admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-18T23:00:24.923773+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-18 23:00:28 +00:00
parent 6897a94367
commit 8616bad1ae
18 changed files with 959 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-224xx/CVE-2023-22439.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22439",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:07.807",
"lastModified": "2023-12-18T22:15:07.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u00a0optional\u00a0diagnostic web interface (Port 80)\u00a0can be used to perform a Denial of Service of the diagnostic web interface.\n\nThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23570.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23570",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.020",
"lastModified": "2023-12-18T22:15:08.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-602"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23576.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23576",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.210",
"lastModified": "2023-12-18T22:15:08.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-696"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23584.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23584",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.407",
"lastModified": "2023-12-18T22:15:08.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \n\nThis issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2023/CVE-2023-245xx/CVE-2023-24590.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24590",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.577",
"lastModified": "2023-12-18T22:15:08.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service.\n\nThis issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-24590",
"source": "disclosures@gallagher.com"
}
]
}

59
CVE-2023/CVE-2023-406xx/CVE-2023-40691.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40691",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-18T21:15:08.087",
"lastModified": "2023-12-18T21:15:08.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264805",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7096365",
"source": "psirt@us.ibm.com"
}
]
}

55
CVE-2023/CVE-2023-419xx/CVE-2023-41967.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41967",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.770",
"lastModified": "2023-12-18T22:15:08.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. \n\nThis issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1272"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-41967",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2023/CVE-2023-466xx/CVE-2023-46686.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46686",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:08.967",
"lastModified": "2023-12-18T22:15:08.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-807"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48768.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.143",
"lastModified": "2023-12-18T22:15:09.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wc-quantity-plus-minus-button/wordpress-quantity-plus-minus-button-for-woocommerce-by-codeastrology-plugin-1-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48769.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48769",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.337",
"lastModified": "2023-12-18T22:15:09.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/chat-bubble/wordpress-chat-bubble-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48772.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.570",
"lastModified": "2023-12-18T22:15:09.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.This issue affects Prevent Landscape Rotation: from n/a through 2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/prevent-landscape-rotation/wordpress-prevent-landscape-rotation-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48773.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.757",
"lastModified": "2023-12-18T22:15:09.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-login-redirect/wordpress-woo-login-redirect-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48778.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48778",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:09.960",
"lastModified": "2023-12-18T22:15:09.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-size-chart-for-woo/wordpress-product-size-chart-for-woocommerce-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48781.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48781",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:10.150",
"lastModified": "2023-12-18T22:15:10.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wc-ciudades-y-regiones-de-chile/wordpress-mkrapel-regiones-y-ciudades-de-chile-para-wc-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

54
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48795",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T16:15:10.897",
"lastModified": "2023-12-18T19:15:08.623",
"lastModified": "2023-12-18T21:15:08.400",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,22 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3",
"source": "cve@mitre.org"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795",
"source": "cve@mitre.org"
},
{
"url": "https://bugs.gentoo.org/920280",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"source": "cve@mitre.org"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"source": "cve@mitre.org"
@ -24,10 +40,22 @@
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"source": "cve@mitre.org"
@ -40,6 +68,10 @@
"url": "https://github.com/mwiede/jsch/issues/457",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mwiede/jsch/pull/461",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master",
"source": "cve@mitre.org"
@ -88,6 +120,18 @@
"url": "https://news.ycombinator.com/item?id=38685286",
"source": "cve@mitre.org"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795",
"source": "cve@mitre.org"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2",
"source": "cve@mitre.org"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"source": "cve@mitre.org"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"source": "cve@mitre.org"
@ -96,6 +140,10 @@
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005",
"source": "cve@mitre.org"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795",
"source": "cve@mitre.org"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history",
"source": "cve@mitre.org"
@ -120,6 +168,10 @@
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"source": "cve@mitre.org"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"source": "cve@mitre.org"
},
{
"url": "https://www.terrapin-attack.com",
"source": "cve@mitre.org"

55
CVE-2023/CVE-2023-491xx/CVE-2023-49148.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49148",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T22:15:10.347",
"lastModified": "2023-12-18T22:15:10.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster \u2013 Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster \u2013 Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-63xx/CVE-2023-6355.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6355",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-12-18T22:15:10.540",
"lastModified": "2023-12-18T22:15:10.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIncorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. \n\nThis issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)),\u00a08.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1253"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-6355",
"source": "disclosures@gallagher.com"
}
]
}

69
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-18T21:00:25.275519+00:00
2023-12-18T23:00:24.923773+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-18T20:36:34.027000+00:00
2023-12-18T22:15:10.540000+00:00
```
### Last Data Feed Release
@ -29,61 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233640
233656
```
### CVEs added in the last Commit
Recently added CVEs: `17`
Recently added CVEs: `16`
* [CVE-2023-51384](CVE-2023/CVE-2023-513xx/CVE-2023-51384.json) (`2023-12-18T19:15:08.720`)
* [CVE-2023-51385](CVE-2023/CVE-2023-513xx/CVE-2023-51385.json) (`2023-12-18T19:15:08.773`)
* [CVE-2023-47741](CVE-2023/CVE-2023-477xx/CVE-2023-47741.json) (`2023-12-18T20:15:08.213`)
* [CVE-2023-4311](CVE-2023/CVE-2023-43xx/CVE-2023-4311.json) (`2023-12-18T20:15:08.397`)
* [CVE-2023-4724](CVE-2023/CVE-2023-47xx/CVE-2023-4724.json) (`2023-12-18T20:15:08.453`)
* [CVE-2023-5005](CVE-2023/CVE-2023-50xx/CVE-2023-5005.json) (`2023-12-18T20:15:08.500`)
* [CVE-2023-5348](CVE-2023/CVE-2023-53xx/CVE-2023-5348.json) (`2023-12-18T20:15:08.553`)
* [CVE-2023-5882](CVE-2023/CVE-2023-58xx/CVE-2023-5882.json) (`2023-12-18T20:15:08.603`)
* [CVE-2023-5886](CVE-2023/CVE-2023-58xx/CVE-2023-5886.json) (`2023-12-18T20:15:08.653`)
* [CVE-2023-5949](CVE-2023/CVE-2023-59xx/CVE-2023-5949.json) (`2023-12-18T20:15:08.703`)
* [CVE-2023-6065](CVE-2023/CVE-2023-60xx/CVE-2023-6065.json) (`2023-12-18T20:15:08.750`)
* [CVE-2023-6077](CVE-2023/CVE-2023-60xx/CVE-2023-6077.json) (`2023-12-18T20:15:08.797`)
* [CVE-2023-6203](CVE-2023/CVE-2023-62xx/CVE-2023-6203.json) (`2023-12-18T20:15:08.847`)
* [CVE-2023-6222](CVE-2023/CVE-2023-62xx/CVE-2023-6222.json) (`2023-12-18T20:15:08.893`)
* [CVE-2023-6272](CVE-2023/CVE-2023-62xx/CVE-2023-6272.json) (`2023-12-18T20:15:08.940`)
* [CVE-2023-6289](CVE-2023/CVE-2023-62xx/CVE-2023-6289.json) (`2023-12-18T20:15:08.983`)
* [CVE-2023-6295](CVE-2023/CVE-2023-62xx/CVE-2023-6295.json) (`2023-12-18T20:15:09.027`)
* [CVE-2023-40691](CVE-2023/CVE-2023-406xx/CVE-2023-40691.json) (`2023-12-18T21:15:08.087`)
* [CVE-2023-22439](CVE-2023/CVE-2023-224xx/CVE-2023-22439.json) (`2023-12-18T22:15:07.807`)
* [CVE-2023-23570](CVE-2023/CVE-2023-235xx/CVE-2023-23570.json) (`2023-12-18T22:15:08.020`)
* [CVE-2023-23576](CVE-2023/CVE-2023-235xx/CVE-2023-23576.json) (`2023-12-18T22:15:08.210`)
* [CVE-2023-23584](CVE-2023/CVE-2023-235xx/CVE-2023-23584.json) (`2023-12-18T22:15:08.407`)
* [CVE-2023-24590](CVE-2023/CVE-2023-245xx/CVE-2023-24590.json) (`2023-12-18T22:15:08.577`)
* [CVE-2023-41967](CVE-2023/CVE-2023-419xx/CVE-2023-41967.json) (`2023-12-18T22:15:08.770`)
* [CVE-2023-46686](CVE-2023/CVE-2023-466xx/CVE-2023-46686.json) (`2023-12-18T22:15:08.967`)
* [CVE-2023-48768](CVE-2023/CVE-2023-487xx/CVE-2023-48768.json) (`2023-12-18T22:15:09.143`)
* [CVE-2023-48769](CVE-2023/CVE-2023-487xx/CVE-2023-48769.json) (`2023-12-18T22:15:09.337`)
* [CVE-2023-48772](CVE-2023/CVE-2023-487xx/CVE-2023-48772.json) (`2023-12-18T22:15:09.570`)
* [CVE-2023-48773](CVE-2023/CVE-2023-487xx/CVE-2023-48773.json) (`2023-12-18T22:15:09.757`)
* [CVE-2023-48778](CVE-2023/CVE-2023-487xx/CVE-2023-48778.json) (`2023-12-18T22:15:09.960`)
* [CVE-2023-48781](CVE-2023/CVE-2023-487xx/CVE-2023-48781.json) (`2023-12-18T22:15:10.150`)
* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2023-12-18T22:15:10.347`)
* [CVE-2023-6355](CVE-2023/CVE-2023-63xx/CVE-2023-6355.json) (`2023-12-18T22:15:10.540`)
### CVEs modified in the last Commit
Recently modified CVEs: `176`
Recently modified CVEs: `1`
* [CVE-2023-48532](CVE-2023/CVE-2023-485xx/CVE-2023-48532.json) (`2023-12-18T20:29:39.520`)
* [CVE-2023-48533](CVE-2023/CVE-2023-485xx/CVE-2023-48533.json) (`2023-12-18T20:30:31.487`)
* [CVE-2023-48552](CVE-2023/CVE-2023-485xx/CVE-2023-48552.json) (`2023-12-18T20:31:52.600`)
* [CVE-2023-48553](CVE-2023/CVE-2023-485xx/CVE-2023-48553.json) (`2023-12-18T20:31:59.470`)
* [CVE-2023-48554](CVE-2023/CVE-2023-485xx/CVE-2023-48554.json) (`2023-12-18T20:32:08.223`)
* [CVE-2023-48555](CVE-2023/CVE-2023-485xx/CVE-2023-48555.json) (`2023-12-18T20:32:16.557`)
* [CVE-2023-48556](CVE-2023/CVE-2023-485xx/CVE-2023-48556.json) (`2023-12-18T20:32:24.067`)
* [CVE-2023-48551](CVE-2023/CVE-2023-485xx/CVE-2023-48551.json) (`2023-12-18T20:34:05.903`)
* [CVE-2023-48550](CVE-2023/CVE-2023-485xx/CVE-2023-48550.json) (`2023-12-18T20:34:16.303`)
* [CVE-2023-48549](CVE-2023/CVE-2023-485xx/CVE-2023-48549.json) (`2023-12-18T20:34:23.420`)
* [CVE-2023-48548](CVE-2023/CVE-2023-485xx/CVE-2023-48548.json) (`2023-12-18T20:34:32.257`)
* [CVE-2023-48547](CVE-2023/CVE-2023-485xx/CVE-2023-48547.json) (`2023-12-18T20:34:38.533`)
* [CVE-2023-48546](CVE-2023/CVE-2023-485xx/CVE-2023-48546.json) (`2023-12-18T20:34:48.300`)
* [CVE-2023-48545](CVE-2023/CVE-2023-485xx/CVE-2023-48545.json) (`2023-12-18T20:34:54.843`)
* [CVE-2023-48544](CVE-2023/CVE-2023-485xx/CVE-2023-48544.json) (`2023-12-18T20:35:08.170`)
* [CVE-2023-48543](CVE-2023/CVE-2023-485xx/CVE-2023-48543.json) (`2023-12-18T20:35:22.643`)
* [CVE-2023-48542](CVE-2023/CVE-2023-485xx/CVE-2023-48542.json) (`2023-12-18T20:35:30.380`)
* [CVE-2023-48540](CVE-2023/CVE-2023-485xx/CVE-2023-48540.json) (`2023-12-18T20:35:36.597`)
* [CVE-2023-48541](CVE-2023/CVE-2023-485xx/CVE-2023-48541.json) (`2023-12-18T20:35:43.487`)
* [CVE-2023-48539](CVE-2023/CVE-2023-485xx/CVE-2023-48539.json) (`2023-12-18T20:35:58.943`)
* [CVE-2023-48538](CVE-2023/CVE-2023-485xx/CVE-2023-48538.json) (`2023-12-18T20:36:06.677`)
* [CVE-2023-48537](CVE-2023/CVE-2023-485xx/CVE-2023-48537.json) (`2023-12-18T20:36:13.320`)
* [CVE-2023-48536](CVE-2023/CVE-2023-485xx/CVE-2023-48536.json) (`2023-12-18T20:36:19.380`)
* [CVE-2023-48535](CVE-2023/CVE-2023-485xx/CVE-2023-48535.json) (`2023-12-18T20:36:25.687`)
* [CVE-2023-48534](CVE-2023/CVE-2023-485xx/CVE-2023-48534.json) (`2023-12-18T20:36:34.027`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-18T21:15:08.400`)
## Download and Usage