admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-30T07:00:18.985920+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-30 07:00:22 +00:00
parent 28ade326bc
commit 7f1008727e
62 changed files with 3371 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
CVE-2021/CVE-2021-384xx/CVE-2021-38405.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-38405",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-21T19:15:07.647",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:39:30.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition\u00a0while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code\u00a0in the context of the current process."
},
{
"lang": "es",
"value": "La librer\u00eda Datalogics APDFL utilizada en los productos afectados es vulnerable a da\u00f1os en la memoria al analizar archivos PDF especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.2.0.7",
"matchCriteriaId": "E41637A0-726E-43B9-82DA-624F3EF8DC27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndExcluding": "13.1.0.8",
"matchCriteriaId": "94B8CCD8-EC9B-44EB-8E84-F7074F8A7B03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.2.0",
"versionEndExcluding": "13.2.0.7",
"matchCriteriaId": "1D30E398-C114-447E-9D4F-8D30B94ACF42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B60EA6-9F2D-4CB2-886C-82602E2BF117"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

77
CVE-2022/CVE-2022-367xx/CVE-2022-36777.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-36777",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-22T19:15:07.813",
"lastModified": "2023-11-22T19:46:41.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:03:35.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665."
},
{
"lang": "es",
"value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.16.0 podr\u00edan permitir a un usuario autenticado obtener informaci\u00f3n confidencial de la versi\u00f3n que podr\u00eda ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 233665."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0.0",
"versionEndIncluding": "1.10.11.0",
"matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.12.0",
"versionEndExcluding": "1.10.17.0",
"matchCriteriaId": "23359E10-1A2B-4836-AFAD-076DFE620B45"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233665",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7080058",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-24xx/CVE-2023-2446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2446",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T08:15:07.020",
"lastModified": "2023-11-22T18:15:08.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:27:35.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.1.2",
"matchCriteriaId": "9EF7A2C9-4F0D-41BE-B9F6-41AC4F2606DE"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-24xx/CVE-2023-2447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2447",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T08:15:07.410",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:27:03.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.1.2",
"matchCriteriaId": "9EF7A2C9-4F0D-41BE-B9F6-41AC4F2606DE"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0372efe4-b5be-4601-be43-5c12332ea1a5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-256xx/CVE-2023-25682.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25682",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-22T19:15:08.110",
"lastModified": "2023-11-22T19:46:41.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:04:21.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034."
},
{
"lang": "es",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.1 almacena informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer. ID de IBM X-Force: 247034."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.0.0.0",
"versionEndExcluding": "6.0.3.9",
"matchCriteriaId": "E7DDAD8D-DE16-41C4-AE06-9EECE1F56B41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.1.0.0",
"versionEndExcluding": "6.1.2.3",
"matchCriteriaId": "027F8527-E3D4-4CFF-9117-FC91CF3489C6"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247034",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7080172",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2602.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2602",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-06T20:15:12.760",
"lastModified": "2023-11-29T03:15:41.910",
"lastModified": "2023-11-30T05:15:08.650",
"vulnStatus": "Modified",
"descriptions": [
{
@ -157,6 +157,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/",
"source": "secalert@redhat.com"

6
CVE-2023/CVE-2023-26xx/CVE-2023-2603.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2603",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-06T20:15:13.187",
"lastModified": "2023-11-29T03:15:42.043",
"lastModified": "2023-11-30T05:15:08.800",
"vulnStatus": "Modified",
"descriptions": [
{
@ -138,6 +138,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/",
"source": "secalert@redhat.com"

65
CVE-2023/CVE-2023-423xx/CVE-2023-42363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T22:15:07.940",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:06:49.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 una vulnerabilidad de use-after-free en la funci\u00f3n xasprintf en xfuncs_printf.c:344 en BusyBox v.1.36.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F729D66A-538E-421E-961F-8A484E6C6106"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.busybox.net/show_bug.cgi?id=15865",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-423xx/CVE-2023-42364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T23:15:07.313",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:07:10.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de use-after-free en BusyBox v.1.36.1 permite a los atacantes provocar una denegaci\u00f3n de servicio mediante un patr\u00f3n awk manipulado en la funci\u00f3n de evaluaci\u00f3n awk.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F729D66A-538E-421E-961F-8A484E6C6106"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.busybox.net/show_bug.cgi?id=15868",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-423xx/CVE-2023-42365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42365",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T23:15:07.373",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:08:08.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 una vulnerabilidad de use-after-free en BusyBox v.1.36.1 mediante un patr\u00f3n awk manipulado en la funci\u00f3n copyvar awk.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F729D66A-538E-421E-961F-8A484E6C6106"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.busybox.net/show_bug.cgi?id=15871",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-423xx/CVE-2023-42366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42366",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T23:15:07.420",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:08:23.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 un desbordamiento del b\u00fafer del heap en BusyBox v.1.36.1 en la funci\u00f3n next_token en awk.c:1159."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F729D66A-538E-421E-961F-8A484E6C6106"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.busybox.net/show_bug.cgi?id=15874",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-42xx/CVE-2023-4221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4221",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:07.910",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:35:37.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,22 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.24",
"matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4221",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-42xx/CVE-2023-4222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4222",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:08.307",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:35:10.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,22 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.24",
"matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4222",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-42xx/CVE-2023-4223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4223",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:08.803",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:35:04.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,26 +80,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.24",
"matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/3d74fb7d99bd2e287730552f7a66562417a55047",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4223",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-42xx/CVE-2023-4224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4224",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:09.213",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:34:56.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,26 +80,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.24",
"matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4224",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-42xx/CVE-2023-4225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4225",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:09.607",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:34:43.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,26 +80,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.24",
"matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4225",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-42xx/CVE-2023-4226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4226",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:10.430",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:34:06.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,26 +80,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.24",
"matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4226",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-42xx/CVE-2023-4252.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-4252",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:08.517",
"lastModified": "2023-11-27T19:03:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:08:39.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment."
},
{
"lang": "es",
"value": "El complemento EventPrime de WordPress hasta la versi\u00f3n 3.2.9 especifica el precio de una reserva en la solicitud del cliente, lo que permite a un atacante comprar reservas sin pago."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.9",
"matchCriteriaId": "FB7ABCDA-E63E-49E8-A4DC-372E81F48E27"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d2019e59-db6c-4014-8057-0644c9a00665",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-42xx/CVE-2023-4297.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-4297",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:08.563",
"lastModified": "2023-11-27T19:03:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:15:24.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories."
},
{
"lang": "es",
"value": "El complemento Mmm Simple File List de WordPress hasta la versi\u00f3n 2.3 no valida la ruta generada para enumerar los archivos, lo que permite a cualquier usuario autenticado, como suscriptores, enumerar el contenido de directorios arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediamanifesto:mmm_simple_file_list:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3",
"matchCriteriaId": "A721AEE2-A9B4-4768-8B42-13FC1198D13B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-430xx/CVE-2023-43082.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43082",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-22T17:15:18.940",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:41:37.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.\n\n"
},
{
"lang": "es",
"value": "Dell Unity anterior a 5.3 contiene una vulnerabilidad de tipo \"man in the middle\" en el componente vmadapter. Si un cliente tiene un certificado firmado por una autoridad de certificaci\u00f3n p\u00fablica de terceros, un atacante podr\u00eda falsificar la CA de vCenter y obtener un certificado firmado por una CA."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.0.0.5.120",
"matchCriteriaId": "39CE8E4C-9B83-4FF4-A662-393566EAAAB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_xt_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.0.0.5.120",
"matchCriteriaId": "D273B881-FD6C-49AB-BD83-1C12251FAAEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unityvsa_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.0.0.5.120",
"matchCriteriaId": "D8155312-9B7C-4A0B-A494-3E5D4AE81B40"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-430xx/CVE-2023-43086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43086",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:46.203",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:04:44.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:command\\|configure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.11.0",
"matchCriteriaId": "9B2C8ECB-DF22-4790-B6AA-EC705851AC70"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218424/dsa-2023-387-security-update-for-a-dell-command-configure-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-438xx/CVE-2023-43887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.747",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:43:21.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Se descubri\u00f3 que Libde265 v1.0.12 conten\u00eda m\u00faltiples desbordamientos del b\u00fafer a trav\u00e9s de los par\u00e1metros num_tile_columns y num_tile_row en la funci\u00f3n pic_parameter_set::dump."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libde265:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A736D1CB-9F33-4561-B10C-4074DF6C02F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/strukturag/libde265/issues/418",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

57
CVE-2023/CVE-2023-442xx/CVE-2023-44289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44289",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:46.950",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:04:54.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:command\\|configure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.11.0",
"matchCriteriaId": "9B2C8ECB-DF22-4790-B6AA-EC705851AC70"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-442xx/CVE-2023-44290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44290",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:47.710",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:05:09.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:command\\|monitor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.10.0",
"matchCriteriaId": "95F3D153-2BF6-4F04-8D1E-9B63BC159DC4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-453xx/CVE-2023-45377.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-45377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.083",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:42:43.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Chronopost Official\" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"Chronopost Official\" (chronopost) para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El script PHP `cancelSkybill.php` posee llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chronopost:chronopost:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "6.2.1",
"matchCriteriaId": "02B54147-C268-4952-983A-77CDE56D219D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/fr/transporteurs/19561-chronopost-officiel.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2023/11/21/chronopost.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-45xx/CVE-2023-4514.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-4514",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:08.610",
"lastModified": "2023-11-27T19:03:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:15:38.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento Mmm Simple File List de WordPress hasta la versi\u00f3n 2.3 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar un ataque de Cross-Site Scripting Almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediamanifesto:mmm_simple_file_list:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3",
"matchCriteriaId": "A721AEE2-A9B4-4768-8B42-13FC1198D13B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/365b15e6-3755-4ed5-badd-c9dd962bd9fa",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-463xx/CVE-2023-46357.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46357",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.797",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:25:06.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "En el m\u00f3dulo \"Cross Selling in Modal Cart\" (motivationsale) < 3.5.0 de MyPrestaModules para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El m\u00e9todo `motivationsaleDataModel::getProductsByIds()` tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myprestamodules:cross_selling_in_modal_cart:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "A1213CB0-6CA7-482D-A2CC-46A199D2FCD2"
}
]
}
]
}
],
"references": [
{
"url": "https://addons.prestashop.com/fr/ventes-croisees-packs-produits/16122-cross-selling-in-modal-cart.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2023/11/21/motivationsale.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-465xx/CVE-2023-46575.json
View File

@ -2,31 +2,100 @@
"id": "CVE-2023-46575",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-24T14:15:08.337",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:05:57.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Meshery anterior a 0.6.179 permite a un atacante remoto obtener informaci\u00f3n confidencial y ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de orden."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.6.179",
"matchCriteriaId": "D47AB9D1-CEE4-4EAA-B7FD-CFBD680E4A72"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/meshery/meshery/compare/v0.6.178...v0.6.179",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/meshery/meshery/pull/9372",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://meshery.io",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-473xx/CVE-2023-47312.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.207",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:31:43.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries."
},
{
"lang": "es",
"value": "Headwind MDM Web panel 5.22.1 es vulnerable a un control de acceso incorrecto debido a una fuga de credenciales de inicio de sesi\u00f3n a trav\u00e9s de entradas de auditor\u00eda."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74956AFE-5BBC-40AA-97A4-61F4E2A595FC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47312/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-473xx/CVE-2023-47313.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47313",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.260",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:31:58.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal."
},
{
"lang": "es",
"value": "Headwind MDM Web panel 5.22.1 es vulnerable a Directory Traversal."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74956AFE-5BBC-40AA-97A4-61F4E2A595FC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47313/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-473xx/CVE-2023-47314.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.327",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:32:07.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload."
},
{
"lang": "es",
"value": "Headwind MDM Web panel 5.22.1 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de la carga de archivos no controlada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74956AFE-5BBC-40AA-97A4-61F4E2A595FC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47314/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-473xx/CVE-2023-47315.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47315",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.377",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:32:18.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret."
},
{
"lang": "es",
"value": "Headwind MDM Web panel 5.22.1 es vulnerable a un control de acceso incorrecto debido a un JWT Secret codificado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74956AFE-5BBC-40AA-97A4-61F4E2A595FC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47315/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-473xx/CVE-2023-47316.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47316",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T17:15:22.490",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:33:57.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls."
},
{
"lang": "es",
"value": "Headwind MDM Web panel 5.22.1 es vulnerable a un control de acceso incorrecto. El panel web permite a los usuarios obtener acceso a llamadas API potencialmente confidenciales, como listas de usuarios y sus datos, llamadas API de administraci\u00f3n de archivos y llamadas API relacionadas con auditor\u00edas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74956AFE-5BBC-40AA-97A4-61F4E2A595FC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://boltonshield.com/en/cve/cve-2023-47316/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-474xx/CVE-2023-47418.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47418",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T06:15:46.873",
"lastModified": "2023-11-30T06:15:46.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Onlyning/0cf7b1c597a36dd3a2e9ec948b881ac8",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Onlyning/O2OA",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-474xx/CVE-2023-47463.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47463",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T05:15:08.950",
"lastModified": "2023-11-30T05:15:08.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/an%20unauthenticated%20remote%20code%20execution.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-474xx/CVE-2023-47464.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47464",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T05:15:09.060",
"lastModified": "2023-11-30T05:15:09.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Creation%20Through%20API%20upload.md",
"source": "cve@mitre.org"
}
]
}

66
CVE-2023/CVE-2023-476xx/CVE-2023-47631.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47631",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T21:15:13.230",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:39:17.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server may modify it to set a fake `parent_id` and send a task of a non-whitelisted algorithm. The node will then execute it because the `parent_id` that is set prevents checks from being run. This impacts all servers that are breached by an expert user. This vulnerability has been patched in version 4.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "vantage6 es un framework para gestionar e implementar tecnolog\u00edas que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). En las versiones afectadas, un nodo no verifica si se permite ejecutar una imagen si se establece un \"parent_id\". Una parte malintencionada que infrinja el servidor puede modificarlo para establecer un \"parent_id\" falso y enviar una tarea de un algoritmo no incluido en la lista blanca. Luego, el nodo lo ejecutar\u00e1 porque el `parent_id` que est\u00e1 configurado impide que se ejecuten comprobaciones. Esto afecta a todos los servidores que son vulnerados por un usuario experto. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.1.2. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.2",
"matchCriteriaId": "AA80D733-13E5-422D-AE21-D8A229C86329"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vantage6:vantage6:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D2D1C28-176B-419C-8467-81E91C501EC6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/blob/version/4.1.1/vantage6-node/vantage6/node/docker/docker_manager.py#L265-L268",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/vantage6/vantage6/commit/bf83521eb12fa80aa5fc92ef1692010a9a7f8243",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-vc3v-ppc7-v486",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-476xx/CVE-2023-47668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47668",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.367",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:16:17.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liquidweb:restrict_content:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.7",
"matchCriteriaId": "11098384-7D38-41E5-B9C7-03942E139765"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/restrict-content/wordpress-restrict-content-plugin-3-2-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-487xx/CVE-2023-48701.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48701",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T23:15:08.510",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:39:05.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the \"Forms\" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0."
},
{
"lang": "es",
"value": "Statamic CMS es un Content Management System (CMS) impulsado por Laravel y Git. Antes de las versiones 3.4.15 y 4.36.0, los archivos HTML manipulados para que parecieran im\u00e1genes se pod\u00edan cargar independientemente de la validaci\u00f3n MIME. Esto solo se aplica en formularios frontales que utilizan la funci\u00f3n \"Formularios\" que contiene un campo de activos, o dentro del panel de control que requiere autenticaci\u00f3n. Este problema se solucion\u00f3 en 3.4.15 y 4.36.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.15",
"matchCriteriaId": "92211257-0038-4BA8-9FE8-60411F0EE0A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.36.0",
"matchCriteriaId": "9DD9A167-6E31-4175-9BEF-CFC86ED9ECC2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/statamic/cms/releases/tag/v3.4.15",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/statamic/cms/releases/tag/v4.36.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-490xx/CVE-2023-49076.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49076",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T06:15:46.937",
"lastModified": "2023-11-30T06:15:46.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/customer-data-framework/commit/ef7414415cfa64189b8433eff0aa2a9b537a89f7.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-xx63-4jr8-9ghc",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-490xx/CVE-2023-49087.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49087",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T06:15:47.173",
"lastModified": "2023-11-30T06:15:47.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-490xx/CVE-2023-49094.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-49094",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T05:15:09.123",
"lastModified": "2023-11-30T05:15:09.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/getsentry/symbolicator/commit/9db2fb9197dd200d62aacebd8efef4df7678865a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/symbolicator/pull/1332",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/symbolicator/releases/tag/23.11.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/symbolicator/security/advisories/GHSA-6576-pr6j-h9c6",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-490xx/CVE-2023-49097.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49097",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T05:15:09.503",
"lastModified": "2023-11-30T05:15:09.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. This issue has been patched in versions 2.41.6, 2.40.10 and 2.39.9.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-2wmj-46rj-qm2w",
"source": "security-advisories@github.com"
}
]
}

84
CVE-2023/CVE-2023-492xx/CVE-2023-49213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49213",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T22:15:07.290",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:38:33.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,89 @@
"value": "Los endpoints API en Ironman PowerShell Universal 3.0.0 a 4.2.0 permiten a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de solicitudes HTTP manipuladas si se usa un bloque param, debido a una sanitizaci\u00f3n no v\u00e1lida de las cadenas de entrada. Las versiones corregidas son 3.10.2, 4.1.10 y 4.2.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ironmansoftware:powershell_universal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.10.2",
"matchCriteriaId": "4E5F224B-9DE4-4130-B288-3FBA11A41BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ironmansoftware:powershell_universal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.10",
"matchCriteriaId": "B49B70BE-26BA-48D1-9947-974C1A3C7D95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ironmansoftware:powershell_universal:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE9B630-6BA4-45BF-86DD-1BDEE8BD84B0"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.ironmansoftware.com/powershell-universal-apis-cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://docs.powershelluniversal.com/changelogs/changelog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

63
CVE-2023/CVE-2023-52xx/CVE-2023-5274.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5274",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-30T05:15:09.983",
"lastModified": "2023-11-30T05:15:09.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU98760962/index.html",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
}
]
}

63
CVE-2023/CVE-2023-52xx/CVE-2023-5275.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5275",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-30T05:15:10.400",
"lastModified": "2023-11-30T05:15:10.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU98760962/index.html",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
}
]
}

69
CVE-2023/CVE-2023-59xx/CVE-2023-5942.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5942",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:09.563",
"lastModified": "2023-11-27T19:03:35.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:24:55.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento Medialist de WordPress anterior a 1.4.1 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drelton:medialist:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "30FB78FA-EA47-45FA-8D3F-9A0F7587C682"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/914559e1-eed5-4a69-8371-a48055835453",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-62xx/CVE-2023-6253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6253",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2023-11-22T12:15:22.963",
"lastModified": "2023-11-28T17:15:08.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:40:53.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versi\u00f3n 7.9.4 permite a un atacante local recuperar la clave de desinstalaci\u00f3n y eliminar el software extrayendo la clave de desinstalaci\u00f3n de la memoria del archivo de desinstalaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
},
{
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"type": "Secondary",
@ -27,22 +60,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortra:digital_guardian_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.9.4",
"matchCriteriaId": "BA40A180-146B-477B-9565-7B619F3CAB5D"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/14",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://r.sec-consult.com/fortra",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.fortra.com/security",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"tags": [
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-62xx/CVE-2023-6265.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6265",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-11-22T20:15:09.600",
"lastModified": "2023-11-27T23:15:07.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:04:31.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -50,18 +80,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "564753CE-A701-4D76-94D8-C452AF0C5E82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "450254FB-7A86-4405-8E1F-69E249D29C62"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit"
]
},
{
"url": "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
},
{
"url": "https://www.draytek.com/products/vigor2960/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6300",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T00:15:07.377",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:23:34.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0B90AE-6DFA-40B1-A97C-B445F29F3EB3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246126",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246126",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6301",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T00:15:07.597",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:22:55.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0B90AE-6DFA-40B1-A97C-B445F29F3EB3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246127",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246127",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6305",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T01:15:07.463",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:22:45.997",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayuri_k:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A505CD8-96F0-4C93-AFB6-DCC534B5BC45"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246131",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246131",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6306",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T02:15:42.133",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:17:21.207",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayuri_k:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A505CD8-96F0-4C93-AFB6-DCC534B5BC45"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246132",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246132",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6310",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T02:15:43.007",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:37:19.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:razormist:loan_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B340CFE4-DBA8-40EB-B73D-1A294A9BB502"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/joinia/webray.com.cn/blob/main/Loan-Management-System/lmssql%20-%20browser.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246136",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246136",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-63xx/CVE-2023-6311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6311",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T02:15:43.237",
"lastModified": "2023-11-27T13:52:15.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:37:42.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:razormist:loan_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B340CFE4-DBA8-40EB-B73D-1A294A9BB502"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/joinia/webray.com.cn/blob/main/Loan-Management-System/lmssql%20-%20deleteltype.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246137",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246137",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-63xx/CVE-2023-6312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6312",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-27T03:15:07.420",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T05:38:10.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:razormist:loan_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B340CFE4-DBA8-40EB-B73D-1A294A9BB502"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/joinia/webray.com.cn/blob/main/Loan-Management-System/lmssql%20-%20deleteuser.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.246138",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.246138",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-63xx/CVE-2023-6345.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6345",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.077",
"lastModified": "2023-11-30T04:15:08.267",
"lastModified": "2023-11-30T05:15:10.793",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1505053",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/",
"source": "chrome-cve-admin@google.com"

6
CVE-2023/CVE-2023-63xx/CVE-2023-6346.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6346",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.310",
"lastModified": "2023-11-30T04:15:08.313",
"lastModified": "2023-11-30T05:15:10.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1500856",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/",
"source": "chrome-cve-admin@google.com"

6
CVE-2023/CVE-2023-63xx/CVE-2023-6347.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6347",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.357",
"lastModified": "2023-11-30T04:15:08.350",
"lastModified": "2023-11-30T05:15:10.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1494461",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/",
"source": "chrome-cve-admin@google.com"

6
CVE-2023/CVE-2023-63xx/CVE-2023-6350.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6350",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.450",
"lastModified": "2023-11-30T04:15:08.437",
"lastModified": "2023-11-30T05:15:10.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1501766",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/",
"source": "chrome-cve-admin@google.com"

6
CVE-2023/CVE-2023-63xx/CVE-2023-6351.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6351",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.497",
"lastModified": "2023-11-30T04:15:08.483",
"lastModified": "2023-11-30T05:15:11.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1501770",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/",
"source": "chrome-cve-admin@google.com"

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-30T05:00:17.520731+00:00
2023-11-30T07:00:18.985920+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-30T04:58:34.337000+00:00
2023-11-30T06:15:47.173000+00:00
```
### Last Data Feed Release
@ -29,46 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231725
231734
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `9`
* [CVE-2023-5247](CVE-2023/CVE-2023-52xx/CVE-2023-5247.json) (`2023-11-30T04:15:07.867`)
* [CVE-2023-5772](CVE-2023/CVE-2023-57xx/CVE-2023-5772.json) (`2023-11-30T04:15:08.090`)
* [CVE-2023-47463](CVE-2023/CVE-2023-474xx/CVE-2023-47463.json) (`2023-11-30T05:15:08.950`)
* [CVE-2023-47464](CVE-2023/CVE-2023-474xx/CVE-2023-47464.json) (`2023-11-30T05:15:09.060`)
* [CVE-2023-49094](CVE-2023/CVE-2023-490xx/CVE-2023-49094.json) (`2023-11-30T05:15:09.123`)
* [CVE-2023-49097](CVE-2023/CVE-2023-490xx/CVE-2023-49097.json) (`2023-11-30T05:15:09.503`)
* [CVE-2023-5274](CVE-2023/CVE-2023-52xx/CVE-2023-5274.json) (`2023-11-30T05:15:09.983`)
* [CVE-2023-5275](CVE-2023/CVE-2023-52xx/CVE-2023-5275.json) (`2023-11-30T05:15:10.400`)
* [CVE-2023-47418](CVE-2023/CVE-2023-474xx/CVE-2023-47418.json) (`2023-11-30T06:15:46.873`)
* [CVE-2023-49076](CVE-2023/CVE-2023-490xx/CVE-2023-49076.json) (`2023-11-30T06:15:46.937`)
* [CVE-2023-49087](CVE-2023/CVE-2023-490xx/CVE-2023-49087.json) (`2023-11-30T06:15:47.173`)
### CVEs modified in the last Commit
Recently modified CVEs: `27`
Recently modified CVEs: `52`
* [CVE-2023-34872](CVE-2023/CVE-2023-348xx/CVE-2023-34872.json) (`2023-11-30T04:15:07.530`)
* [CVE-2023-41983](CVE-2023/CVE-2023-419xx/CVE-2023-41983.json) (`2023-11-30T04:15:07.610`)
* [CVE-2023-42852](CVE-2023/CVE-2023-428xx/CVE-2023-42852.json) (`2023-11-30T04:15:07.713`)
* [CVE-2023-49316](CVE-2023/CVE-2023-493xx/CVE-2023-49316.json) (`2023-11-30T04:15:07.813`)
* [CVE-2023-6345](CVE-2023/CVE-2023-63xx/CVE-2023-6345.json) (`2023-11-30T04:15:08.267`)
* [CVE-2023-6346](CVE-2023/CVE-2023-63xx/CVE-2023-6346.json) (`2023-11-30T04:15:08.313`)
* [CVE-2023-6347](CVE-2023/CVE-2023-63xx/CVE-2023-6347.json) (`2023-11-30T04:15:08.350`)
* [CVE-2023-6348](CVE-2023/CVE-2023-63xx/CVE-2023-6348.json) (`2023-11-30T04:15:08.393`)
* [CVE-2023-6350](CVE-2023/CVE-2023-63xx/CVE-2023-6350.json) (`2023-11-30T04:15:08.437`)
* [CVE-2023-6351](CVE-2023/CVE-2023-63xx/CVE-2023-6351.json) (`2023-11-30T04:15:08.483`)
* [CVE-2023-47786](CVE-2023/CVE-2023-477xx/CVE-2023-47786.json) (`2023-11-30T04:55:18.567`)
* [CVE-2023-47773](CVE-2023/CVE-2023-477xx/CVE-2023-47773.json) (`2023-11-30T04:55:31.483`)
* [CVE-2023-49214](CVE-2023/CVE-2023-492xx/CVE-2023-49214.json) (`2023-11-30T04:56:01.197`)
* [CVE-2023-49215](CVE-2023/CVE-2023-492xx/CVE-2023-49215.json) (`2023-11-30T04:56:12.590`)
* [CVE-2023-49216](CVE-2023/CVE-2023-492xx/CVE-2023-49216.json) (`2023-11-30T04:56:18.617`)
* [CVE-2023-26279](CVE-2023/CVE-2023-262xx/CVE-2023-26279.json) (`2023-11-30T04:57:02.920`)
* [CVE-2023-28780](CVE-2023/CVE-2023-287xx/CVE-2023-28780.json) (`2023-11-30T04:57:09.813`)
* [CVE-2023-31075](CVE-2023/CVE-2023-310xx/CVE-2023-31075.json) (`2023-11-30T04:57:14.550`)
* [CVE-2023-31089](CVE-2023/CVE-2023-310xx/CVE-2023-31089.json) (`2023-11-30T04:57:21.053`)
* [CVE-2023-32245](CVE-2023/CVE-2023-322xx/CVE-2023-32245.json) (`2023-11-30T04:57:29.943`)
* [CVE-2023-32504](CVE-2023/CVE-2023-325xx/CVE-2023-32504.json) (`2023-11-30T04:57:38.217`)
* [CVE-2023-6117](CVE-2023/CVE-2023-61xx/CVE-2023-6117.json) (`2023-11-30T04:57:56.360`)
* [CVE-2023-32514](CVE-2023/CVE-2023-325xx/CVE-2023-32514.json) (`2023-11-30T04:58:09.607`)
* [CVE-2023-6189](CVE-2023/CVE-2023-61xx/CVE-2023-6189.json) (`2023-11-30T04:58:23.543`)
* [CVE-2023-2841](CVE-2023/CVE-2023-28xx/CVE-2023-2841.json) (`2023-11-30T04:58:34.337`)
* [CVE-2023-5942](CVE-2023/CVE-2023-59xx/CVE-2023-5942.json) (`2023-11-30T05:24:55.287`)
* [CVE-2023-46357](CVE-2023/CVE-2023-463xx/CVE-2023-46357.json) (`2023-11-30T05:25:06.343`)
* [CVE-2023-2447](CVE-2023/CVE-2023-24xx/CVE-2023-2447.json) (`2023-11-30T05:27:03.880`)
* [CVE-2023-2446](CVE-2023/CVE-2023-24xx/CVE-2023-2446.json) (`2023-11-30T05:27:35.683`)
* [CVE-2023-47312](CVE-2023/CVE-2023-473xx/CVE-2023-47312.json) (`2023-11-30T05:31:43.093`)
* [CVE-2023-47313](CVE-2023/CVE-2023-473xx/CVE-2023-47313.json) (`2023-11-30T05:31:58.807`)
* [CVE-2023-47314](CVE-2023/CVE-2023-473xx/CVE-2023-47314.json) (`2023-11-30T05:32:07.377`)
* [CVE-2023-47315](CVE-2023/CVE-2023-473xx/CVE-2023-47315.json) (`2023-11-30T05:32:18.157`)
* [CVE-2023-47316](CVE-2023/CVE-2023-473xx/CVE-2023-47316.json) (`2023-11-30T05:33:57.420`)
* [CVE-2023-4226](CVE-2023/CVE-2023-42xx/CVE-2023-4226.json) (`2023-11-30T05:34:06.420`)
* [CVE-2023-4225](CVE-2023/CVE-2023-42xx/CVE-2023-4225.json) (`2023-11-30T05:34:43.333`)
* [CVE-2023-4224](CVE-2023/CVE-2023-42xx/CVE-2023-4224.json) (`2023-11-30T05:34:56.030`)
* [CVE-2023-4223](CVE-2023/CVE-2023-42xx/CVE-2023-4223.json) (`2023-11-30T05:35:04.377`)
* [CVE-2023-4222](CVE-2023/CVE-2023-42xx/CVE-2023-4222.json) (`2023-11-30T05:35:10.733`)
* [CVE-2023-4221](CVE-2023/CVE-2023-42xx/CVE-2023-4221.json) (`2023-11-30T05:35:37.737`)
* [CVE-2023-6310](CVE-2023/CVE-2023-63xx/CVE-2023-6310.json) (`2023-11-30T05:37:19.430`)
* [CVE-2023-6311](CVE-2023/CVE-2023-63xx/CVE-2023-6311.json) (`2023-11-30T05:37:42.547`)
* [CVE-2023-6312](CVE-2023/CVE-2023-63xx/CVE-2023-6312.json) (`2023-11-30T05:38:10.237`)
* [CVE-2023-49213](CVE-2023/CVE-2023-492xx/CVE-2023-49213.json) (`2023-11-30T05:38:33.027`)
* [CVE-2023-48701](CVE-2023/CVE-2023-487xx/CVE-2023-48701.json) (`2023-11-30T05:39:05.507`)
* [CVE-2023-47631](CVE-2023/CVE-2023-476xx/CVE-2023-47631.json) (`2023-11-30T05:39:17.947`)
* [CVE-2023-6253](CVE-2023/CVE-2023-62xx/CVE-2023-6253.json) (`2023-11-30T05:40:53.983`)
* [CVE-2023-43082](CVE-2023/CVE-2023-430xx/CVE-2023-43082.json) (`2023-11-30T05:41:37.050`)
* [CVE-2023-45377](CVE-2023/CVE-2023-453xx/CVE-2023-45377.json) (`2023-11-30T05:42:43.520`)
* [CVE-2023-43887](CVE-2023/CVE-2023-438xx/CVE-2023-43887.json) (`2023-11-30T05:43:21.497`)
## Download and Usage