From 80c8d9412166c5cfe4aebe5605097a0754f28170 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 13 Nov 2023 15:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-11-13T15:00:18.461274+00:00 --- CVE-2020/CVE-2020-102xx/CVE-2020-10224.json | 6 +- CVE-2020/CVE-2020-102xx/CVE-2020-10225.json | 6 +- CVE-2021/CVE-2021-392xx/CVE-2021-39232.json | 6 +- CVE-2021/CVE-2021-392xx/CVE-2021-39235.json | 6 +- CVE-2022/CVE-2022-43xx/CVE-2022-4393.json | 6 +- CVE-2023/CVE-2023-310xx/CVE-2023-31016.json | 83 ++++++++++++++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38965.json | 71 ++++++++++++++++-- CVE-2023/CVE-2023-403xx/CVE-2023-40335.json | 8 +- CVE-2023/CVE-2023-460xx/CVE-2023-46092.json | 8 +- CVE-2023/CVE-2023-462xx/CVE-2023-46201.json | 8 +- CVE-2023/CVE-2023-464xx/CVE-2023-46490.json | 73 ++++++++++++++++-- CVE-2023/CVE-2023-466xx/CVE-2023-46634.json | 8 +- CVE-2023/CVE-2023-475xx/CVE-2023-47516.json | 8 +- CVE-2023/CVE-2023-476xx/CVE-2023-47652.json | 8 +- CVE-2023/CVE-2023-478xx/CVE-2023-47801.json | 8 +- CVE-2023/CVE-2023-47xx/CVE-2023-4775.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5199.json | 66 ++++++++++++++-- CVE-2023/CVE-2023-53xx/CVE-2023-5362.json | 76 +++++++++++++++++-- CVE-2023/CVE-2023-55xx/CVE-2023-5583.json | 66 ++++++++++++++-- CVE-2023/CVE-2023-56xx/CVE-2023-5666.json | 72 ++++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5741.json | 8 +- CVE-2023/CVE-2023-57xx/CVE-2023-5747.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5813.json | 60 +++++++++++++-- CVE-2023/CVE-2023-58xx/CVE-2023-5814.json | 60 +++++++++++++-- CVE-2023/CVE-2023-58xx/CVE-2023-5834.json | 61 ++++++++++++++- CVE-2023/CVE-2023-60xx/CVE-2023-6097.json | 55 ++++++++++++++ CVE-2023/CVE-2023-60xx/CVE-2023-6098.json | 55 ++++++++++++++ README.md | 41 +++++++--- 28 files changed, 852 insertions(+), 97 deletions(-) create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6097.json create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6098.json diff --git a/CVE-2020/CVE-2020-102xx/CVE-2020-10224.json b/CVE-2020/CVE-2020-102xx/CVE-2020-10224.json index 350e8df7c5f..a6145ac2028 100644 --- a/CVE-2020/CVE-2020-102xx/CVE-2020-10224.json +++ b/CVE-2020/CVE-2020-102xx/CVE-2020-10224.json @@ -2,7 +2,7 @@ "id": "CVE-2020-10224", "sourceIdentifier": "cve@mitre.org", "published": "2020-03-08T23:15:11.113", - "lastModified": "2020-03-09T18:09:01.090", + "lastModified": "2023-11-13T14:48:29.607", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:phpgurukul_online_book_store:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "C6225B47-D848-4E0C-B228-C98D52FE0F4F" + "criteria": "cpe:2.3:a:phpgurukul:online_book_store:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "75692523-DEAE-4E19-B3DE-1B7986841065" } ] } diff --git a/CVE-2020/CVE-2020-102xx/CVE-2020-10225.json b/CVE-2020/CVE-2020-102xx/CVE-2020-10225.json index 817734b5ea1..cef199a9585 100644 --- a/CVE-2020/CVE-2020-102xx/CVE-2020-10225.json +++ b/CVE-2020/CVE-2020-102xx/CVE-2020-10225.json @@ -2,7 +2,7 @@ "id": "CVE-2020-10225", "sourceIdentifier": "cve@mitre.org", "published": "2020-03-08T23:15:11.193", - "lastModified": "2020-03-09T18:08:16.917", + "lastModified": "2023-11-13T14:45:01.140", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:phpgurukul_job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "84E17166-B5E7-465F-A671-2A4D6BC23D76" + "criteria": "cpe:2.3:a:phpgurukul:job_portal:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4C12CCE-8671-4C69-A7BF-91D14FB9BC51" } ] } diff --git a/CVE-2021/CVE-2021-392xx/CVE-2021-39232.json b/CVE-2021/CVE-2021-392xx/CVE-2021-39232.json index d5d8fe3648a..b960aaf195b 100644 --- a/CVE-2021/CVE-2021-392xx/CVE-2021-39232.json +++ b/CVE-2021/CVE-2021-392xx/CVE-2021-39232.json @@ -2,7 +2,7 @@ "id": "CVE-2021-39232", "sourceIdentifier": "security@apache.org", "published": "2021-11-19T10:15:08.157", - "lastModified": "2023-11-07T03:37:37.270", + "lastModified": "2023-11-13T13:15:07.577", "vulnStatus": "Modified", "descriptions": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "source": "security@apache.org", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-749" + "value": "CWE-862" } ] } diff --git a/CVE-2021/CVE-2021-392xx/CVE-2021-39235.json b/CVE-2021/CVE-2021-392xx/CVE-2021-39235.json index ef946391da4..d41501f8359 100644 --- a/CVE-2021/CVE-2021-392xx/CVE-2021-39235.json +++ b/CVE-2021/CVE-2021-392xx/CVE-2021-39235.json @@ -2,7 +2,7 @@ "id": "CVE-2021-39235", "sourceIdentifier": "security@apache.org", "published": "2021-11-19T10:15:08.303", - "lastModified": "2023-11-07T03:37:37.487", + "lastModified": "2023-11-13T13:15:07.703", "vulnStatus": "Modified", "descriptions": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "source": "security@apache.org", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-1220" + "value": "CWE-732" } ] } diff --git a/CVE-2022/CVE-2022-43xx/CVE-2022-4393.json b/CVE-2022/CVE-2022-43xx/CVE-2022-4393.json index 8477bcfbd14..4f2f383834a 100644 --- a/CVE-2022/CVE-2022-43xx/CVE-2022-4393.json +++ b/CVE-2022/CVE-2022-43xx/CVE-2022-4393.json @@ -2,7 +2,7 @@ "id": "CVE-2022-4393", "sourceIdentifier": "contact@wpscan.com", "published": "2023-01-09T23:15:28.033", - "lastModified": "2023-11-07T03:57:44.380", + "lastModified": "2023-11-13T14:11:26.470", "vulnStatus": "Modified", "descriptions": [ { @@ -55,9 +55,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:imagelinks_interactive_image_builder_project:imagelinks_interactive_image_builder:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:avirtum:imagelinks:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.5.4", - "matchCriteriaId": "6379F620-9CC9-4F27-8D18-25851B43E515" + "matchCriteriaId": "8456B623-DCA3-4562-B44E-3B566635EF37" } ] } diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31016.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31016.json index fe573a2892e..ef89a0e19e8 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31016.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31016.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31016", "sourceIdentifier": "psirt@nvidia.com", "published": "2023-11-02T19:15:40.947", - "lastModified": "2023-11-03T13:22:51.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-13T14:22:41.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -50,10 +80,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.9", + "matchCriteriaId": "A173FE3C-139F-4100-9CE2-20B72DE4B345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "15.4", + "matchCriteriaId": "98A00760-DA5C-4590-B7D0-95BA75AD06B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.2", + "matchCriteriaId": "DF0CB34E-DA9B-436E-B710-0D71E8B31B7E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38965.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38965.json index e479ac67225..0dba89eac08 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38965.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38965.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38965", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-03T05:15:29.400", - "lastModified": "2023-11-03T13:22:51.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-13T14:46:29.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "Lost and Found Information System 1.0 permite la toma de control de cuentas mediante nombre de usuario y contrase\u00f1a en un /classes/Users.php?f=save URI." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json index 44c8176d030..1c1e595e90b 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40335", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T10:15:07.540", - "lastModified": "2023-11-13T10:15:07.540", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jeremy O'Connell Cleverwise Daily Quotes permite almacenar XSS. Este problema afecta a Cleverwise Daily Quotes: desde n/a hasta 3.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json index b3db29fac20..8d8b997cd22 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46092", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T10:15:07.747", - "lastModified": "2023-11-13T10:15:07.747", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en LionScripts.Com Webmaster Tools permite almacenar XSS. Este problema afecta a Webmaster Tools: desde n/a hasta 2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46201.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46201.json index 207c3b8d7b9..16a66d765a1 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46201.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46201.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46201", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T05:15:08.650", - "lastModified": "2023-11-13T05:15:08.650", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jeff Sherk Auto Login New User After Registration permite almacenar XSS. Este problema afecta Auto Login New User After Registration: desde n/a hasta 1.9.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46490.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46490.json index 7ce5b38038b..32b6ec6a3fe 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46490.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46490.json @@ -2,23 +2,86 @@ "id": "CVE-2023-46490", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T22:15:09.100", - "lastModified": "2023-10-29T01:44:22.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-13T14:30:41.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n SQL en Cacti v1.2.25 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n form_actions() en la funci\u00f3n managers.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:1.2.25:*:*:*:*:*:*:*", + "matchCriteriaId": "EF5814EC-CFCB-4066-9260-FF78B45E2089" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46634.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46634.json index d3551a9985b..9e8edf63289 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46634.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46634.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46634", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T04:15:08.050", - "lastModified": "2023-11-13T04:15:08.050", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through 2.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en phoeniixx Custom My Account for Woocommerce permite Cross-Site Scripting (XSS). Este problema afecta a Custom My Account for Woocommerce: desde n/a hasta 2.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47516.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47516.json index 6079174c6bd..2e2b460d0d6 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47516.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47516.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47516", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T04:15:08.287", - "lastModified": "2023-11-13T04:15:08.287", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Stark Digital Category Post List Widget permite almacenar XSS. Este problema afecta Category Post List Widget: desde n/a hasta 2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47652.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47652.json index 6e15a454278..04309851850 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47652.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47652.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47652", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T04:15:08.497", - "lastModified": "2023-11-13T04:15:08.497", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Lucian Apostol Auto Affiliate Links permite almacenar XSS. Este problema afecta a Auto Affiliate Links: desde n/a hasta 6.4.2.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47801.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47801.json index 37ee4679a51..c511de42bd0 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47801.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47801.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47801", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T09:15:25.637", - "lastModified": "2023-11-13T09:15:25.637", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Click Studios Passwordstate antes de 9811. Los usuarios existentes (administradores de seguridad) pod\u00edan usar System Wide API Key para leer o eliminar registros de contrase\u00f1as privadas cuando se usaban espec\u00edficamente con el endpoint de la API PasswordHistory. Tambi\u00e9n es posible utilizar Copy/Move Password Record API Key para Copy/Move registros de contrase\u00f1a privados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json index 53b231c13d4..615402f4c06 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4775", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-13T08:15:25.790", - "lastModified": "2023-11-13T08:15:25.790", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Advanced iFrame para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'advanced_iframe' en versiones hasta la 2023.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5199.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5199.json index 2f675c7267a..293103bbcea 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5199.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5199.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5199", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-30T14:15:09.307", - "lastModified": "2023-11-07T04:23:35.660", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-13T14:45:56.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "security@wordfence.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:php_to_page_project:php_to_page:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.3", + "matchCriteriaId": "0647A9FA-86F9-4D2C-A206-E867F87A0DBC" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/php-to-page/trunk/php-to-page.php?rev=441028#L22", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5362.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5362.json index d2938e10a75..a81ca524c61 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5362.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5362.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5362", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-30T14:15:09.733", - "lastModified": "2023-11-07T04:23:56.800", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-13T14:47:34.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -38,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:spicethemes:carousel\\,_recent_post_slider_and_banner_slider:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1", + "matchCriteriaId": "F54F7336-AB69-4F63-A122-1E0F27186ECB" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/spice-post-slider/tags/1.9/include/view/shortcode.php#L102", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/spice-post-slider/tags/2.0.1/include/view/shortcode.php?rev=2981648#L102", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2981654/spice-post-slider", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5583.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5583.json index f24f0d033c1..ba0e62abb2b 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5583.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5583.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5583", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-30T14:15:10.120", - "lastModified": "2023-11-07T04:24:10.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-13T14:48:58.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "security@wordfence.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:maca134:wp_simple_galleries:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.34", + "matchCriteriaId": "35368FE1-4B60-4F82-B31C-8E738865D347" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-simple-galleries/tags/1.34/wp-simple-gallery.php#L250", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5666.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5666.json index 1dbe411d7db..dcaca807df1 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5666.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5666.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5666", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-30T14:15:10.183", - "lastModified": "2023-11-07T04:24:13.910", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-13T14:50:14.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -38,18 +58,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themepoints:accordion:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.7", + "matchCriteriaId": "EDE40D65-D278-4E79-9364-6C6C4EF9E186" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/accordions-wp/trunk/theme/custom-wp-accordion-themes.php?rev=2406278#L24", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2982015/accordions-wp#file370", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8ada876-4a8b-494f-9132-d88a71b42c44?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json index a7d8757ca4b..26f001fc5bc 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5741", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-13T08:15:26.317", - "lastModified": "2023-11-13T08:15:26.317", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento POWR para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'powr-powr-pack' del complemento en todas las versiones hasta la 2.1.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json index 8c3fb097749..4a716f98a52 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5747", "sourceIdentifier": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "published": "2023-11-13T08:15:26.530", - "lastModified": "2023-11-13T09:15:25.720", - "vulnStatus": "Received", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution.\"" + }, + { + "lang": "es", + "value": "Bashis, es un Security Researcher at IPVM, encontr\u00f3 una falla que permite la ejecuci\u00f3n remota de c\u00f3digo durante la instalaci\u00f3n de Wave en el dispositivo de la c\u00e1mara. La aplicaci\u00f3n del servidor Wave en el dispositivo de la c\u00e1mara era vulnerable a la inyecci\u00f3n de comandos, lo que permit\u00eda a un atacante ejecutar c\u00f3digo arbitrario. HanwhaVision ha lanzado un firmware parcheado para la falla resaltada. Consulte el informe de seguridad de hanwhavision para obtener m\u00e1s informaci\u00f3n y soluciones\"." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5813.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5813.json index 59da9cf3141..30819d0e613 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5813.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5813.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5813", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-27T02:15:07.540", - "lastModified": "2023-11-07T04:24:26.283", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-13T14:15:08.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -39,7 +59,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -65,7 +85,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { @@ -75,14 +95,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:task_reminder_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "70C68150-E00B-4553-B3A2-9BD5003D39E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.243644", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.243644", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5814.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5814.json index 84432741522..40d28872e70 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5814.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5814.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5814", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-27T02:15:07.603", - "lastModified": "2023-11-07T04:24:26.650", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-13T14:15:05.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -39,7 +59,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -65,7 +85,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { @@ -75,14 +95,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:task_reminder_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "70C68150-E00B-4553-B3A2-9BD5003D39E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.243645", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.243645", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5834.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5834.json index dff82701d5f..03e9d4a6e47 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5834.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5834.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5834", "sourceIdentifier": "security@hashicorp.com", "published": "2023-10-27T22:15:09.163", - "lastModified": "2023-10-29T01:44:22.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-13T14:34:59.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0." + }, + { + "lang": "es", + "value": "El instalador HashiCorp Vagrant de Windows apunt\u00f3 a una ubicaci\u00f3n personalizada con una ruta no protegida que pod\u00eda unirse, lo que introdujo la posibilidad de escrituras no autorizadas en el sistema de archivos. Corregido en Vagrant 2.4.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vagrant:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.0", + "matchCriteriaId": "3ADD2BC9-1919-4EB9-B23C-783DE3BD08F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568", - "source": "security@hashicorp.com" + "source": "security@hashicorp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6097.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6097.json new file mode 100644 index 00000000000..a9fbf211a0d --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6097.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6097", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-11-13T13:15:08.007", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-manager", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6098.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6098.json new file mode 100644 index 00000000000..46d3d36eb35 --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6098.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6098", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-11-13T13:15:08.237", + "lastModified": "2023-11-13T14:12:08.260", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-manager", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index cfffa66d491..e1b77351c79 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-13T13:00:19.353129+00:00 +2023-11-13T15:00:18.461274+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-13T12:15:08.177000+00:00 +2023-11-13T14:50:14.593000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -230425 +230427 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -* [CVE-2023-6104](CVE-2023/CVE-2023-61xx/CVE-2023-6104.json) (`2023-11-13T12:15:08.177`) +* [CVE-2023-6097](CVE-2023/CVE-2023-60xx/CVE-2023-6097.json) (`2023-11-13T13:15:08.007`) +* [CVE-2023-6098](CVE-2023/CVE-2023-60xx/CVE-2023-6098.json) (`2023-11-13T13:15:08.237`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `25` -* [CVE-2021-39236](CVE-2021/CVE-2021-392xx/CVE-2021-39236.json) (`2023-11-13T12:15:07.537`) -* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-11-13T12:15:07.893`) -* [CVE-2023-5157](CVE-2023/CVE-2023-51xx/CVE-2023-5157.json) (`2023-11-13T12:15:08.057`) +* [CVE-2020-10225](CVE-2020/CVE-2020-102xx/CVE-2020-10225.json) (`2023-11-13T14:45:01.140`) +* [CVE-2020-10224](CVE-2020/CVE-2020-102xx/CVE-2020-10224.json) (`2023-11-13T14:48:29.607`) +* [CVE-2021-39232](CVE-2021/CVE-2021-392xx/CVE-2021-39232.json) (`2023-11-13T13:15:07.577`) +* [CVE-2021-39235](CVE-2021/CVE-2021-392xx/CVE-2021-39235.json) (`2023-11-13T13:15:07.703`) +* [CVE-2022-4393](CVE-2022/CVE-2022-43xx/CVE-2022-4393.json) (`2023-11-13T14:11:26.470`) +* [CVE-2023-46634](CVE-2023/CVE-2023-466xx/CVE-2023-46634.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-47516](CVE-2023/CVE-2023-475xx/CVE-2023-47516.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-47652](CVE-2023/CVE-2023-476xx/CVE-2023-47652.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-46201](CVE-2023/CVE-2023-462xx/CVE-2023-46201.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-4775](CVE-2023/CVE-2023-47xx/CVE-2023-4775.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-5741](CVE-2023/CVE-2023-57xx/CVE-2023-5741.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-5747](CVE-2023/CVE-2023-57xx/CVE-2023-5747.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-47801](CVE-2023/CVE-2023-478xx/CVE-2023-47801.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-40335](CVE-2023/CVE-2023-403xx/CVE-2023-40335.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-46092](CVE-2023/CVE-2023-460xx/CVE-2023-46092.json) (`2023-11-13T14:12:08.260`) +* [CVE-2023-5814](CVE-2023/CVE-2023-58xx/CVE-2023-5814.json) (`2023-11-13T14:15:05.840`) +* [CVE-2023-5813](CVE-2023/CVE-2023-58xx/CVE-2023-5813.json) (`2023-11-13T14:15:08.297`) +* [CVE-2023-31016](CVE-2023/CVE-2023-310xx/CVE-2023-31016.json) (`2023-11-13T14:22:41.677`) +* [CVE-2023-46490](CVE-2023/CVE-2023-464xx/CVE-2023-46490.json) (`2023-11-13T14:30:41.820`) +* [CVE-2023-5834](CVE-2023/CVE-2023-58xx/CVE-2023-5834.json) (`2023-11-13T14:34:59.287`) +* [CVE-2023-5199](CVE-2023/CVE-2023-51xx/CVE-2023-5199.json) (`2023-11-13T14:45:56.803`) +* [CVE-2023-38965](CVE-2023/CVE-2023-389xx/CVE-2023-38965.json) (`2023-11-13T14:46:29.883`) +* [CVE-2023-5362](CVE-2023/CVE-2023-53xx/CVE-2023-5362.json) (`2023-11-13T14:47:34.907`) +* [CVE-2023-5583](CVE-2023/CVE-2023-55xx/CVE-2023-5583.json) (`2023-11-13T14:48:58.723`) +* [CVE-2023-5666](CVE-2023/CVE-2023-56xx/CVE-2023-5666.json) (`2023-11-13T14:50:14.593`) ## Download and Usage