admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-03T21:00:40.327434+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-03 21:00:44 +00:00
parent ec8f2d764d
commit 7d5ac2f16c
68 changed files with 2639 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CVE-2022/CVE-2022-17xx/CVE-2022-1749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-1749",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T14:15:08.577",
"lastModified": "2023-10-20T16:15:16.453",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T19:01:58.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -93,6 +93,16 @@
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
@ -124,7 +134,10 @@
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d063d01-5f67-4c7f-ab71-01708456e82b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749",

59
CVE-2022/CVE-2022-31xx/CVE-2022-3172.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-3172",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-11-03T20:15:08.550",
"lastModified": "2023-11-03T20:15:08.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL. This could\n lead to the client performing unexpected actions as well as forwarding \nthe client's API server credentials to third parties.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/112513",
"source": "jordan@liggitt.net"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak",
"source": "jordan@liggitt.net"
}
]
}

16
CVE-2022/CVE-2022-342xx/CVE-2022-34205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34205",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.607",
"lastModified": "2023-10-25T18:17:08.520",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:29.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-342xx/CVE-2022-34206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34206",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.677",
"lastModified": "2023-10-25T18:17:08.577",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:24.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-342xx/CVE-2022-34207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34207",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.737",
"lastModified": "2023-10-25T18:17:08.633",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:14.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-342xx/CVE-2022-34208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34208",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.797",
"lastModified": "2023-10-25T18:17:08.690",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:20.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-342xx/CVE-2022-34209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34209",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.857",
"lastModified": "2023-10-25T18:17:08.747",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:10.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-342xx/CVE-2022-34210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34210",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.913",
"lastModified": "2023-10-25T18:17:08.800",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:04.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-342xx/CVE-2022-34211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34211",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.970",
"lastModified": "2023-10-25T18:17:08.857",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:01.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-342xx/CVE-2022-34212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34212",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:18.027",
"lastModified": "2023-10-25T18:17:08.913",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:04:57.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2022/CVE-2022-342xx/CVE-2022-34213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34213",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:18.083",
"lastModified": "2023-10-25T18:17:08.970",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:04:53.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

33
CVE-2022/CVE-2022-347xx/CVE-2022-34779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34779",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:09.920",
"lastModified": "2023-10-25T18:17:09.163",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:04:44.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
"impactScore": 1.4
}
],
"cvssMetricV2": [
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
@ -73,8 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:xebialabs_xl_release:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "22.0.0",
"matchCriteriaId": "30B1E319-6B13-4A80-8BED-81CB7BFF90D9"
"versionEndExcluding": "22.0.1",
"matchCriteriaId": "6ED34476-EBCE-46B2-BB36-A7B5FC3B2D41"
}
]
}
@ -84,7 +96,10 @@
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2022/CVE-2022-347xx/CVE-2022-34780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34780",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.087",
"lastModified": "2023-10-25T18:17:09.223",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:04:09.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
@ -84,7 +96,10 @@
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2022/CVE-2022-347xx/CVE-2022-34782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34782",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.410",
"lastModified": "2023-10-25T18:17:09.337",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:07:00.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34785",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.930",
"lastModified": "2023-10-25T18:17:09.517",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:06:54.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34789",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.707",
"lastModified": "2023-10-25T18:17:09.753",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:06:48.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34792",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.227",
"lastModified": "2023-10-25T18:17:09.947",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:06:44.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34793",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.383",
"lastModified": "2023-10-25T18:17:10.007",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:06:38.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-347xx/CVE-2022-34794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34794",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.547",
"lastModified": "2023-10-25T18:17:10.060",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:06:01.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

43
CVE-2022/CVE-2022-435xx/CVE-2022-43554.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43554",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:08.690",
"lastModified": "2023-11-03T20:15:08.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2022/CVE-2022-435xx/CVE-2022-43555.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43555",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:08.757",
"lastModified": "2023-11-03T20:15:08.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2022/CVE-2022-445xx/CVE-2022-44569.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-44569",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:08.813",
"lastModified": "2023-11-03T20:15:08.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm",
"source": "support@hackerone.com"
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21375.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21375",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.053",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:02:57.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Sysproxy, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de n\u00fameros enteros. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21376.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21376",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.100",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:03:06.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Telephony existe una posible forma de recuperar el ICCID debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21377.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21377",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.137",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:03:15.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En la pol\u00edtica de SELinux, existe una posible omisi\u00f3n de restricciones debido a una omisi\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21378.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21378",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.180",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:03:25.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Telecomm, existe una forma posible de silenciar el timbre de las llamadas de usuarios secundarios debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21379.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21379",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.223",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:03:36.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Bluetooth, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local en el servidor Bluetooth con los privilegios de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21380.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21380",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.267",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:03:44.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Bluetooth, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento del b\u00fafer. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21381.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21381",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.310",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:03:52.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Media Resource Manager, existe una posible ejecuci\u00f3n de c\u00f3digo arbitrario local debido a use-after-free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21382.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21382",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.357",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:04:05.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Content Resolver, existe un m\u00e9todo posible para acceder a metadatos sobre proveedores de contenido existentes en el dispositivo debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21383.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21383",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.393",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:04:28.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "En Settings, existe una forma posible de que el usuario env\u00ede datos adicionales sin querer debido a un mensaje poco claro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21384.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21384",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.433",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:04:43.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Package Manager, existe una posible omisi\u00f3n de permisos debido a un PendingIntent inseguro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21385.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21385",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.477",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:02:36.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Whitechapel, existe una posible lectura fuera de los l\u00edmites debido a corrupci\u00f3n de memoria. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2023/CVE-2023-325xx/CVE-2023-32567.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-32567",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-10T19:15:09.663",
"lastModified": "2023-08-15T20:22:37.530",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-03T20:15:08.877",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1."
"value": "Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236"
}
],
"metrics": {
@ -32,6 +32,28 @@
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
@ -66,11 +88,8 @@
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US",
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

79
CVE-2023/CVE-2023-379xx/CVE-2023-37913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37913",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-25T18:17:28.687",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:22:05.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,18 +84,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5",
"versionEndExcluding": "14.10.8",
"matchCriteriaId": "80C139ED-96A3-417E-A6E0-3C661572BFC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.3",
"matchCriteriaId": "8B184228-E638-401A-ABF5-6D2ED76DF8CB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20715",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-393xx/CVE-2023-39332.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39332",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.330",
"lastModified": "2023-10-26T05:15:25.353",
"lastModified": "2023-11-03T20:15:08.997",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\n\nThis is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\n\nImpacts:\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
"value": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\r\n\r\nThis is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
@ -75,14 +75,6 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
"source": "support@hackerone.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
"source": "support@hackerone.com"
}
]
}

45
CVE-2023/CVE-2023-410xx/CVE-2023-41080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41080",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-25T21:15:09.397",
"lastModified": "2023-10-13T16:15:11.610",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T19:00:56.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -127,6 +127,26 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
@ -141,19 +161,32 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0006/",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5521",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5522",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-417xx/CVE-2023-41725.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41725",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:09.093",
"lastModified": "2023-11-03T20:15:09.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-417xx/CVE-2023-41726.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41726",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-03T20:15:09.143",
"lastModified": "2023-11-03T20:15:09.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

70
CVE-2023/CVE-2023-421xx/CVE-2023-42188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T00:15:09.287",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T20:34:28.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "IceCMS v2.0.1 es vulnerable a Cross Site Request Forgery (CSRF)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:macwk:icecms:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8043F07-E915-49DC-A4D8-DC34AC2B9770"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Thecosy/IceCMS/issues/17",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://topdayplus.github.io/2023/10/27/CVE-deatail/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-436xx/CVE-2023-43655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43655",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-29T20:15:09.987",
"lastModified": "2023-10-15T04:15:12.263",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:05:21.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -100,6 +100,26 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
@ -133,11 +153,19 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-437xx/CVE-2023-43737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43737",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-26T23:15:09.310",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T19:43:30.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ono",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-437xx/CVE-2023-43738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43738",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-27T03:15:07.960",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:53:08.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ono",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Broken Link"
]
}
]
}

32
CVE-2023/CVE-2023-441xx/CVE-2023-44162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44162",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-27T03:15:08.040",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:46:03.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ono",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Broken Link"
]
}
]
}

32
CVE-2023/CVE-2023-442xx/CVE-2023-44267.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44267",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-26T20:15:08.637",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:50:57.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ono",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Broken Link"
]
}
]
}

33
CVE-2023/CVE-2023-442xx/CVE-2023-44268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44268",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-26T23:15:09.387",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T19:43:10.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ono",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Broken Link",
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-443xx/CVE-2023-44375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44375",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-27T03:15:08.120",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:45:39.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ono",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Broken Link"
]
}
]
}

4
CVE-2023/CVE-2023-455xx/CVE-2023-45573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45573",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T06:15:12.357",
"lastModified": "2023-10-19T22:15:10.000",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T19:04:46.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-455xx/CVE-2023-45580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45580",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T07:15:09.107",
"lastModified": "2023-10-19T22:15:10.187",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T19:04:23.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-460xx/CVE-2023-46091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46091",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-27T08:15:31.273",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:19:18.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bala-krishna:category_seo_meta_tags:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5",
"matchCriteriaId": "0D092F45-69A6-4254-8EDA-0925F797273A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/category-seo-meta-tags/wordpress-category-seo-meta-tags-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-460xx/CVE-2023-46093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46093",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-27T08:15:31.377",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:19:59.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lionscripts:webmaster_tools:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "4F01BD8B-1C9C-46E2-B36C-8BB2AE52C0AD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webmaster-tools/wordpress-webmaster-tools-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-461xx/CVE-2023-46153.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46153",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-27T08:15:31.457",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:20:12.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monsterinsights:user_feedback:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.9",
"matchCriteriaId": "43E2533A-0223-48BB-8825-8FB54556F329"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-461xx/CVE-2023-46194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46194",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-27T08:15:31.607",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:55:05.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ericteubert:archivist_-_custom_archive_templates:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.5",
"matchCriteriaId": "46E69262-2199-4002-A372-7AEBB654EB69"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/archivist-custom-archive-templates/wordpress-archivist-custom-archive-templates-plugin-1-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-461xx/CVE-2023-46199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46199",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-27T08:15:31.683",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:54:07.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:triberr:triberr:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.1.1",
"matchCriteriaId": "F62DFDE8-9822-4C1F-82A5-82A74DBA583C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/triberr-wordpress-plugin/wordpress-triberr-plugin-4-1-1-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-463xx/CVE-2023-46374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46374",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T00:15:09.327",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:23:58.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "ZenTao Enterprise Edition versi\u00f3n 4.1.3 y anteriores es vulnerable a Cross Site Scripting (XSS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "4.1.3",
"matchCriteriaId": "1B61140E-2A5A-4EA5-AD07-B85D68165C20"
}
]
}
]
}
],
"references": [
{
"url": "https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-463xx/CVE-2023-46375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46375",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T01:15:32.173",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:23:34.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "ZenTao Biz versi\u00f3n 4.1.3 y anteriores es vulnerable a Cross Site Request Forgery (CSRF)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "4.1.3",
"matchCriteriaId": "1B61140E-2A5A-4EA5-AD07-B85D68165C20"
}
]
}
]
}
],
"references": [
{
"url": "https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-to-csrf-CVE-2023-46375-2d9d9fc2371f483eb436af20508df915",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-463xx/CVE-2023-46376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46376",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T01:15:32.220",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:11:37.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Zentao Biz versi\u00f3n 8.7 y anteriores es vulnerable a la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "8.7",
"matchCriteriaId": "CB4BDAE0-EAC8-4265-97C2-61772B3F8681"
}
]
}
]
}
],
"references": [
{
"url": "https://narrow-payment-2cd.notion.site/zentao-8-7-has-information-disclosure-vulnerability-CVE-2023-46376-537fae3936b84af583b51b74e6010dd7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-464xx/CVE-2023-46491.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46491",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T00:15:09.363",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:23:49.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "ZenTao Biz versi\u00f3n 4.1.3 y anteriores tiene una vulnerabilidad de Cross Site Scripting (XSS) en la librer\u00eda de versiones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zentao:biz:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.1.3",
"matchCriteriaId": "BD77EC96-5DFD-4B49-A0DE-14735F18F78C"
}
]
}
]
}
],
"references": [
{
"url": "https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-465xx/CVE-2023-46505.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46505",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T01:15:32.267",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-03T20:05:18.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de Cross Site Scripting en FanCMS v.1.0.0 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro content1 en el archivo demo.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pwncyn:fancms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9EC6F1-F8D8-4020-A0F9-41A1BE75592F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PwnCYN/FanCMS/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

58
CVE-2023/CVE-2023-50xx/CVE-2023-5051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5051",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-27T04:15:10.957",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T19:58:53.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:callrail:callrail_phone_call_tracking:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.5.2",
"matchCriteriaId": "EE4C0D49-003A-4ED8-A746-5A73C3A8A32F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/callrail-phone-call-tracking/tags/0.5.2/callrail.php#L174",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2982876/callrail-phone-call-tracking#file0",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

33
CVE-2023/CVE-2023-50xx/CVE-2023-5054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5054",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-19T07:15:51.917",
"lastModified": "2023-10-13T01:15:55.887",
"vulnStatus": "Modified",
"lastModified": "2023-11-03T19:13:47.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,14 +11,34 @@
},
{
"lang": "es",
"value": "El complemento Super Store Finder para WordPress es vulnerable a la creaci\u00f3n y retransmisi\u00f3n de correo electr\u00f3nico arbitrario no autenticado en versiones hasta la 6.9.2 incluida. Esto se debe a restricciones insuficientes en el archivo sendMail.php que permite el acceso directo. Esto hace posible que atacantes no autenticados env\u00eden correos electr\u00f3nicos utilizando el servidor del sitio vulnerable, con contenido arbitrario. Tenga en cuenta que esta vulnerabilidad ya se ha divulgado p\u00fablicamente con un exploit, por lo que publicamos los detalles sin un parche disponible; estamos intentando iniciar contacto con el desarrollador."
"value": "El complemento Super Store Finder para WordPress es vulnerable a la creaci\u00f3n y retransmisi\u00f3n de correo electr\u00f3nico arbitrario no autenticado en versiones hasta la 6.9.3 incluida. Esto se debe a restricciones insuficientes en el archivo sendMail.php que permite el acceso directo. Esto hace posible que atacantes no autenticados env\u00eden correos electr\u00f3nicos utilizando el servidor del sitio vulnerable, con contenido arbitrario. Tenga en cuenta que esta vulnerabilidad ya se ha divulgado p\u00fablicamente con un exploit, por lo que publicamos los detalles sin un parche disponible; estamos intentando iniciar contacto con el desarrollador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
@ -78,7 +98,10 @@
},
{
"url": "https://superstorefinder.net/support/forums/topic/super-store-finder-for-wordpress-patch-notes/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388?source=cve",

58
CVE-2023/CVE-2023-51xx/CVE-2023-5139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5139",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-10-26T05:15:26.217",
"lastModified": "2023-10-26T11:44:17.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:38:59.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.0",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453",
"source": "vulnerabilities@zephyrproject.org"
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-53xx/CVE-2023-5335.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5335",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.667",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:52:50.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Buzzsprout Podcasting para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s del shortcode 'buzzsprout' en versiones hasta la 1.8.3 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buzzsprout:buzzsprout:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.4",
"matchCriteriaId": "CABB0244-B644-4246-AD92-8AD6CDB02DC6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/buzzsprout-podcasting/tags/1.8.3/buzzsprout-podcasting.php#L271",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-55xx/CVE-2023-5565.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5565",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.973",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:53:13.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Shortcode Menu para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s del shortcode 'shortmenu' en versiones hasta la 3.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shortcode_menu_project:shortcod_menu:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2",
"matchCriteriaId": "3D4C4504-A73F-4A47-AC60-D0283ECC7334"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/shortcode-menu/tags/3.2/shortcode-menu.php#L183",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-55xx/CVE-2023-5566.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5566",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:10.043",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:53:30.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Simple Shortcodes para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s de shortcodes en versiones hasta la 1.0.20 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_shortcodes_project:simple_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.20",
"matchCriteriaId": "8ED68CB2-620E-4342-828D-00A6005DE2D5"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L257",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L292",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L386",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-57xx/CVE-2023-5774.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5774",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-27T11:15:13.803",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:50:32.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Animated Counters para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s de shortcodes del complemento en todas las versiones hasta la 1.7 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eralion:animated_counters:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7",
"matchCriteriaId": "929BC71B-4619-4539-B07F-F2629837C6DA"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1zXWW545ktCznO36k90AN0APhTz8ky-gG/view?usp=sharing",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2984228/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-58xx/CVE-2023-5804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5804",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-26T20:15:08.900",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-03T20:42:53.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -64,6 +86,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +107,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:nipah_virus_testing_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D720C8-26A6-4C73-974C-285291A71100"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/JacksonStonee/Nipah-virus-NiV-Testing-Management-System-Using-PHP-and-MySQL-1.0-has-a-SQL-injection-vuln-login.php/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.243617",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.243617",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-03T19:00:19.363320+00:00
2023-11-03T21:00:40.327434+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-03T18:59:46.813000+00:00
2023-11-03T20:55:05.450000+00:00
```
### Last Data Feed Release
@ -29,56 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229764
229770
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `6`
* [CVE-2023-23368](CVE-2023/CVE-2023-233xx/CVE-2023-23368.json) (`2023-11-03T17:15:08.210`)
* [CVE-2023-23369](CVE-2023/CVE-2023-233xx/CVE-2023-23369.json) (`2023-11-03T17:15:08.327`)
* [CVE-2023-25700](CVE-2023/CVE-2023-257xx/CVE-2023-25700.json) (`2023-11-03T17:15:08.413`)
* [CVE-2023-25800](CVE-2023/CVE-2023-258xx/CVE-2023-25800.json) (`2023-11-03T17:15:08.487`)
* [CVE-2023-25990](CVE-2023/CVE-2023-259xx/CVE-2023-25990.json) (`2023-11-03T17:15:08.553`)
* [CVE-2023-32121](CVE-2023/CVE-2023-321xx/CVE-2023-32121.json) (`2023-11-03T17:15:08.620`)
* [CVE-2023-32508](CVE-2023/CVE-2023-325xx/CVE-2023-32508.json) (`2023-11-03T17:15:08.693`)
* [CVE-2023-34179](CVE-2023/CVE-2023-341xx/CVE-2023-34179.json) (`2023-11-03T17:15:08.760`)
* [CVE-2023-36529](CVE-2023/CVE-2023-365xx/CVE-2023-36529.json) (`2023-11-03T17:15:08.830`)
* [CVE-2023-39299](CVE-2023/CVE-2023-392xx/CVE-2023-39299.json) (`2023-11-03T17:15:08.900`)
* [CVE-2023-39301](CVE-2023/CVE-2023-393xx/CVE-2023-39301.json) (`2023-11-03T17:15:08.987`)
* [CVE-2023-3893](CVE-2023/CVE-2023-38xx/CVE-2023-3893.json) (`2023-11-03T18:15:08.623`)
* [CVE-2022-3172](CVE-2022/CVE-2022-31xx/CVE-2022-3172.json) (`2023-11-03T20:15:08.550`)
* [CVE-2022-43554](CVE-2022/CVE-2022-435xx/CVE-2022-43554.json) (`2023-11-03T20:15:08.690`)
* [CVE-2022-43555](CVE-2022/CVE-2022-435xx/CVE-2022-43555.json) (`2023-11-03T20:15:08.757`)
* [CVE-2022-44569](CVE-2022/CVE-2022-445xx/CVE-2022-44569.json) (`2023-11-03T20:15:08.813`)
* [CVE-2023-41725](CVE-2023/CVE-2023-417xx/CVE-2023-41725.json) (`2023-11-03T20:15:09.093`)
* [CVE-2023-41726](CVE-2023/CVE-2023-417xx/CVE-2023-41726.json) (`2023-11-03T20:15:09.143`)
### CVEs modified in the last Commit
Recently modified CVEs: `72`
Recently modified CVEs: `61`
* [CVE-2022-34202](CVE-2022/CVE-2022-342xx/CVE-2022-34202.json) (`2023-11-03T18:42:16.237`)
* [CVE-2023-38847](CVE-2023/CVE-2023-388xx/CVE-2023-38847.json) (`2023-11-03T17:22:18.760`)
* [CVE-2023-38848](CVE-2023/CVE-2023-388xx/CVE-2023-38848.json) (`2023-11-03T17:27:41.767`)
* [CVE-2023-21347](CVE-2023/CVE-2023-213xx/CVE-2023-21347.json) (`2023-11-03T17:30:06.220`)
* [CVE-2023-38849](CVE-2023/CVE-2023-388xx/CVE-2023-38849.json) (`2023-11-03T17:30:57.887`)
* [CVE-2023-46583](CVE-2023/CVE-2023-465xx/CVE-2023-46583.json) (`2023-11-03T17:39:21.597`)
* [CVE-2023-21345](CVE-2023/CVE-2023-213xx/CVE-2023-21345.json) (`2023-11-03T17:42:55.850`)
* [CVE-2023-46584](CVE-2023/CVE-2023-465xx/CVE-2023-46584.json) (`2023-11-03T17:46:20.620`)
* [CVE-2023-30967](CVE-2023/CVE-2023-309xx/CVE-2023-30967.json) (`2023-11-03T17:54:04.193`)
* [CVE-2023-30969](CVE-2023/CVE-2023-309xx/CVE-2023-30969.json) (`2023-11-03T18:01:07.577`)
* [CVE-2023-43906](CVE-2023/CVE-2023-439xx/CVE-2023-43906.json) (`2023-11-03T18:02:02.433`)
* [CVE-2023-43905](CVE-2023/CVE-2023-439xx/CVE-2023-43905.json) (`2023-11-03T18:07:46.893`)
* [CVE-2023-46345](CVE-2023/CVE-2023-463xx/CVE-2023-46345.json) (`2023-11-03T18:08:37.197`)
* [CVE-2023-5798](CVE-2023/CVE-2023-57xx/CVE-2023-5798.json) (`2023-11-03T18:11:15.020`)
* [CVE-2023-46075](CVE-2023/CVE-2023-460xx/CVE-2023-46075.json) (`2023-11-03T18:16:05.993`)
* [CVE-2023-46088](CVE-2023/CVE-2023-460xx/CVE-2023-46088.json) (`2023-11-03T18:21:52.097`)
* [CVE-2023-46094](CVE-2023/CVE-2023-460xx/CVE-2023-46094.json) (`2023-11-03T18:33:01.087`)
* [CVE-2023-5780](CVE-2023/CVE-2023-57xx/CVE-2023-5780.json) (`2023-11-03T18:37:56.903`)
* [CVE-2023-5781](CVE-2023/CVE-2023-57xx/CVE-2023-5781.json) (`2023-11-03T18:45:37.180`)
* [CVE-2023-46090](CVE-2023/CVE-2023-460xx/CVE-2023-46090.json) (`2023-11-03T18:46:39.610`)
* [CVE-2023-5782](CVE-2023/CVE-2023-57xx/CVE-2023-5782.json) (`2023-11-03T18:52:13.017`)
* [CVE-2023-21362](CVE-2023/CVE-2023-213xx/CVE-2023-21362.json) (`2023-11-03T18:58:33.967`)
* [CVE-2023-21372](CVE-2023/CVE-2023-213xx/CVE-2023-21372.json) (`2023-11-03T18:58:47.933`)
* [CVE-2023-21349](CVE-2023/CVE-2023-213xx/CVE-2023-21349.json) (`2023-11-03T18:59:35.570`)
* [CVE-2023-21348](CVE-2023/CVE-2023-213xx/CVE-2023-21348.json) (`2023-11-03T18:59:46.813`)
* [CVE-2023-44375](CVE-2023/CVE-2023-443xx/CVE-2023-44375.json) (`2023-11-03T19:45:39.960`)
* [CVE-2023-44162](CVE-2023/CVE-2023-441xx/CVE-2023-44162.json) (`2023-11-03T19:46:03.623`)
* [CVE-2023-44267](CVE-2023/CVE-2023-442xx/CVE-2023-44267.json) (`2023-11-03T19:50:57.197`)
* [CVE-2023-43738](CVE-2023/CVE-2023-437xx/CVE-2023-43738.json) (`2023-11-03T19:53:08.763`)
* [CVE-2023-5051](CVE-2023/CVE-2023-50xx/CVE-2023-5051.json) (`2023-11-03T19:58:53.517`)
* [CVE-2023-46505](CVE-2023/CVE-2023-465xx/CVE-2023-46505.json) (`2023-11-03T20:05:18.503`)
* [CVE-2023-46376](CVE-2023/CVE-2023-463xx/CVE-2023-46376.json) (`2023-11-03T20:11:37.757`)
* [CVE-2023-32567](CVE-2023/CVE-2023-325xx/CVE-2023-32567.json) (`2023-11-03T20:15:08.877`)
* [CVE-2023-39332](CVE-2023/CVE-2023-393xx/CVE-2023-39332.json) (`2023-11-03T20:15:08.997`)
* [CVE-2023-46091](CVE-2023/CVE-2023-460xx/CVE-2023-46091.json) (`2023-11-03T20:19:18.047`)
* [CVE-2023-46093](CVE-2023/CVE-2023-460xx/CVE-2023-46093.json) (`2023-11-03T20:19:59.937`)
* [CVE-2023-46153](CVE-2023/CVE-2023-461xx/CVE-2023-46153.json) (`2023-11-03T20:20:12.173`)
* [CVE-2023-37913](CVE-2023/CVE-2023-379xx/CVE-2023-37913.json) (`2023-11-03T20:22:05.087`)
* [CVE-2023-46375](CVE-2023/CVE-2023-463xx/CVE-2023-46375.json) (`2023-11-03T20:23:34.067`)
* [CVE-2023-46491](CVE-2023/CVE-2023-464xx/CVE-2023-46491.json) (`2023-11-03T20:23:49.313`)
* [CVE-2023-46374](CVE-2023/CVE-2023-463xx/CVE-2023-46374.json) (`2023-11-03T20:23:58.070`)
* [CVE-2023-42188](CVE-2023/CVE-2023-421xx/CVE-2023-42188.json) (`2023-11-03T20:34:28.027`)
* [CVE-2023-5139](CVE-2023/CVE-2023-51xx/CVE-2023-5139.json) (`2023-11-03T20:38:59.517`)
* [CVE-2023-5804](CVE-2023/CVE-2023-58xx/CVE-2023-5804.json) (`2023-11-03T20:42:53.070`)
* [CVE-2023-5774](CVE-2023/CVE-2023-57xx/CVE-2023-5774.json) (`2023-11-03T20:50:32.283`)
* [CVE-2023-5335](CVE-2023/CVE-2023-53xx/CVE-2023-5335.json) (`2023-11-03T20:52:50.230`)
* [CVE-2023-5565](CVE-2023/CVE-2023-55xx/CVE-2023-5565.json) (`2023-11-03T20:53:13.923`)
* [CVE-2023-5566](CVE-2023/CVE-2023-55xx/CVE-2023-5566.json) (`2023-11-03T20:53:30.187`)
* [CVE-2023-46199](CVE-2023/CVE-2023-461xx/CVE-2023-46199.json) (`2023-11-03T20:54:07.940`)
* [CVE-2023-46194](CVE-2023/CVE-2023-461xx/CVE-2023-46194.json) (`2023-11-03T20:55:05.450`)
## Download and Usage