From 7a6fcf0e8ca655cfb54cabd24f23744ddb1464d8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 22 Dec 2023 13:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-12-22T13:00:25.280449+00:00 --- CVE-2022/CVE-2022-475xx/CVE-2022-47532.json | 8 +- CVE-2023/CVE-2023-246xx/CVE-2023-24609.json | 8 +- CVE-2023/CVE-2023-273xx/CVE-2023-27319.json | 8 +- CVE-2023/CVE-2023-327xx/CVE-2023-32747.json | 8 +- CVE-2023/CVE-2023-327xx/CVE-2023-32799.json | 8 +- CVE-2023/CVE-2023-358xx/CVE-2023-35883.json | 47 ++++++- CVE-2023/CVE-2023-375xx/CVE-2023-37519.json | 8 +- CVE-2023/CVE-2023-375xx/CVE-2023-37520.json | 8 +- CVE-2023/CVE-2023-379xx/CVE-2023-37982.json | 57 +++++++- CVE-2023/CVE-2023-384xx/CVE-2023-38478.json | 47 ++++++- CVE-2023/CVE-2023-410xx/CVE-2023-41097.json | 8 +- CVE-2023/CVE-2023-431xx/CVE-2023-43116.json | 8 +- CVE-2023/CVE-2023-437xx/CVE-2023-43741.json | 8 +- CVE-2023/CVE-2023-444xx/CVE-2023-44481.json | 8 +- CVE-2023/CVE-2023-444xx/CVE-2023-44482.json | 8 +- CVE-2023/CVE-2023-451xx/CVE-2023-45124.json | 8 +- CVE-2023/CVE-2023-451xx/CVE-2023-45125.json | 8 +- CVE-2023/CVE-2023-451xx/CVE-2023-45126.json | 8 +- CVE-2023/CVE-2023-451xx/CVE-2023-45127.json | 8 +- CVE-2023/CVE-2023-466xx/CVE-2023-46645.json | 8 +- CVE-2023/CVE-2023-466xx/CVE-2023-46646.json | 8 +- CVE-2023/CVE-2023-466xx/CVE-2023-46647.json | 8 +- CVE-2023/CVE-2023-466xx/CVE-2023-46648.json | 8 +- CVE-2023/CVE-2023-466xx/CVE-2023-46649.json | 8 +- CVE-2023/CVE-2023-467xx/CVE-2023-46791.json | 8 +- CVE-2023/CVE-2023-471xx/CVE-2023-47191.json | 8 +- CVE-2023/CVE-2023-482xx/CVE-2023-48298.json | 8 +- CVE-2023/CVE-2023-483xx/CVE-2023-48308.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48685.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48686.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48687.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48688.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48689.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48690.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48716.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48717.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48718.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48719.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48720.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48722.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48723.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48741.json | 47 ++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49084.json | 8 +- CVE-2023/CVE-2023-490xx/CVE-2023-49086.json | 8 +- CVE-2023/CVE-2023-491xx/CVE-2023-49163.json | 47 ++++++- CVE-2023/CVE-2023-493xx/CVE-2023-49356.json | 8 +- CVE-2023/CVE-2023-493xx/CVE-2023-49391.json | 20 +++ CVE-2023/CVE-2023-496xx/CVE-2023-49677.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49678.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49679.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49680.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49681.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49682.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49683.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49684.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49685.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49686.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49687.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49688.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49689.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49690.json | 8 +- CVE-2023/CVE-2023-497xx/CVE-2023-49750.json | 47 ++++++- CVE-2023/CVE-2023-497xx/CVE-2023-49764.json | 47 ++++++- CVE-2023/CVE-2023-497xx/CVE-2023-49765.json | 8 +- CVE-2023/CVE-2023-505xx/CVE-2023-50569.json | 20 +++ CVE-2023/CVE-2023-507xx/CVE-2023-50732.json | 8 +- CVE-2023/CVE-2023-507xx/CVE-2023-50761.json | 95 ++++++++++++- CVE-2023/CVE-2023-507xx/CVE-2023-50762.json | 95 ++++++++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50834.json | 8 +- CVE-2023/CVE-2023-513xx/CVE-2023-51379.json | 8 +- CVE-2023/CVE-2023-513xx/CVE-2023-51380.json | 8 +- CVE-2023/CVE-2023-513xx/CVE-2023-51384.json | 79 ++++++++++- CVE-2023/CVE-2023-513xx/CVE-2023-51385.json | 79 ++++++++++- CVE-2023/CVE-2023-517xx/CVE-2023-51704.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51707.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51708.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51713.json | 8 +- CVE-2023/CVE-2023-61xx/CVE-2023-6135.json | 74 +++++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6546.json | 8 +- CVE-2023/CVE-2023-66xx/CVE-2023-6690.json | 8 +- CVE-2023/CVE-2023-67xx/CVE-2023-6746.json | 8 +- CVE-2023/CVE-2023-68xx/CVE-2023-6802.json | 8 +- CVE-2023/CVE-2023-68xx/CVE-2023-6803.json | 8 +- CVE-2023/CVE-2023-68xx/CVE-2023-6804.json | 8 +- CVE-2023/CVE-2023-68xx/CVE-2023-6847.json | 8 +- CVE-2023/CVE-2023-68xx/CVE-2023-6856.json | 122 +++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6857.json | 144 ++++++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6858.json | 122 +++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6859.json | 122 +++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6860.json | 122 +++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6861.json | 122 +++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6862.json | 111 +++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6863.json | 116 ++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6870.json | 91 ++++++++++++- CVE-2023/CVE-2023-70xx/CVE-2023-7024.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7039.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7040.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7041.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7042.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7050.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7051.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7052.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7053.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7054.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7055.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7056.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7057.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7058.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7059.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7075.json | 88 ++++++++++++ README.md | 64 ++++----- 111 files changed, 2384 insertions(+), 329 deletions(-) create mode 100644 CVE-2023/CVE-2023-493xx/CVE-2023-49391.json create mode 100644 CVE-2023/CVE-2023-505xx/CVE-2023-50569.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7075.json diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json index d4b8c72f951..6b035ef0aa8 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47532", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T04:15:08.610", - "lastModified": "2023-12-22T04:15:08.610", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "FileRun 20220519 allows SQL Injection via the \"dir\" parameter in a /?module=users§ion=cpanel&page=list request." + }, + { + "lang": "es", + "value": "FileRun 20220519 permite la inyecci\u00f3n de SQL a trav\u00e9s del par\u00e1metro \"dir\" en una solicitud /?module=users&section=cpanel&page=list." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24609.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24609.json index e7f74dd5ee3..c9ff77d92b2 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24609.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24609.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24609", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T04:15:08.673", - "lastModified": "2023-12-22T04:15:08.673", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate." + }, + { + "lang": "es", + "value": "Matrix SSL 4.x a 4.6.0 y Rambus TLS Toolkit tienen un desbordamiento de enteros de sustracci\u00f3n de longitud para el an\u00e1lisis de la extensi\u00f3n Client Hello Pre-Shared Key en el servidor TLS 1.3. Un dispositivo atacado calcula un hash SHA-2 en al menos 65 KB (en RAM). Con una gran cantidad de mensajes TLS manipulados, la CPU se carga mucho. Esto ocurre en tls13VerifyBinder y tls13TranscriptHashUpdate." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27319.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27319.json index c212d8291f2..bd2664719f7 100644 --- a/CVE-2023/CVE-2023-273xx/CVE-2023-27319.json +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27319.json @@ -2,12 +2,16 @@ "id": "CVE-2023-27319", "sourceIdentifier": "security-alert@netapp.com", "published": "2023-12-21T22:15:13.100", - "lastModified": "2023-12-21T22:15:13.100", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n" + }, + { + "lang": "es", + "value": "Las versiones de ONTAP Mediator anteriores a la 1.7 son susceptibles a una vulnerabilidad que puede permitir que un atacante no autenticado enumere URLs a trav\u00e9s de la API REST." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json index 05e2765f0d2..32dfafbbe21 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32747", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T19:15:08.160", - "lastModified": "2023-12-21T19:15:08.160", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en WooCommerce WooCommerce Bookings. Este problema afecta a WooCommerce Bookings: desde n/a hasta 1.15.78." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json index ec442be5bc0..f0eae4eb1d4 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32799", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T19:15:08.520", - "lastModified": "2023-12-21T19:15:08.520", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en WooCommerce Shipping Multiple Addresses. Este problema afecta a Shipping Multiple Addresses: desde n/a hasta 3.8.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35883.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35883.json index b6c607c1b8a..ebeecf77c2b 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35883.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35883.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35883", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-19T21:15:07.687", - "lastModified": "2023-12-20T13:50:37.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T11:16:34.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magazine3:core_web_vitals_\\&_pagespeed_booster:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.12", + "matchCriteriaId": "EA5AC13F-288D-41C1-A9DC-0A819C5D7D11" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/core-web-vitals-pagespeed-booster/wordpress-core-web-vitals-pagespeed-booster-plugin-1-0-12-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37519.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37519.json index 69694429122..b95e6e57d44 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37519.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37519.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37519", "sourceIdentifier": "psirt@hcl.com", "published": "2023-12-21T22:15:13.930", - "lastModified": "2023-12-21T22:15:13.930", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.\u00a0\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado no autenticada. Esta vulnerabilidad XSS se encuentra en Download Status Report, que proporciona BigFix Server." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37520.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37520.json index 855610ef283..056e6eac165 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37520.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37520.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37520", "sourceIdentifier": "psirt@hcl.com", "published": "2023-12-21T23:15:08.453", - "lastModified": "2023-12-21T23:15:08.453", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauthenticated\u00a0Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado no autenticada identificada en BigFix Server versi\u00f3n 9.5.12.68, lo que permite una posible filtraci\u00f3n de datos. Esta vulnerabilidad XSS se encuentra en el Gather Status Report, que proporciona BigFix Relay." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37982.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37982.json index 5a479cf8755..b5433d9672d 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37982.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37982.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37982", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-19T21:15:07.897", - "lastModified": "2023-12-20T13:50:37.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T11:17:01.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:integration_for_salesforce_and_contact_form_7\\,_wpforms\\,_elementor\\,_ninja_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.3", + "matchCriteriaId": "4D58D5F3-ED71-4736-9D4D-08C648DA7400" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38478.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38478.json index 01ad51a9ffe..7cead3b628b 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38478.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38478.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38478", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-19T20:15:07.527", - "lastModified": "2023-12-20T13:50:37.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T11:16:04.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:integration_for_woocommerce_and_quickbooks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.3", + "matchCriteriaId": "9FDDBB28-F19E-4F63-A09A-8BD66F9DE247" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41097.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41097.json index 864ac739a97..d10afba8e6a 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41097.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41097.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41097", "sourceIdentifier": "product-security@silabs.com", "published": "2023-12-21T21:15:08.020", - "lastModified": "2023-12-21T21:15:08.020", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.\n\n" + }, + { + "lang": "es", + "value": "Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43116.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43116.json index 21779ba443c..cf86b0a7525 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43116.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43116.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43116", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T10:15:11.110", - "lastModified": "2023-12-22T10:15:11.110", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script." + }, + { + "lang": "es", + "value": "Vulnerabilidad de seguimiento de enlace simb\u00f3lico en Buildkite Elastic CI para versiones de AWS anteriores a 6.7.1 y 5.22.5 permite al usuario buildkite-agent cambiar la propiedad de directorios arbitrarios a trav\u00e9s de la variable PIPELINE_PATH en el script fix-buildkite-agent-builds-permissions." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43741.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43741.json index ed4eeaeac4c..90f967881a6 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43741.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43741.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43741", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T10:15:11.173", - "lastModified": "2023-12-22T10:15:11.173", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de time-of-check-time-of-use en Buildkite Elastic CI para versiones de AWS anteriores a 6.7.1 y 5.22.5 permite al usuario de buildkite-agent omitir una verificaci\u00f3n de enlace simb\u00f3lico para la variable PIPELINE_PATH en el script -buildkite-agent-build-permissions." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44481.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44481.json index 4428c0e58e5..85cc39a6faa 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44481.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44481.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44481", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T19:15:08.820", - "lastModified": "2023-12-21T19:15:08.820", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Leave Management System Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'setearnleave' del recurso admin/setleaves.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44482.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44482.json index 881cfdc84f8..138d108e7ad 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44482.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44482.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44482", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T19:15:09.157", - "lastModified": "2023-12-21T19:15:09.157", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Leave Management System Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'setsickleave' del recurso admin/setleaves.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45124.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45124.json index ea7635f9705..331f2d2a47b 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45124.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45124.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45124", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T19:15:09.657", - "lastModified": "2023-12-21T19:15:09.657", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'tag' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'tag' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45125.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45125.json index 148d03119a7..04d389667c0 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45125.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45125.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45125", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T19:15:10.263", - "lastModified": "2023-12-21T19:15:10.263", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'time' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'time' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45126.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45126.json index f32cf034fc1..c8bbdb2eaaa 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45126.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45126.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45126", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T19:15:10.900", - "lastModified": "2023-12-21T19:15:10.900", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'total' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Online Examination System v1.0 es afectado por a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'total' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45127.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45127.json index ff8fff35a43..8fc80e341b8 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45127.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45127.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45127", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T19:15:11.357", - "lastModified": "2023-12-21T19:15:11.357", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'wrong' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticada. El par\u00e1metro 'wrong' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46645.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46645.json index e2374324053..d004cdf9686 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46645.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46645.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46645", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:08.347", - "lastModified": "2023-12-21T21:15:08.347", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de path traversal en GitHub Enterprise Server que permit\u00eda la lectura arbitraria de archivos al crear un sitio de GitHub Pages. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.7.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46646.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46646.json index 2af1c6ea563..abe641a0788 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46646.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46646.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46646", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:08.620", - "lastModified": "2023-12-21T21:15:08.620", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the \"Get a check run\" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name.\u00a0This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en todas las versiones de GitHub Enterprise Server permite a usuarios no autorizados ver nombres de repositorios privados a trav\u00e9s del endpoint API \"Get a check run\". Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio adem\u00e1s del nombre. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.7.0 y superiores y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7 3.10.4 y 3.11.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46647.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46647.json index 0b6e91cc475..8f86461d66f 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46647.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46647.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46647", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:08.930", - "lastModified": "2023-12-21T21:15:08.930", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0." + }, + { + "lang": "es", + "value": "La administraci\u00f3n inadecuada de privilegios en todas las versiones de GitHub Enterprise Server permite a los usuarios con acceso autorizado a la consola de administraci\u00f3n con un rol de editor escalar sus privilegios al realizar solicitudes al endpoint utilizado para iniciar la instancia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.6, 3.10.3 y 3.11.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46648.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46648.json index d45e1274926..7ae18c0e243 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46648.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46648.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46648", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:09.257", - "lastModified": "2023-12-21T21:15:09.257", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de entrop\u00eda insuficiente en GitHub Enterprise Server (GHES) que permiti\u00f3 a un atacante forzar por fuerza bruta una invitaci\u00f3n de usuario a la GHES Management Console. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda saber que hay una invitaci\u00f3n de usuario pendiente. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46649.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46649.json index 390d3d2a596..193f2d8341f 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46649.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46649.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46649", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:09.573", - "lastModified": "2023-12-21T21:15:09.573", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server que podr\u00eda permitir el acceso de administrador a un atacante. Para aprovechar esto, una organizaci\u00f3n debe ser convertida desde un usuario. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.7.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json index dbddd6a956a..e0ca16e0c8c 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46791", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T20:15:07.547", - "lastModified": "2023-12-21T20:15:07.547", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Online Matrimonial Project v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic3' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47191.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47191.json index 5bf95c2c7c5..1d809df4aef 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47191.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47191.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47191", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T19:15:11.767", - "lastModified": "2023-12-21T19:15:11.767", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en KaineLabs Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. Este problema afecta a Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: desde n/a hasta 1.2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48298.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48298.json index e450df84875..5f7c1f2dc2e 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48298.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48298.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48298", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-21T23:15:09.047", - "lastModified": "2023-12-21T23:15:09.047", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n" + }, + { + "lang": "es", + "value": "ClickHouse\u00ae es un sistema de gesti\u00f3n de bases de datos orientado a columnas de c\u00f3digo abierto que permite generar informes de datos anal\u00edticos en tiempo real. Esta vulnerabilidad es un desbordamiento insuficiente de enteros que provoca un bloqueo debido al desbordamiento de b\u00fafer de pila en la descompresi\u00f3n del c\u00f3dec FPC. Puede ser desencadenado y explotado por un atacante no autenticado. La vulnerabilidad es muy similar a CVE-2023-47118 en cuanto a c\u00f3mo se puede explotar la funci\u00f3n vulnerable." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48308.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48308.json index 3c1bf827492..e4ab524f598 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48308.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48308.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48308", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T00:15:34.650", - "lastModified": "2023-12-22T00:15:34.650", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3\n" + }, + { + "lang": "es", + "value": "Nextcloud/Cloud es una aplicaci\u00f3n de calendario para Nextcloud. Un atacante puede obtener acceso al seguimiento de pila y a las rutas internas del servidor al generar una excepci\u00f3n al editar una cita del calendario. Se recomienda actualizar la aplicaci\u00f3n Calendario Nextcloud a 4.5.3" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48685.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48685.json index 37a8fb24d53..c345b0c6266 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48685.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48685.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48685", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:09.867", - "lastModified": "2023-12-21T21:15:09.867", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'psd' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'psd' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48686.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48686.json index 75854c538ba..c58cba132f0 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48686.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48686.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48686", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:10.200", - "lastModified": "2023-12-21T21:15:10.200", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'user' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'user' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48687.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48687.json index a0a44e5ccaf..9213b0b74cf 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48687.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48687.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48687", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:10.507", - "lastModified": "2023-12-21T21:15:10.507", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'from' parameter of the reservation.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'from' del recurso reservation.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48688.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48688.json index c42bf357f1b..5d6c95c414b 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48688.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48688.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48688", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:10.830", - "lastModified": "2023-12-21T21:15:10.830", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'to' parameter of the reservation.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'to' del recurso reservation.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48689.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48689.json index ba5aa83e48b..b0248065dc6 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48689.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48689.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48689", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:11.130", - "lastModified": "2023-12-21T21:15:11.130", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'byname' parameter of the train.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'byname' del recurso train.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48690.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48690.json index 221900b6ddc..d3f2a0576fd 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48690.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48690.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48690", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:11.437", - "lastModified": "2023-12-21T21:15:11.437", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'bynum' parameter of the train.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Railway Reservation System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'bynum' del recurso train.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48716.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48716.json index 3510fd8f334..ffc3c9b4e99 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48716.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48716.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48716", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:11.710", - "lastModified": "2023-12-21T21:15:11.710", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_id' parameter of the add_classes.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_id' del recurso add_classes.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48717.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48717.json index 98ed0e9a81e..3c8f972c350 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48717.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48717.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48717", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:12.013", - "lastModified": "2023-12-21T21:15:12.013", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_name' parameter of the add_classes.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_name' del recurso add_classes.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48718.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48718.json index 7f80e516a4d..ac419bcc08a 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48718.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48718.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48718", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:12.297", - "lastModified": "2023-12-21T21:15:12.297", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_name' parameter of the add_students.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_name' del recurso add_students.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48719.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48719.json index af93a134a0c..d98b2801237 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48719.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48719.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48719", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:12.590", - "lastModified": "2023-12-21T21:15:12.590", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'roll_no' parameter of the add_students.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'roll_no' del recurso add_students.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48720.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48720.json index 9db5c35d414..1040d063ba1 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48720.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48720.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48720", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:12.870", - "lastModified": "2023-12-21T21:15:12.870", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'password' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'password' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48722.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48722.json index fa8c59bbdfe..b00527654aa 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48722.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48722.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48722", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T21:15:13.160", - "lastModified": "2023-12-21T21:15:13.160", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'class_name' parameter of the add_results.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'class_name' del recurso add_results.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48723.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48723.json index e9c533ac758..37dd87a2666 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48723.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48723.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48723", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T22:15:14.823", - "lastModified": "2023-12-21T22:15:14.823", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'rno' parameter of the add_results.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Student Result Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'rno' del recurso add_results.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48741.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48741.json index 180ce90b474..c78930f1093 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48741.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48741.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48741", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-19T21:15:08.737", - "lastModified": "2023-12-20T13:50:37.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T12:13:54.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.7.8", + "matchCriteriaId": "C187FF04-03F7-4F1E-BA12-5C53C9A7A6AD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49084.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49084.json index fcaf7d0eb42..a2212226d89 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49084.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49084.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49084", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-21T23:15:09.337", - "lastModified": "2023-12-21T23:15:09.337", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. " + }, + { + "lang": "es", + "value": "Cacti es un framework robusto de gesti\u00f3n de fallos y rendimiento y una interfaz para RRDTool - a Time Series Database (TSDB). Al utilizar la inyecci\u00f3n SQL detectada y el procesamiento insuficiente de la ruta del archivo incluido, es posible ejecutar c\u00f3digo arbitrario en el servidor. La explotaci\u00f3n de la vulnerabilidad es posible para un usuario autorizado. El componente vulnerable es `link.php`. Impacto de la vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49086.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49086.json index e4af843e7c5..1abbb0fc550 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49086.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49086.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49086", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T00:15:34.857", - "lastModified": "2023-12-22T00:15:34.857", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.\nExploitation of the vulnerability is possible for an authorized user. The vulnerable component is\nthe `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in\nthe attacked user's browser. This issue has been patched in version 1.2.26.\n" + }, + { + "lang": "es", + "value": "Cacti es un framework robusto de gesti\u00f3n de fallos y rendimiento y una interfaz para RRDTool - a Time Series Database (TSDB). Omitiendo una soluci\u00f3n anterior (CVE-2023-39360) que provoca un ataque DOM XSS. La explotaci\u00f3n de la vulnerabilidad es posible para un usuario autorizado. El componente vulnerable es `graphs_new.php`. Impacto de la vulnerabilidad: ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el navegador del usuario atacado. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.26." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49163.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49163.json index 3ca045ecea1..9af35fcf7a3 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49163.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49163.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49163", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-18T23:15:08.893", - "lastModified": "2023-12-19T13:42:22.313", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T12:16:40.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mtrv:teachpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "9.0.5", + "matchCriteriaId": "ABB46A5F-829B-43B4-AA3E-BAB9FA9DC2A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49356.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49356.json index 8b963e57800..38ba3e25bfe 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49356.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49356.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49356", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T10:15:11.323", - "lastModified": "2023-12-22T10:15:11.323", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en MP3Gain v1.6.2 permite a un atacante provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n WriteMP3GainAPETag en apetag.c:592." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49391.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49391.json new file mode 100644 index 00000000000..a505c5b307d --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49391.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-49391", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-22T11:15:07.517", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/free5gc/free5gc/issues/497", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49677.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49677.json index f88736d384c..840836530c1 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49677.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49677.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49677", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:09.547", - "lastModified": "2023-12-21T23:15:09.547", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'cmbQual' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'cmbQual' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json index 7869ddf6595..0e666658bde 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49678", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:09.780", - "lastModified": "2023-12-21T23:15:09.780", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDesc' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json index dce41eeaada..a121929fd9d 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49679", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.003", - "lastModified": "2023-12-21T23:15:10.003", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTitle' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json index bebc33d5593..6653e82dbc3 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49680", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.250", - "lastModified": "2023-12-21T23:15:10.250", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTotal' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49681.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49681.json index 41982643b44..9fdfa510d79 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49681.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49681.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49681", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.457", - "lastModified": "2023-12-21T23:15:10.457", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'cmbQual' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'cmbQual' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json index 258d5e7f354..cb3f871b3d8 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49682", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.693", - "lastModified": "2023-12-21T23:15:10.693", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDate' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDate' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json index 2a9f1b075cc..15ac5a82c87 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49683", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.937", - "lastModified": "2023-12-21T23:15:10.937", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDesc' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json index b63bfb1709e..37488cc458a 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49684", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.050", - "lastModified": "2023-12-22T00:15:35.050", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTitle' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json index c81bfbf6584..67aa0239133 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49685", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.237", - "lastModified": "2023-12-22T00:15:35.237", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTime' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTime' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json index 4f80d2596a4..936324fdc3f 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49686", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.433", - "lastModified": "2023-12-22T00:15:35.433", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTotal' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json index dd755df336c..3beae3106af 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49687", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.630", - "lastModified": "2023-12-22T00:15:35.630", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtPass' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtPass' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49688.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49688.json index d293a4a2b1c..7b4fbadd7d0 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49688.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49688.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49688", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.840", - "lastModified": "2023-12-22T00:15:35.840", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtUser' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtUser' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49689.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49689.json index 5e73dabfe0f..90d74a5212f 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49689.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49689.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49689", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:36.050", - "lastModified": "2023-12-22T00:15:36.050", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'JobId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'JobId' del recurso Employer/DeleteJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json index f130d0abfb7..e6b129d1f4b 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49690", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:36.260", - "lastModified": "2023-12-22T00:15:36.260", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'WalkinId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'WalkinId' del recurso Employer/DeleteJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49750.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49750.json index 85b95852607..89b2c169f0b 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49750.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49750.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49750", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-19T21:15:09.137", - "lastModified": "2023-12-20T13:50:37.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T12:14:32.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:spoonthemes:couponis:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2", + "matchCriteriaId": "21CB30E2-5FC8-4682-AB66-4C518E1FFD32" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/couponis/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49764.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49764.json index c0e9ee7f619..aafce6ab7a7 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49764.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49764.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49764", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-19T21:15:09.333", - "lastModified": "2023-12-20T13:50:37.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T12:14:53.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sigmaplugin:advanced_database_cleaner:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.2", + "matchCriteriaId": "67C40AFB-ECA2-477A-8FA7-8E95B3C6A6F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-database-cleaner/wordpress-advanced-database-cleaner-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49765.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49765.json index deb1be0c23c..10ee1980446 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49765.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49765.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49765", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T19:15:12.173", - "lastModified": "2023-12-21T19:15:12.173", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Blaz K. Rate my Post \u2013 WP Rating System. Este problema afecta a Rate my Post \u2013 WP Rating System: desde n/a hasta 3.4.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-505xx/CVE-2023-50569.json b/CVE-2023/CVE-2023-505xx/CVE-2023-50569.json new file mode 100644 index 00000000000..bfe6e331866 --- /dev/null +++ b/CVE-2023/CVE-2023-505xx/CVE-2023-50569.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50569", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-22T11:15:07.840", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json index 18e6655fcf0..6e8b47353a5 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50732", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-21T20:15:07.900", - "lastModified": "2023-12-21T20:15:07.900", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1." + }, + { + "lang": "es", + "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Es posible ejecutar un script de Velocity sin script directamente a trav\u00e9s del \u00e1rbol de documentos. Esto ha sido parcheado en XWiki 14.10.7 y 15.2RC1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50761.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50761.json index ffd4b648454..087a532cd90 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50761.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50761.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50761", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.033", - "lastModified": "2023-12-22T01:15:11.647", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:14:18.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,102 @@ "value": "La firma de un mensaje de correo electr\u00f3nico S/MIME firmado digitalmente puede especificar opcionalmente la fecha y hora de creaci\u00f3n de la firma. Si estaba presente, Thunderbird no compar\u00f3 la fecha de creaci\u00f3n de la firma con la fecha y hora del mensaje y mostr\u00f3 una firma v\u00e1lida a pesar de que la fecha y la hora no coincid\u00edan. Esto podr\u00eda usarse para dar a los destinatarios la impresi\u00f3n de que un mensaje se envi\u00f3 en una fecha u hora diferente. Esta vulnerabilidad afecta a Thunderbird < 115.6." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865647", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50762.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50762.json index d2245e8ccc7..8a9e4069872 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50762.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50762.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50762", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.093", - "lastModified": "2023-12-22T01:15:11.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:13:31.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,102 @@ "value": "Al procesar un payload PGP/MIME que contiene texto firmado digitalmente, el primer p\u00e1rrafo del texto nunca se mostr\u00f3 al usuario. Esto se debe a que el texto se interpret\u00f3 como un mensaje MIME y el primer p\u00e1rrafo siempre se trat\u00f3 como una secci\u00f3n de encabezado de correo electr\u00f3nico. Un texto firmado digitalmente de un contexto diferente, como un commit GIT firmada, podr\u00eda usarse para falsificar un mensaje de correo electr\u00f3nico. Esta vulnerabilidad afecta a Thunderbird < 115.6." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1862625", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50834.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50834.json index 524560d07ed..463f46982ff 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50834.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50834.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50834", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T19:15:12.670", - "lastModified": "2023-12-21T19:15:12.670", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de la vulnerabilidad Input During Web Page Generation ('Cross-site Scripting') en August Infotech WooCommerce Menu Extension permite XSS almacenado. Este problema afecta a WooCommerce Menu Extension: desde n/a hasta 1.6.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51379.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51379.json index 7eb3727b497..f35ba6f23ca 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51379.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51379.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51379", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:13.480", - "lastModified": "2023-12-21T21:15:13.480", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda actualizar los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio, ya que tambi\u00e9n requer\u00eda permisos de contenido: escritura y problemas: lectura. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51380.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51380.json index 5d9809ed79e..1086e800108 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51380.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51380.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51380", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:13.757", - "lastModified": "2023-12-21T21:15:13.757", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda leer los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51384.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51384.json index 84571de9052..e0da07fd7d9 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51384.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51384.json @@ -2,27 +2,94 @@ "id": "CVE-2023-51384", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T19:15:08.720", - "lastModified": "2023-12-19T05:15:09.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T12:15:42.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys." + }, + { + "lang": "es", + "value": "En ssh-agent en OpenSSH anterior a 9.6, ciertas restricciones de destino se pueden aplicar de forma incompleta. Cuando se especifican restricciones de destino durante la adici\u00f3n de claves privadas alojadas en PKCS#11, estas restricciones solo se aplican a la primera clave, incluso si un token PKCS#11 devuelve varias claves." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6", + "matchCriteriaId": "5308FBBB-F738-41C5-97A4-E40118E957CD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.openssh.com/txt/release-9.6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json index 1c3160da269..b5f9b1b7501 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json @@ -2,27 +2,94 @@ "id": "CVE-2023-51385", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T19:15:08.773", - "lastModified": "2023-12-19T05:15:09.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T12:15:33.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name." + }, + { + "lang": "es", + "value": "En ssh en OpenSSH anterior a 9.6, la inyecci\u00f3n de comandos del sistema operativo puede ocurrir si un nombre de usuario o nombre de host tiene metacaracteres de shell, y un token de expansi\u00f3n hace referencia a este nombre en ciertas situaciones. Por ejemplo, un repositorio Git que no es de confianza puede tener un subm\u00f3dulo con metacaracteres de shell en un nombre de usuario o nombre de host." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6", + "matchCriteriaId": "5308FBBB-F738-41C5-97A4-E40118E957CD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.openssh.com/txt/release-9.6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51704.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51704.json index 2cd232154b1..2806dde4262 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51704.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51704.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51704", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T02:15:42.957", - "lastModified": "2023-12-22T02:15:42.957", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. En includes/logging/RightsLogFormatter.php, group-*-mensajes de miembros pueden generar XSS en Special:log/rights." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51707.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51707.json index fc9b08aaf4c..94815adc4ee 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51707.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51707.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51707", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T02:15:43.017", - "lastModified": "2023-12-22T02:15:43.017", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected." + }, + { + "lang": "es", + "value": "MotionPro en Array ArrayOS AG anterior a 9.4.0.505 en AG y vxAG permite la ejecuci\u00f3n remota de comandos a trav\u00e9s de paquetes manipulados. AG y vxAG 9.3.0.259.x no se ven afectados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51708.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51708.json index af4b845e03a..4434887e217 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51708.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51708.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51708", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T02:15:43.060", - "lastModified": "2023-12-22T02:15:43.060", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25." + }, + { + "lang": "es", + "value": "Las aplicaciones Bentley eB System Management Console dentro de Assetwise Integrity Information Server permiten a un usuario no autenticado ver opciones de configuraci\u00f3n a trav\u00e9s de una solicitud manipulada, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n. Esto afecta a eB System Management Console antes del 23.00.02.03 y a Assetwise ALIM For Transportation antes del 23.00.01.25." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json index c038d023130..572dd94b5f8 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51713", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T03:15:09.730", - "lastModified": "2023-12-22T03:15:09.730", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics." + }, + { + "lang": "es", + "value": "make_ftp_cmd en main.c en ProFTPD anterior a 1.3.8a tiene una lectura fuera de los l\u00edmites de un byte y el daemon falla debido a un mal manejo de las sem\u00e1nticas de quote/backslash." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6135.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6135.json index d7a1a887430..4f1294b77c5 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6135.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6135.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6135", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.143", - "lastModified": "2023-12-19T14:49:52.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T11:11:05.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121." + }, + { + "lang": "es", + "value": "M\u00faltiples curvas NSS NIST fueron susceptibles a un ataque de canal lateral conocido como \"Minerva\". Este ataque podr\u00eda permitir potencialmente que un atacante recupere la clave privada. Esta vulnerabilidad afecta a Firefox < 121." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1853908", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json index c1e19cb75a9..81b48d745ae 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6546", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-21T20:15:08.260", - "lastModified": "2023-12-21T20:15:08.260", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre cuando dos subprocesos ejecutan GSMIOC_SETCONF ioctl en el mismo descriptor de archivo tty con la disciplina de l\u00ednea gsm habilitada y puede provocar un problema de use after free en una estructura gsm_dlci al reiniciar gsm mux. Esto podr\u00eda permitir que un usuario local sin privilegios aumente sus privilegios en el sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6690.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6690.json index 806de34a512..1059441f18a 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6690.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6690.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6690", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:14.053", - "lastModified": "2023-12-21T21:15:14.053", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\n" + }, + { + "lang": "es", + "value": "Una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server permiti\u00f3 a un administrador existente mantener los permisos en los repositorios transferidos al realizar una mutaci\u00f3n GraphQL para alterar los permisos del repositorio durante la transferencia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6746.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6746.json index 1ea718f3cec..8e278c4833e 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6746.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6746.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6746", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:14.303", - "lastModified": "2023-12-21T21:15:14.303", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en los archivos de registro de un servicio back-end de GitHub Enterprise Server que podr\u00eda permitir un ataque de \"adversary in the middle\" cuando se combina con otras t\u00e9cnicas de phishing. Para explotar esto, un atacante necesitar\u00eda acceso a los archivos de registro del dispositivo GitHub Enterprise Server, un archivo de respaldo creado con GitHub Enterprise Server Backup Utilities o un servicio que recibiera registros transmitidos. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6802.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6802.json index 50b99ba1a8c..5e5e9dd9d48 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6802.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6802.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6802", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:14.570", - "lastModified": "2023-12-21T21:15:14.570", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified\u00a0that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro del registro de auditor\u00eda en GitHub Enterprise Server que podr\u00eda permitir que un atacante obtenga acceso a la consola de administraci\u00f3n. Para explotar esto, un atacante necesitar\u00eda acceso a los archivos de registro del dispositivo GitHub Enterprise Server, un archivo de respaldo creado con GitHub Enterprise Server Backup Utilities o un servicio que recibiera registros transmitidos. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6803.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6803.json index 92f8f8f2326..ebdb06759a5 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6803.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6803.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6803", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:14.800", - "lastModified": "2023-12-21T21:15:14.800", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n" + }, + { + "lang": "es", + "value": "Una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server permite agregar un colaborador externo mientras se transfiere un repositorio. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6804.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6804.json index 2afd55b3ad5..188f13f9ca8 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6804.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6804.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6804", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:15.020", - "lastModified": "2023-12-21T21:15:15.020", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n" + }, + { + "lang": "es", + "value": "La gesti\u00f3n inadecuada de privilegios permiti\u00f3 que se confirmaran y ejecutaran workflows arbitrarios utilizando una PAT con un alcance inadecuado. Para aprovechar esto, ya debe haber existido un flujo de trabajo en el repositorio de destino. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6847.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6847.json index 9418f50fa91..c90f8e8a277 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6847.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6847.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6847", "sourceIdentifier": "product-cna@github.com", "published": "2023-12-21T21:15:15.340", - "lastModified": "2023-12-21T21:15:15.340", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de autenticaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda omitir el Private Mode mediante el uso de una solicitud API especialmente manipulada. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda acceso de red al dispositivo Enterprise Server configurado en Private Mode. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.9 y se solucion\u00f3 en las versiones 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6856.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6856.json index 132cd280926..6e26dc73b18 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6856.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6856.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6856", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.313", - "lastModified": "2023-12-22T01:15:11.777", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:10:41.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,135 @@ "value": "El m\u00e9todo WebGL `DrawElementsInstanced` era susceptible a un desbordamiento de b\u00fafer cuando se usaba en sistemas con el controlador Mesa VM. Este problema podr\u00eda permitir a un atacante realizar la ejecuci\u00f3n remota de c\u00f3digo y escapar de la zona de pruebas. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json index 1acfb43f5f2..641fd91bf06 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6857", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.377", - "lastModified": "2023-12-22T01:15:11.840", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:09:51.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,157 @@ "value": "Al resolver un enlace simb\u00f3lico, puede ocurrir una ejecuci\u00f3n en la que el b\u00fafer pase a \"readlink\" en realidad puede ser m\u00e1s peque\u00f1o de lo necesario. *Este error s\u00f3lo afecta a Firefox en sistemas operativos basados en Unix (Android, Linux, MacOS). Windows no se ve afectado.* Esta vulnerabilidad afecta a Firefox ESR < 115.6, Thunderbird < 115.6 y Firefox < 121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1796023", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json index 4489cd08c52..647b9d47534 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6858", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.420", - "lastModified": "2023-12-22T01:15:11.893", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:09:35.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,135 @@ "value": "Firefox era susceptible a un desbordamiento de b\u00fafer en `nsTextFragment` debido a un manejo insuficiente de OOM. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826791", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json index 258a3f2e55d..b5da78ec212 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6859", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.467", - "lastModified": "2023-12-22T01:15:11.953", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:08:51.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,135 @@ "value": "Una condici\u00f3n de use after free afect\u00f3 la creaci\u00f3n de sockets TLS cuando estaba bajo presi\u00f3n de memoria. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840144", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json index 463f4de136a..e3e2e667488 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6860", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.510", - "lastModified": "2023-12-22T01:15:12.010", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:07:50.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,135 @@ "value": "El \"VideoBridge\" permit\u00eda que cualquier proceso de contenido utilizara texturas producidas por decodificadores remotos. Se podr\u00eda abusar de esto para escapar de la sandbox. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854669", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json index 79ece58840f..ac1987ffdf0 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6861", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.560", - "lastModified": "2023-12-22T01:15:12.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:07:37.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,135 @@ "value": "El m\u00e9todo `nsWindow::PickerOpen(void)` era susceptible a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico cuando se ejecutaba en modo headless. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864118", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json index 8410c23d75e..d5c89321e79 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6862", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.603", - "lastModified": "2023-12-22T01:15:12.130", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-22T11:04:17.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,27 +14,122 @@ "value": "Se identific\u00f3 un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. Esta vulnerabilidad afecta a Firefox ESR <115.6 y Thunderbird <115.6." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5582", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json index ccc374d3ffe..5445658d408 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6863", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.650", - "lastModified": "2023-12-21T01:15:33.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T11:03:59.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,27 +14,127 @@ "value": "El `ShutdownObserver()` era susceptible a un comportamiento potencialmente indefinido debido a su dependencia de un tipo din\u00e1mico que carec\u00eda de un destructor virtual. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.6", + "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868901", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5581", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6870.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6870.json index cae91b68c7d..e9b68676776 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6870.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6870.json @@ -2,23 +2,104 @@ "id": "CVE-2023-6870", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:08.087", - "lastModified": "2023-12-19T14:49:49.807", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-22T12:17:34.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. \n*This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121." + }, + { + "lang": "es", + "value": "Las aplicaciones que generan una notificaci\u00f3n Toast en un hilo en segundo plano pueden haber oscurecido las notificaciones en pantalla completa mostradas por Firefox. *Este problema solo afecta a las versiones Firefox y Firefox Focus de Android.* Esta vulnerabilidad afecta a Firefox < 121." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0", + "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_focus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A33B6DCD-A1B9-46E2-A0EF-33DDBB9508D3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823316", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json index 01c4e496a99..567d3fb1575 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7024", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-21T23:15:11.213", - "lastModified": "2023-12-22T04:15:09.397", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "El desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en WebRTC en Google Chrome anterior a 120.0.6099.129 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json index b9f81d7c06a..4cf54505812 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7039", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T19:15:13.170", - "lastModified": "2023-12-21T19:15:13.170", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Beijing Baichuo S210 hasta 20231210 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /importexport.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento sql conduce a la inyecci\u00f3n. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248688." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7040.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7040.json index 1fc6345fd48..90ea459f7e1 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7040.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7040.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7040", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T20:15:08.553", - "lastModified": "2023-12-21T20:15:08.553", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en codelyfe Stupid Simple CMS hasta 1.2.4 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /file-manager/rename.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento oldName conduce a path traversal: '../filedir'. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248689." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7041.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7041.json index 7c22dfc6ed4..17bd8efe874 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7041.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7041.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7041", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T20:15:08.903", - "lastModified": "2023-12-21T20:15:08.903", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en codelyfe Stupid Simple CMS hasta 1.2.4 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /file-manager/rename.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento newName conduce a path traversal: '../filedir'. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248690 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7042.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7042.json index 2a6ff072c49..a2cfd0e7221 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7042.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7042.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7042", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-21T20:15:09.267", - "lastModified": "2023-12-21T20:15:09.267", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de desreferencia de puntero null en ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() en drivers/net/wireless/ath/ath10k/wmi-tlv.c en el kernel de Linux. Este problema podr\u00eda aprovecharse para provocar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7050.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7050.json index 0d88eff33f1..f58d4b0e9b9 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7050.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7050.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7050", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T22:15:15.397", - "lastModified": "2023-12-21T22:15:15.397", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en PHPGurukul Online Notes Sharing System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo user/profile.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento name/email conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248737." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7051.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7051.json index 07b6ec95e87..1ca087b4449 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7051.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7051.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7051", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T22:15:15.773", - "lastModified": "2023-12-21T22:15:15.773", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en PHPGurukul Online Notes Sharing System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /user/manage-notes.php del componente Notes Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento delid conduce a cross-site request forgery. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248738 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7052.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7052.json index a749cf21672..9a2f47ddf4e 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7052.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7052.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7052", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T01:15:12.323", - "lastModified": "2023-12-22T01:15:12.323", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Online Notes Sharing System 1.0. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /user/profile.php. La manipulaci\u00f3n del nombre del argumento conduce a cross-site request forgery. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-248739." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7053.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7053.json index 32882da588a..d05a32f1304 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7053.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7053.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7053", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T02:15:43.213", - "lastModified": "2023-12-22T02:15:43.213", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Online Notes Sharing System 1.0. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /user/signup.php. La manipulaci\u00f3n conduce a requisitos de contrase\u00f1a d\u00e9biles. El ataque se puede iniciar de forma remota. La complejidad del ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248740." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7054.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7054.json index 925cd2b3ecc..d0274ac38ab 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7054.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7054.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7054", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T02:15:43.453", - "lastModified": "2023-12-22T02:15:43.453", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Online Notes Sharing System 1.0. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /user/add-notes.php. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248741." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7055.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7055.json index 91385acff3c..188438b13aa 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7055.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7055.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7055", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T03:15:09.790", - "lastModified": "2023-12-22T03:15:09.790", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en PHPGurukul Online Notes Sharing System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /user/profile.php del componente Contact Information Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento mobilenumber conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada y puede utilizarse. VDB-248742 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7056.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7056.json index ada9162fc4a..82646b0b256 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7056.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7056.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7056", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T03:15:10.020", - "lastModified": "2023-12-22T03:15:10.020", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en code-projects Faculty Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/pages/subjects.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Description/Units conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-248743." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7057.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7057.json index bf2637b86a7..67e15e5b32b 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7057.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7057.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7057", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T04:15:09.443", - "lastModified": "2023-12-22T04:15:09.443", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744." + }, + { + "lang": "es", + "value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en code-projects Faculty Management System 1.0. Una funci\u00f3n desconocida del archivo /admin/pages/yearlevel.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Year Level/Section conduce a cross site scripting. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248744." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7058.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7058.json index 90dd5ad5732..ba81c4b4b89 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7058.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7058.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7058", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T05:15:13.860", - "lastModified": "2023-12-22T05:15:13.860", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Simple Student Attendance System 1.0. Ha sido declarada cr\u00edtica. Una funcionalidad desconocida es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a path traversal: '../filedir'. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248749." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7059.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7059.json index ee9ff25852c..4f1b564932f 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7059.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7059.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7059", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T05:15:14.323", - "lastModified": "2023-12-22T05:15:14.323", - "vulnStatus": "Received", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester School Visitor Log e-Book 1.0. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo log-book.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Full Name conduce a cross site scripting. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248750 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7075.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7075.json new file mode 100644 index 00000000000..86b3d32d967 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7075.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7075", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-22T12:15:27.410", + "lastModified": "2023-12-22T12:18:32.690", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Glunko/vulnerability/blob/main/Point-of-Sales-And-Inventory-Management-System.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.248846", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.248846", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ad30d26e5d0..8d022c68a92 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-22T11:00:25.295334+00:00 +2023-12-22T13:00:25.280449+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-22T10:59:57.740000+00:00 +2023-12-22T12:18:32.690000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234075 +234078 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -* [CVE-2023-43116](CVE-2023/CVE-2023-431xx/CVE-2023-43116.json) (`2023-12-22T10:15:11.110`) -* [CVE-2023-43741](CVE-2023/CVE-2023-437xx/CVE-2023-43741.json) (`2023-12-22T10:15:11.173`) -* [CVE-2023-49356](CVE-2023/CVE-2023-493xx/CVE-2023-49356.json) (`2023-12-22T10:15:11.323`) +* [CVE-2023-49391](CVE-2023/CVE-2023-493xx/CVE-2023-49391.json) (`2023-12-22T11:15:07.517`) +* [CVE-2023-50569](CVE-2023/CVE-2023-505xx/CVE-2023-50569.json) (`2023-12-22T11:15:07.840`) +* [CVE-2023-7075](CVE-2023/CVE-2023-70xx/CVE-2023-7075.json) (`2023-12-22T12:15:27.410`) ### CVEs modified in the last Commit -Recently modified CVEs: `65` +Recently modified CVEs: `107` -* [CVE-2023-40010](CVE-2023/CVE-2023-400xx/CVE-2023-40010.json) (`2023-12-22T09:54:05.790`) -* [CVE-2023-49164](CVE-2023/CVE-2023-491xx/CVE-2023-49164.json) (`2023-12-22T09:54:59.777`) -* [CVE-2023-6768](CVE-2023/CVE-2023-67xx/CVE-2023-6768.json) (`2023-12-22T09:58:49.833`) -* [CVE-2023-6769](CVE-2023/CVE-2023-67xx/CVE-2023-6769.json) (`2023-12-22T09:59:41.467`) -* [CVE-2023-47707](CVE-2023/CVE-2023-477xx/CVE-2023-47707.json) (`2023-12-22T10:00:51.667`) -* [CVE-2023-47705](CVE-2023/CVE-2023-477xx/CVE-2023-47705.json) (`2023-12-22T10:01:58.917`) -* [CVE-2023-47703](CVE-2023/CVE-2023-477xx/CVE-2023-47703.json) (`2023-12-22T10:02:23.280`) -* [CVE-2023-47702](CVE-2023/CVE-2023-477xx/CVE-2023-47702.json) (`2023-12-22T10:03:25.553`) -* [CVE-2023-47706](CVE-2023/CVE-2023-477xx/CVE-2023-47706.json) (`2023-12-22T10:11:40.633`) -* [CVE-2023-47704](CVE-2023/CVE-2023-477xx/CVE-2023-47704.json) (`2023-12-22T10:11:58.137`) -* [CVE-2023-50639](CVE-2023/CVE-2023-506xx/CVE-2023-50639.json) (`2023-12-22T10:12:33.847`) -* [CVE-2023-50376](CVE-2023/CVE-2023-503xx/CVE-2023-50376.json) (`2023-12-22T10:13:15.320`) -* [CVE-2023-49489](CVE-2023/CVE-2023-494xx/CVE-2023-49489.json) (`2023-12-22T10:13:39.257`) -* [CVE-2023-1667](CVE-2023/CVE-2023-16xx/CVE-2023-1667.json) (`2023-12-22T10:15:10.917`) -* [CVE-2023-2283](CVE-2023/CVE-2023-22xx/CVE-2023-2283.json) (`2023-12-22T10:15:11.020`) -* [CVE-2023-44398](CVE-2023/CVE-2023-443xx/CVE-2023-44398.json) (`2023-12-22T10:15:11.223`) -* [CVE-2023-6873](CVE-2023/CVE-2023-68xx/CVE-2023-6873.json) (`2023-12-22T10:28:50.477`) -* [CVE-2023-6872](CVE-2023/CVE-2023-68xx/CVE-2023-6872.json) (`2023-12-22T10:43:30.707`) -* [CVE-2023-6871](CVE-2023/CVE-2023-68xx/CVE-2023-6871.json) (`2023-12-22T10:43:54.310`) -* [CVE-2023-6869](CVE-2023/CVE-2023-68xx/CVE-2023-6869.json) (`2023-12-22T10:52:43.520`) -* [CVE-2023-6868](CVE-2023/CVE-2023-68xx/CVE-2023-6868.json) (`2023-12-22T10:52:54.690`) -* [CVE-2023-6867](CVE-2023/CVE-2023-68xx/CVE-2023-6867.json) (`2023-12-22T10:53:35.230`) -* [CVE-2023-6866](CVE-2023/CVE-2023-68xx/CVE-2023-6866.json) (`2023-12-22T10:54:33.320`) -* [CVE-2023-6865](CVE-2023/CVE-2023-68xx/CVE-2023-6865.json) (`2023-12-22T10:59:40.403`) -* [CVE-2023-6864](CVE-2023/CVE-2023-68xx/CVE-2023-6864.json) (`2023-12-22T10:59:57.740`) +* [CVE-2023-48308](CVE-2023/CVE-2023-483xx/CVE-2023-48308.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49086](CVE-2023/CVE-2023-490xx/CVE-2023-49086.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49684](CVE-2023/CVE-2023-496xx/CVE-2023-49684.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49685](CVE-2023/CVE-2023-496xx/CVE-2023-49685.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49686](CVE-2023/CVE-2023-496xx/CVE-2023-49686.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49687](CVE-2023/CVE-2023-496xx/CVE-2023-49687.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49688](CVE-2023/CVE-2023-496xx/CVE-2023-49688.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49689](CVE-2023/CVE-2023-496xx/CVE-2023-49689.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49690](CVE-2023/CVE-2023-496xx/CVE-2023-49690.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7052](CVE-2023/CVE-2023-70xx/CVE-2023-7052.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-51704](CVE-2023/CVE-2023-517xx/CVE-2023-51704.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-51707](CVE-2023/CVE-2023-517xx/CVE-2023-51707.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-51708](CVE-2023/CVE-2023-517xx/CVE-2023-51708.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7053](CVE-2023/CVE-2023-70xx/CVE-2023-7053.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7054](CVE-2023/CVE-2023-70xx/CVE-2023-7054.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-51713](CVE-2023/CVE-2023-517xx/CVE-2023-51713.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7055](CVE-2023/CVE-2023-70xx/CVE-2023-7055.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7056](CVE-2023/CVE-2023-70xx/CVE-2023-7056.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-24609](CVE-2023/CVE-2023-246xx/CVE-2023-24609.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7057](CVE-2023/CVE-2023-70xx/CVE-2023-7057.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7058](CVE-2023/CVE-2023-70xx/CVE-2023-7058.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-7059](CVE-2023/CVE-2023-70xx/CVE-2023-7059.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-43116](CVE-2023/CVE-2023-431xx/CVE-2023-43116.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-43741](CVE-2023/CVE-2023-437xx/CVE-2023-43741.json) (`2023-12-22T12:18:32.690`) +* [CVE-2023-49356](CVE-2023/CVE-2023-493xx/CVE-2023-49356.json) (`2023-12-22T12:18:32.690`) ## Download and Usage