora no coincid\u00edan. Esto podr\u00eda usarse para dar a los destinatarios la impresi\u00f3n de que un mensaje se envi\u00f3 en una fecha u hora diferente. Esta vulnerabilidad afecta a Thunderbird < 115.6."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865647",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-507xx/CVE-2023-50762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50762",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.093",
"lastModified": "2023-12-22T01:15:11.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:13:31.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,102 @@
"value": "Al procesar un payload PGP/MIME que contiene texto firmado digitalmente, el primer p\u00e1rrafo del texto nunca se mostr\u00f3 al usuario. Esto se debe a que el texto se interpret\u00f3 como un mensaje MIME y el primer p\u00e1rrafo siempre se trat\u00f3 como una secci\u00f3n de encabezado de correo electr\u00f3nico. Un texto firmado digitalmente de un contexto diferente, como un commit GIT firmada, podr\u00eda usarse para falsificar un mensaje de correo electr\u00f3nico. Esta vulnerabilidad afecta a Thunderbird < 115.6."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1862625",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-508xx/CVE-2023-50834.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:12.670",
"lastModified": "2023-12-21T19:15:12.670",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de la vulnerabilidad Input During Web Page Generation ('Cross-site Scripting') en August Infotech WooCommerce Menu Extension permite XSS almacenado. Este problema afecta a WooCommerce Menu Extension: desde n/a hasta 1.6.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-513xx/CVE-2023-51379.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51379",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:13.480",
"lastModified": "2023-12-21T21:15:13.480",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda actualizar los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio, ya que tambi\u00e9n requer\u00eda permisos de contenido: escritura y problemas: lectura. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-513xx/CVE-2023-51380.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51380",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:13.757",
"lastModified": "2023-12-21T21:15:13.757",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda leer los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

79
CVE-2023/CVE-2023-513xx/CVE-2023-51384.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-51384",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T19:15:08.720",
"lastModified": "2023-12-19T05:15:09.790",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T12:15:42.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."
},
{
"lang": "es",
"value": "En ssh-agent en OpenSSH anterior a 9.6, ciertas restricciones de destino se pueden aplicar de forma incompleta. Cuando se especifican restricciones de destino durante la adici\u00f3n de claves privadas alojadas en PKCS#11, estas restricciones solo se aplican a la primera clave, incluso si un token PKCS#11 devuelve varias claves."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.6",
"matchCriteriaId": "5308FBBB-F738-41C5-97A4-E40118E957CD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.openssh.com/txt/release-9.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes"
]
}
]
}

79
CVE-2023/CVE-2023-513xx/CVE-2023-51385.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-51385",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T19:15:08.773",
"lastModified": "2023-12-19T05:15:09.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T12:15:33.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name."
},
{
"lang": "es",
"value": "En ssh en OpenSSH anterior a 9.6, la inyecci\u00f3n de comandos del sistema operativo puede ocurrir si un nombre de usuario o nombre de host tiene metacaracteres de shell, y un token de expansi\u00f3n hace referencia a este nombre en ciertas situaciones. Por ejemplo, un repositorio Git que no es de confianza puede tener un subm\u00f3dulo con metacaracteres de shell en un nombre de usuario o nombre de host."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.6",
"matchCriteriaId": "5308FBBB-F738-41C5-97A4-E40118E957CD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.openssh.com/txt/release-9.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes"
]
}
]
}

8
CVE-2023/CVE-2023-517xx/CVE-2023-51704.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51704",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T02:15:42.957",
"lastModified": "2023-12-22T02:15:42.957",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. En includes/logging/RightsLogFormatter.php, group-*-mensajes de miembros pueden generar XSS en Special:log/rights."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-517xx/CVE-2023-51707.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51707",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T02:15:43.017",
"lastModified": "2023-12-22T02:15:43.017",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected."
},
{
"lang": "es",
"value": "MotionPro en Array ArrayOS AG anterior a 9.4.0.505 en AG y vxAG permite la ejecuci\u00f3n remota de comandos a trav\u00e9s de paquetes manipulados. AG y vxAG 9.3.0.259.x no se ven afectados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-517xx/CVE-2023-51708.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51708",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T02:15:43.060",
"lastModified": "2023-12-22T02:15:43.060",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25."
},
{
"lang": "es",
"value": "Las aplicaciones Bentley eB System Management Console dentro de Assetwise Integrity Information Server permiten a un usuario no autenticado ver opciones de configuraci\u00f3n a trav\u00e9s de una solicitud manipulada, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n. Esto afecta a eB System Management Console antes del 23.00.02.03 y a Assetwise ALIM For Transportation antes del 23.00.01.25."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-517xx/CVE-2023-51713.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51713",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T03:15:09.730",
"lastModified": "2023-12-22T03:15:09.730",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics."
},
{
"lang": "es",
"value": "make_ftp_cmd en main.c en ProFTPD anterior a 1.3.8a tiene una lectura fuera de los l\u00edmites de un byte y el daemon falla debido a un mal manejo de las sem\u00e1nticas de quote/backslash."
}
],
"metrics": {},

74
CVE-2023/CVE-2023-61xx/CVE-2023-6135.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-6135",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.143",
"lastModified": "2023-12-19T14:49:52.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T11:11:05.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121."
},
{
"lang": "es",
"value": "M\u00faltiples curvas NSS NIST fueron susceptibles a un ataque de canal lateral conocido como \"Minerva\". Este ataque podr\u00eda permitir potencialmente que un atacante recupere la clave privada. Esta vulnerabilidad afecta a Firefox &lt; 121."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1853908",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-65xx/CVE-2023-6546.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6546",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:08.260",
"lastModified": "2023-12-21T20:15:08.260",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre cuando dos subprocesos ejecutan GSMIOC_SETCONF ioctl en el mismo descriptor de archivo tty con la disciplina de l\u00ednea gsm habilitada y puede provocar un problema de use after free en una estructura gsm_dlci al reiniciar gsm mux. Esto podr\u00eda permitir que un usuario local sin privilegios aumente sus privilegios en el sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6690.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6690",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:14.053",
"lastModified": "2023-12-21T21:15:14.053",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\n"
},
{
"lang": "es",
"value": "Una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server permiti\u00f3 a un administrador existente mantener los permisos en los repositorios transferidos al realizar una mutaci\u00f3n GraphQL para alterar los permisos del repositorio durante la transferencia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-67xx/CVE-2023-6746.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6746",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:14.303",
"lastModified": "2023-12-21T21:15:14.303",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en los archivos de registro de un servicio back-end de GitHub Enterprise Server que podr\u00eda permitir un ataque de \"adversary in the middle\" cuando se combina con otras t\u00e9cnicas de phishing. Para explotar esto, un atacante necesitar\u00eda acceso a los archivos de registro del dispositivo GitHub Enterprise Server, un archivo de respaldo creado con GitHub Enterprise Server Backup Utilities o un servicio que recibiera registros transmitidos. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-68xx/CVE-2023-6802.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6802",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:14.570",
"lastModified": "2023-12-21T21:15:14.570",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified\u00a0that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro del registro de auditor\u00eda en GitHub Enterprise Server que podr\u00eda permitir que un atacante obtenga acceso a la consola de administraci\u00f3n. Para explotar esto, un atacante necesitar\u00eda acceso a los archivos de registro del dispositivo GitHub Enterprise Server, un archivo de respaldo creado con GitHub Enterprise Server Backup Utilities o un servicio que recibiera registros transmitidos. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-68xx/CVE-2023-6803.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6803",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:14.800",
"lastModified": "2023-12-21T21:15:14.800",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n"
},
{
"lang": "es",
"value": "Una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server permite agregar un colaborador externo mientras se transfiere un repositorio. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-68xx/CVE-2023-6804.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6804",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:15.020",
"lastModified": "2023-12-21T21:15:15.020",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n"
},
{
"lang": "es",
"value": "La gesti\u00f3n inadecuada de privilegios permiti\u00f3 que se confirmaran y ejecutaran workflows arbitrarios utilizando una PAT con un alcance inadecuado. Para aprovechar esto, ya debe haber existido un flujo de trabajo en el repositorio de destino. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-68xx/CVE-2023-6847.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6847",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-12-21T21:15:15.340",
"lastModified": "2023-12-21T21:15:15.340",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autenticaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda omitir el Private Mode mediante el uso de una solicitud API especialmente manipulada. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda acceso de red al dispositivo Enterprise Server configurado en Private Mode. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.9 y se solucion\u00f3 en las versiones 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"metrics": {

122
CVE-2023/CVE-2023-68xx/CVE-2023-6856.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6856",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.313",
"lastModified": "2023-12-22T01:15:11.777",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:10:41.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,135 @@
"value": "El m\u00e9todo WebGL `DrawElementsInstanced` era susceptible a un desbordamiento de b\u00fafer cuando se usaba en sistemas con el controlador Mesa VM. Este problema podr\u00eda permitir a un atacante realizar la ejecuci\u00f3n remota de c\u00f3digo y escapar de la zona de pruebas. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

144
CVE-2023/CVE-2023-68xx/CVE-2023-6857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6857",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.377",
"lastModified": "2023-12-22T01:15:11.840",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:09:51.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,157 @@
"value": "Al resolver un enlace simb\u00f3lico, puede ocurrir una ejecuci\u00f3n en la que el b\u00fafer pase a \"readlink\" en realidad puede ser m\u00e1s peque\u00f1o de lo necesario. *Este error s\u00f3lo afecta a Firefox en sistemas operativos basados en Unix (Android, Linux, MacOS). Windows no se ve afectado.* Esta vulnerabilidad afecta a Firefox ESR &lt; 115.6, Thunderbird &lt; 115.6 y Firefox &lt; 121."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1796023",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-68xx/CVE-2023-6858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6858",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.420",
"lastModified": "2023-12-22T01:15:11.893",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:09:35.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,135 @@
"value": "Firefox era susceptible a un desbordamiento de b\u00fafer en `nsTextFragment` debido a un manejo insuficiente de OOM. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826791",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-68xx/CVE-2023-6859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6859",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.467",
"lastModified": "2023-12-22T01:15:11.953",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:08:51.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,135 @@
"value": "Una condici\u00f3n de use after free afect\u00f3 la creaci\u00f3n de sockets TLS cuando estaba bajo presi\u00f3n de memoria. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840144",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-68xx/CVE-2023-6860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6860",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.510",
"lastModified": "2023-12-22T01:15:12.010",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:07:50.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,135 @@
"value": "El \"VideoBridge\" permit\u00eda que cualquier proceso de contenido utilizara texturas producidas por decodificadores remotos. Se podr\u00eda abusar de esto para escapar de la sandbox. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854669",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-68xx/CVE-2023-6861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6861",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.560",
"lastModified": "2023-12-22T01:15:12.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:07:37.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,135 @@
"value": "El m\u00e9todo `nsWindow::PickerOpen(void)` era susceptible a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico cuando se ejecutaba en modo headless. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864118",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

111
CVE-2023/CVE-2023-68xx/CVE-2023-6862.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6862",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.603",
"lastModified": "2023-12-22T01:15:12.130",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-22T11:04:17.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,122 @@
"value": "Se identific\u00f3 un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6 y Thunderbird &lt;115.6."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5582",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

116
CVE-2023/CVE-2023-68xx/CVE-2023-6863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6863",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.650",
"lastModified": "2023-12-21T01:15:33.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T11:03:59.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "El `ShutdownObserver()` era susceptible a un comportamiento potencialmente indefinido debido a su dependencia de un tipo din\u00e1mico que carec\u00eda de un destructor virtual. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.6",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868901",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5581",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-68xx/CVE-2023-6870.json
View File

@ -2,23 +2,104 @@
"id": "CVE-2023-6870",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:08.087",
"lastModified": "2023-12-19T14:49:49.807",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-22T12:17:34.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. \n*This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121."
},
{
"lang": "es",
"value": "Las aplicaciones que generan una notificaci\u00f3n Toast en un hilo en segundo plano pueden haber oscurecido las notificaciones en pantalla completa mostradas por Firefox. *Este problema solo afecta a las versiones Firefox y Firefox Focus de Android.* Esta vulnerabilidad afecta a Firefox &lt; 121."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_focus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A33B6DCD-A1B9-46E2-A0EF-33DDBB9508D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823316",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-70xx/CVE-2023-7024.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7024",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-21T23:15:11.213",
"lastModified": "2023-12-22T04:15:09.397",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en WebRTC en Google Chrome anterior a 120.0.6099.129 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-70xx/CVE-2023-7039.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7039",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T19:15:13.170",
"lastModified": "2023-12-21T19:15:13.170",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Beijing Baichuo S210 hasta 20231210 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /importexport.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento sql conduce a la inyecci\u00f3n. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248688."
}
],
"metrics": {

8
CVE-2023/CVE-2023-70xx/CVE-2023-7040.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7040",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T20:15:08.553",
"lastModified": "2023-12-21T20:15:08.553",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en codelyfe Stupid Simple CMS hasta 1.2.4 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /file-manager/rename.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento oldName conduce a path traversal: '../filedir'. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248689."
}
],
"metrics": {

8
CVE-2023/CVE-2023-70xx/CVE-2023-7041.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7041",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T20:15:08.903",
"lastModified": "2023-12-21T20:15:08.903",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en codelyfe Stupid Simple CMS hasta 1.2.4 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /file-manager/rename.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento newName conduce a path traversal: '../filedir'. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248690 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-70xx/CVE-2023-7042.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7042",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:09.267",
"lastModified": "2023-12-21T20:15:09.267",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de desreferencia de puntero null en ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() en drivers/net/wireless/ath/ath10k/wmi-tlv.c en el kernel de Linux. Este problema podr\u00eda aprovecharse para provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2023/CVE-2023-70xx/CVE-2023-7050.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7050",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T22:15:15.397",
"lastModified": "2023-12-21T22:15:15.397",
"vulnStatus": "Received",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPGurukul Online Notes Sharing System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo user/profile.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento name/email conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248737."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More