admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-13T21:00:17.811772+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-13 21:00:21 +00:00
parent 067a1bd763
commit 8666073602
74 changed files with 3612 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2023/CVE-2023-366xx/CVE-2023-36646.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36646",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T00:15:28.757",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:38:27.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La verificaci\u00f3n incorrecta de roles de usuario en m\u00faltiples endpoints de API REST en ProLion CryptoSpike 3.0.15P2 permite a un atacante remoto con privilegios bajos ejecutar funciones privilegiadas y lograr una escalada de privilegios a trav\u00e9s de la invocaci\u00f3n del endpoint de API REST."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36646",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-366xx/CVE-2023-36652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.270",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:42:54.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una inyecci\u00f3n SQL en los usuarios que buscan el endpoint de la API REST en ProLion CryptoSpike 3.0.15P2 permite a atacantes remotos autenticados leer datos de la base de datos mediante comandos SQL inyectados en el par\u00e1metro de b\u00fasqueda."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36652",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-366xx/CVE-2023-36654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36654",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.313",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:51:12.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Directory traversal en el endpoint de la API REST de descarga de registros en ProLion CryptoSpike 3.0.15P2 permite a atacantes remotos autenticados descargar claves privadas SSH del servidor host (asociadas con un usuario ra\u00edz de Linux) inyectando rutas dentro de los par\u00e1metros del endpoint de la API REST."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36654",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

104
CVE-2023/CVE-2023-404xx/CVE-2023-40446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40446",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:10.360",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:56:06.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,111 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1. El procesamiento de entradas creadas con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en aplicaciones instaladas por el usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.2",
"matchCriteriaId": "3DFB829A-82EA-40BB-81F9-AD4F69F24ABA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.1",
"matchCriteriaId": "387C5D63-833F-4407-A402-501DEF4E15AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.2",
"matchCriteriaId": "5EB9EAAE-441A-4844-BCB2-1716FD9ACE85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.1",
"matchCriteriaId": "F53A32D0-DB67-40D7-B14E-3963E696A77E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.7.1",
"matchCriteriaId": "7C0B29FA-3C4E-4F6E-A39E-D7B46CD5A614"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-428xx/CVE-2023-42897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42897",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.637",
"lastModified": "2023-12-13T01:15:08.600",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T20:57:23.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,83 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.2 y iPadOS 17.2. Un atacante con acceso f\u00edsico puede utilizar Siri para acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42901.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42901",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.837",
"lastModified": "2023-12-13T01:15:08.823",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:52:31.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42902.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42902",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.903",
"lastModified": "2023-12-13T01:15:08.870",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:52:46.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42903.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42903",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.950",
"lastModified": "2023-12-13T01:15:08.920",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:53:01.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42904.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42904",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.000",
"lastModified": "2023-12-13T01:15:08.963",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:51:18.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42905.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42905",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.050",
"lastModified": "2023-12-13T01:15:09.013",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:51:31.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42906",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.093",
"lastModified": "2023-12-13T01:15:09.060",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:51:46.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42907",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.140",
"lastModified": "2023-12-13T01:15:09.107",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:25:43.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42908",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.183",
"lastModified": "2023-12-13T01:15:09.160",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:26:43.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42909",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.223",
"lastModified": "2023-12-13T01:15:09.220",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:26:57.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42910",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.263",
"lastModified": "2023-12-13T01:15:09.270",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:14:00.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42911",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.313",
"lastModified": "2023-12-13T01:15:09.320",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:12:48.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-429xx/CVE-2023-42912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42912",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.367",
"lastModified": "2023-12-13T01:15:09.380",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:20:21.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-438xx/CVE-2023-43813.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-43813",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T19:15:07.587",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-456xx/CVE-2023-45670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45670",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.543",
"lastModified": "2023-11-08T19:17:43.383",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T20:15:49.010",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -134,6 +134,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-456xx/CVE-2023-45671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45671",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.620",
"lastModified": "2023-11-08T19:08:21.957",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T20:15:49.170",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -106,6 +106,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-456xx/CVE-2023-45672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45672",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.697",
"lastModified": "2023-11-08T18:46:22.220",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T20:15:49.260",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -127,6 +127,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-462xx/CVE-2023-46247.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-46247",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T20:15:49.360",
"lastModified": "2023-12-13T20:15:49.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-193"
},
{
"lang": "en",
"value": "CWE-682"
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-467xx/CVE-2023-46726.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-46726",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T19:15:07.830",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-467xx/CVE-2023-46727.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-46727",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T19:15:08.047",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-492xx/CVE-2023-49296.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49296",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T20:15:49.587",
"lastModified": "2023-12-13T20:15:49.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/arduino/arduino-create-agent/commit/9a0e582bb8a1ff8e70d202943ddef8625ccefcc8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-j5hc-wx84-844h",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-493xx/CVE-2023-49363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T18:15:43.660",
"lastModified": "2023-12-13T18:15:43.660",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

80
CVE-2023/CVE-2023-494xx/CVE-2023-49417.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-49417",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T14:15:31.740",
"lastModified": "2023-12-11T14:15:42.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:23:25.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg."
},
{
"lang": "es",
"value": "TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s de setOpModeCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BB152D-5E33-4158-BFFD-68AED6A174E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "603DA206-05D4-48FD-A506-F3BD8B4383B2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setOpModeCfg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-494xx/CVE-2023-49418.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-49418",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T14:15:31.800",
"lastModified": "2023-12-11T14:15:42.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:26:37.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules."
},
{
"lang": "es",
"value": "TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s de setIpPortFilterRules."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BB152D-5E33-4158-BFFD-68AED6A174E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "603DA206-05D4-48FD-A506-F3BD8B4383B2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setIpPortFilterRules",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-504xx/CVE-2023-50430.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-50430",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-09T22:15:07.233",
"lastModified": "2023-12-10T11:50:56.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T19:10:39.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint."
},
{
"lang": "es",
"value": "Goodix Fingerprint Device, tal como se env\u00eda en las computadoras Dell Inspiron 15, no sigue Secure Device Connection Protocol (SDCP) al registrarse a trav\u00e9s de Linux y acepta un paquete de configuraci\u00f3n no autenticado para seleccionar la base de datos de plantilla de Windows, lo que permite omitir la autenticaci\u00f3n de Windows Hello mediante registrar la huella digital de un atacante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:goodix:fingerprint_sensor_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFE9AF9-6028-475C-9C1C-93C89183E6A4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:goodix:fingerprint_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "066BD958-54E4-4548-A874-515C05B0FAFC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-504xx/CVE-2023-50441.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50441",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T20:15:49.790",
"lastModified": "2023-12-13T20:15:49.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened."
}
],
"metrics": {},
"references": [
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/",
"source": "cve@mitre.org"
},
{
"url": "https://www.primx.eu/fr/blog/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-504xx/CVE-2023-50444.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50444",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T20:15:49.840",
"lastModified": "2023-12-13T20:15:49.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
}
],
"metrics": {},
"references": [
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/",
"source": "cve@mitre.org"
},
{
"url": "https://www.primx.eu/fr/blog/",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-504xx/CVE-2023-50446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50446",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T17:15:07.070",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T19:46:58.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "Se descubri\u00f3 un problema en la aplicaci\u00f3n Mullvad VPN para Windows antes de 2023.6-beta1. Los permisos insuficientes en un directorio permiten que cualquier usuario local sin privilegios escale privilegios al SYSTEM."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mullvad:mullvad_vpn:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "2023.5",
"matchCriteriaId": "FE432DB4-AEAB-435D-88D2-09633CA56BB5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mullvad/mullvadvpn-app/pull/5398",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6-beta1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

74
CVE-2023/CVE-2023-504xx/CVE-2023-50463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50463",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T23:15:07.247",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:33:08.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "El middleware caddy-geo-ip (tambi\u00e9n conocido como GeoIP) hasta la versi\u00f3n 0.6.0 para Caddy 2, cuando se utiliza trust_header X-Forwarded-For, permite a los atacantes falsificar su direcci\u00f3n IP de origen a trav\u00e9s de un encabezado X-Forwarded-For, que puede eludir un mecanismo de protecci\u00f3n (directiva Trusted_proxy en Reverse_Proxy o restricciones de rango de direcciones IP)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.6.0",
"matchCriteriaId": "E7FEAAE7-1B58-403B-A74C-3E7C3A1229E6"
}
]
}
]
}
],
"references": [
{
"url": "https://caddyserver.com/v2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/shift72/caddy-geo-ip/issues/4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/shift72/caddy-geo-ip/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

73
CVE-2023/CVE-2023-504xx/CVE-2023-50465.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50465",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T01:15:07.013",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:56:40.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,80 @@
"value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Monica (tambi\u00e9n conocida como MonicaHQ) 4.0.0 a trav\u00e9s de un documento SVG subido por un usuario autenticado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monicahq:monica:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7901C42-2C7A-4D97-946E-222CB01CB1AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Crypt0Cr33py/monicahqvuln",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/monicahq/monica/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.monicahq.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-507xx/CVE-2023-50764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50764",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.737",
"lastModified": "2023-12-13T18:15:43.737",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50765",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.797",
"lastModified": "2023-12-13T18:15:43.797",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50766",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.840",
"lastModified": "2023-12-13T18:15:43.840",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50767",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.890",
"lastModified": "2023-12-13T18:15:43.890",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50768",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.943",
"lastModified": "2023-12-13T18:15:43.943",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50769",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:43.990",
"lastModified": "2023-12-13T18:15:43.990",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50770",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.040",
"lastModified": "2023-12-13T18:15:44.040",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50771",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.090",
"lastModified": "2023-12-13T18:15:44.090",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50772",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.137",
"lastModified": "2023-12-13T18:15:44.137",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50773",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.183",
"lastModified": "2023-12-13T18:15:44.183",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50774",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.233",
"lastModified": "2023-12-13T18:15:44.233",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50775.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50775",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.280",
"lastModified": "2023-12-13T18:15:44.280",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50776",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.330",
"lastModified": "2023-12-13T18:15:44.330",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50777",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.377",
"lastModified": "2023-12-13T18:15:44.377",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50778.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50778",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.420",
"lastModified": "2023-12-13T18:15:44.420",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-507xx/CVE-2023-50779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50779",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-12-13T18:15:44.467",
"lastModified": "2023-12-13T18:15:44.467",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-57xx/CVE-2023-5749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5749",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-11T20:15:07.093",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T20:28:26.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento EmbedPress de WordPress anterior a 3.9.2 no sanitiza ni escapa a la entrada del usuario antes de devolverla a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejada que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.2",
"matchCriteriaId": "A1E4A2B6-DDCB-4719-BAF6-580203399DA0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3931daac-3899-4169-8625-4c95fd2adafc",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-57xx/CVE-2023-5750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5750",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-11T20:15:07.160",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T20:28:36.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento EmbedPress de WordPress anterior a 3.9.2 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina que contiene un contenido espec\u00edfico, lo que genera un Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.2",
"matchCriteriaId": "A1E4A2B6-DDCB-4719-BAF6-580203399DA0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/cf323f72-8374-40fe-9e2e-810e46de1ec8",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-57xx/CVE-2023-5757.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5757",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-11T20:15:07.213",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T20:29:04.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento WP Crowdfunding de WordPress anterior a 2.1.8 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeum:wp_crowdfunding:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.8",
"matchCriteriaId": "3AB02294-6F29-4247-AE09-5380B27AA40E"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2adc5995-03a9-4860-b00b-7f8d7fe18058",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

362
CVE-2023/CVE-2023-58xx/CVE-2023-5868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5868",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.163",
"lastModified": "2023-12-13T10:15:10.390",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T19:56:50.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,74 +80,368 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.22",
"matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.17",
"matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.13",
"matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.10",
"matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5",
"matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7545",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7579",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7580",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7581",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7616",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7656",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7666",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7667",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7694",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7695",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7714",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7770",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7772",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5868",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-59xx/CVE-2023-5907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5907",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-11T20:15:07.263",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-13T19:55:59.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento File Manager de WordPress anterior a 6.3 no restringe el directorio ra\u00edz de los administradores de archivos, lo que permite a un administrador establecer una ra\u00edz fuera del directorio ra\u00edz de WordPress, brindando acceso a archivos y directorios del sistema incluso en una configuraci\u00f3n de m\u00faltiples sitios, donde los administradores de sitios no deber\u00edan tener permiso para modificar los archivos del sitio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitapps:file_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.3",
"matchCriteriaId": "B1E4A18B-D18F-4E74-ABA1-2826212A7AD0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-65xx/CVE-2023-6507.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6507",
"sourceIdentifier": "cna@python.org",
"published": "2023-12-08T19:15:08.440",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:17:39.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.\n\nWhen using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.\n\nThis issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en el m\u00f3dulo `subproceso` de CPython 3.12.0 en plataformas POSIX. El problema se solucion\u00f3 en CPython 3.12.1 y no afecta a otras versiones estables. Cuando se utiliza el par\u00e1metro `extra_groups=` con una lista vac\u00eda como valor (es decir, `extra_groups=[]`), la l\u00f3gica retrocede para no llamar a `setgroups(0, NULL)` antes de llamar a `exec()`, por lo que no se descarta el grupos de procesos originales antes de iniciar el nuevo proceso. No hay ning\u00fan problema cuando no se usa el par\u00e1metro o cuando se usa cualquier valor adem\u00e1s de una lista vac\u00eda. Este problema solo afecta los procesos de CPython que se ejecutan con privilegios suficientes para realizar la llamada al sistema \"setgroups\" (normalmente \"root\")."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "cna@python.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@python.org",
"type": "Secondary",
@ -46,18 +80,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:3.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5C76EDC2-43FF-448B-B65C-20AC83D680FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:3.13.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "978582FF-B8F3-479F-AE77-359E9AEE6F23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:3.13.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "84E3F62C-7218-4DC3-8473-8A576739643A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/python/cpython/issues/112334",
"source": "cna@python.org"
"source": "cna@python.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/python/cpython/pull/112617",
"source": "cna@python.org"
"source": "cna@python.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/",
"source": "cna@python.org"
"source": "cna@python.org",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-66xx/CVE-2023-6657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6657",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T21:15:07.343",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:30:26.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/student_form.php_SQL_injection.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247365",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247365",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-66xx/CVE-2023-6658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6658",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T23:15:07.313",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:34:08.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/ajax-api.php_SQL-injection.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247366",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247366",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-66xx/CVE-2023-6671.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6671",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-11T14:15:32.150",
"lastModified": "2023-12-11T14:15:42.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T20:26:53.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en OJS que consiste en un ataque CSRF (Cross-Site Request Forgery) que obliga a un usuario final a ejecutar acciones no deseadas en una aplicaci\u00f3n web en la que se encuentra actualmente autenticado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openjournalsystems:open_journal_systems:3.3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0E73FB6F-1DC0-4AA8-A922-FDC519D637DF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-open-journal-systems",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-67xx/CVE-2023-6765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6765",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T18:15:44.627",
"lastModified": "2023-12-13T18:15:44.627",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6766",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T18:15:44.870",
"lastModified": "2023-12-13T18:15:44.870",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6767",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T18:15:45.107",
"lastModified": "2023-12-13T18:15:45.107",
"vulnStatus": "Received",
"lastModified": "2023-12-13T19:01:57.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2023/CVE-2023-67xx/CVE-2023-6771.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6771",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T19:15:08.257",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247907",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247907",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6772.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6772",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T19:15:08.513",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Num-Nine/CVE/issues/8",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247908",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247908",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6773.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6773",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T20:15:49.890",
"lastModified": "2023-12-13T20:15:49.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247909",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247909",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6774.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6774",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T20:15:50.140",
"lastModified": "2023-12-13T20:15:50.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1wnrdIuBhZh5ia9Q61b_V_72eIaHsX-B1?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247910",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247910",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2023/CVE-2023-67xx/CVE-2023-6789.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6789",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:08.777",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6789",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2023/CVE-2023-67xx/CVE-2023-6790.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6790",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.030",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator\u2019s browser when they view a specifically crafted link to the PAN-OS web interface."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6790",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2023/CVE-2023-67xx/CVE-2023-6791.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6791",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.337",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-701"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6791",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2023/CVE-2023-67xx/CVE-2023-6792.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6792",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.640",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6792",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2023/CVE-2023-67xx/CVE-2023-6793.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6793",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:09.937",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6793",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2023/CVE-2023-67xx/CVE-2023-6794.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6794",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:10.240",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6794",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2023/CVE-2023-67xx/CVE-2023-6795.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6795",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-13T19:15:10.537",
"lastModified": "2023-12-13T19:54:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6795",
"source": "psirt@paloaltonetworks.com"
}
]
}

98
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-13T19:01:02.419291+00:00
2023-12-13T21:00:17.811772+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-13T18:47:41.807000+00:00
2023-12-13T20:57:23.147000+00:00
```
### Last Data Feed Release
@ -29,64 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233034
233052
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `18`
* [CVE-2023-49363](CVE-2023/CVE-2023-493xx/CVE-2023-49363.json) (`2023-12-13T18:15:43.660`)
* [CVE-2023-50764](CVE-2023/CVE-2023-507xx/CVE-2023-50764.json) (`2023-12-13T18:15:43.737`)
* [CVE-2023-50765](CVE-2023/CVE-2023-507xx/CVE-2023-50765.json) (`2023-12-13T18:15:43.797`)
* [CVE-2023-50766](CVE-2023/CVE-2023-507xx/CVE-2023-50766.json) (`2023-12-13T18:15:43.840`)
* [CVE-2023-50767](CVE-2023/CVE-2023-507xx/CVE-2023-50767.json) (`2023-12-13T18:15:43.890`)
* [CVE-2023-50768](CVE-2023/CVE-2023-507xx/CVE-2023-50768.json) (`2023-12-13T18:15:43.943`)
* [CVE-2023-50769](CVE-2023/CVE-2023-507xx/CVE-2023-50769.json) (`2023-12-13T18:15:43.990`)
* [CVE-2023-50770](CVE-2023/CVE-2023-507xx/CVE-2023-50770.json) (`2023-12-13T18:15:44.040`)
* [CVE-2023-50771](CVE-2023/CVE-2023-507xx/CVE-2023-50771.json) (`2023-12-13T18:15:44.090`)
* [CVE-2023-50772](CVE-2023/CVE-2023-507xx/CVE-2023-50772.json) (`2023-12-13T18:15:44.137`)
* [CVE-2023-50773](CVE-2023/CVE-2023-507xx/CVE-2023-50773.json) (`2023-12-13T18:15:44.183`)
* [CVE-2023-50774](CVE-2023/CVE-2023-507xx/CVE-2023-50774.json) (`2023-12-13T18:15:44.233`)
* [CVE-2023-50775](CVE-2023/CVE-2023-507xx/CVE-2023-50775.json) (`2023-12-13T18:15:44.280`)
* [CVE-2023-50776](CVE-2023/CVE-2023-507xx/CVE-2023-50776.json) (`2023-12-13T18:15:44.330`)
* [CVE-2023-50777](CVE-2023/CVE-2023-507xx/CVE-2023-50777.json) (`2023-12-13T18:15:44.377`)
* [CVE-2023-50778](CVE-2023/CVE-2023-507xx/CVE-2023-50778.json) (`2023-12-13T18:15:44.420`)
* [CVE-2023-50779](CVE-2023/CVE-2023-507xx/CVE-2023-50779.json) (`2023-12-13T18:15:44.467`)
* [CVE-2023-6765](CVE-2023/CVE-2023-67xx/CVE-2023-6765.json) (`2023-12-13T18:15:44.627`)
* [CVE-2023-6766](CVE-2023/CVE-2023-67xx/CVE-2023-6766.json) (`2023-12-13T18:15:44.870`)
* [CVE-2023-6767](CVE-2023/CVE-2023-67xx/CVE-2023-6767.json) (`2023-12-13T18:15:45.107`)
* [CVE-2023-43813](CVE-2023/CVE-2023-438xx/CVE-2023-43813.json) (`2023-12-13T19:15:07.587`)
* [CVE-2023-46726](CVE-2023/CVE-2023-467xx/CVE-2023-46726.json) (`2023-12-13T19:15:07.830`)
* [CVE-2023-46727](CVE-2023/CVE-2023-467xx/CVE-2023-46727.json) (`2023-12-13T19:15:08.047`)
* [CVE-2023-6771](CVE-2023/CVE-2023-67xx/CVE-2023-6771.json) (`2023-12-13T19:15:08.257`)
* [CVE-2023-6772](CVE-2023/CVE-2023-67xx/CVE-2023-6772.json) (`2023-12-13T19:15:08.513`)
* [CVE-2023-6789](CVE-2023/CVE-2023-67xx/CVE-2023-6789.json) (`2023-12-13T19:15:08.777`)
* [CVE-2023-6790](CVE-2023/CVE-2023-67xx/CVE-2023-6790.json) (`2023-12-13T19:15:09.030`)
* [CVE-2023-6791](CVE-2023/CVE-2023-67xx/CVE-2023-6791.json) (`2023-12-13T19:15:09.337`)
* [CVE-2023-6792](CVE-2023/CVE-2023-67xx/CVE-2023-6792.json) (`2023-12-13T19:15:09.640`)
* [CVE-2023-6793](CVE-2023/CVE-2023-67xx/CVE-2023-6793.json) (`2023-12-13T19:15:09.937`)
* [CVE-2023-6794](CVE-2023/CVE-2023-67xx/CVE-2023-6794.json) (`2023-12-13T19:15:10.240`)
* [CVE-2023-6795](CVE-2023/CVE-2023-67xx/CVE-2023-6795.json) (`2023-12-13T19:15:10.537`)
* [CVE-2023-46247](CVE-2023/CVE-2023-462xx/CVE-2023-46247.json) (`2023-12-13T20:15:49.360`)
* [CVE-2023-49296](CVE-2023/CVE-2023-492xx/CVE-2023-49296.json) (`2023-12-13T20:15:49.587`)
* [CVE-2023-50441](CVE-2023/CVE-2023-504xx/CVE-2023-50441.json) (`2023-12-13T20:15:49.790`)
* [CVE-2023-50444](CVE-2023/CVE-2023-504xx/CVE-2023-50444.json) (`2023-12-13T20:15:49.840`)
* [CVE-2023-6773](CVE-2023/CVE-2023-67xx/CVE-2023-6773.json) (`2023-12-13T20:15:49.890`)
* [CVE-2023-6774](CVE-2023/CVE-2023-67xx/CVE-2023-6774.json) (`2023-12-13T20:15:50.140`)
### CVEs modified in the last Commit
Recently modified CVEs: `32`
Recently modified CVEs: `55`
* [CVE-2023-5955](CVE-2023/CVE-2023-59xx/CVE-2023-5955.json) (`2023-12-13T17:29:12.180`)
* [CVE-2023-49800](CVE-2023/CVE-2023-498xx/CVE-2023-49800.json) (`2023-12-13T17:30:47.393`)
* [CVE-2023-5940](CVE-2023/CVE-2023-59xx/CVE-2023-5940.json) (`2023-12-13T17:39:17.437`)
* [CVE-2023-49490](CVE-2023/CVE-2023-494xx/CVE-2023-49490.json) (`2023-12-13T17:43:33.160`)
* [CVE-2023-42891](CVE-2023/CVE-2023-428xx/CVE-2023-42891.json) (`2023-12-13T17:46:10.560`)
* [CVE-2023-50457](CVE-2023/CVE-2023-504xx/CVE-2023-50457.json) (`2023-12-13T18:02:33.973`)
* [CVE-2023-50456](CVE-2023/CVE-2023-504xx/CVE-2023-50456.json) (`2023-12-13T18:02:57.440`)
* [CVE-2023-50455](CVE-2023/CVE-2023-504xx/CVE-2023-50455.json) (`2023-12-13T18:03:08.230`)
* [CVE-2023-50454](CVE-2023/CVE-2023-504xx/CVE-2023-50454.json) (`2023-12-13T18:04:38.017`)
* [CVE-2023-49782](CVE-2023/CVE-2023-497xx/CVE-2023-49782.json) (`2023-12-13T18:05:03.240`)
* [CVE-2023-6337](CVE-2023/CVE-2023-63xx/CVE-2023-6337.json) (`2023-12-13T18:06:18.783`)
* [CVE-2023-42890](CVE-2023/CVE-2023-428xx/CVE-2023-42890.json) (`2023-12-13T18:10:56.723`)
* [CVE-2023-49788](CVE-2023/CVE-2023-497xx/CVE-2023-49788.json) (`2023-12-13T18:11:14.110`)
* [CVE-2023-42886](CVE-2023/CVE-2023-428xx/CVE-2023-42886.json) (`2023-12-13T18:14:03.663`)
* [CVE-2023-40660](CVE-2023/CVE-2023-406xx/CVE-2023-40660.json) (`2023-12-13T18:15:43.387`)
* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-12-13T18:15:43.537`)
* [CVE-2023-5072](CVE-2023/CVE-2023-50xx/CVE-2023-5072.json) (`2023-12-13T18:15:44.510`)
* [CVE-2023-42884](CVE-2023/CVE-2023-428xx/CVE-2023-42884.json) (`2023-12-13T18:25:12.683`)
* [CVE-2023-42883](CVE-2023/CVE-2023-428xx/CVE-2023-42883.json) (`2023-12-13T18:29:00.980`)
* [CVE-2023-42882](CVE-2023/CVE-2023-428xx/CVE-2023-42882.json) (`2023-12-13T18:30:30.523`)
* [CVE-2023-48311](CVE-2023/CVE-2023-483xx/CVE-2023-48311.json) (`2023-12-13T18:39:26.447`)
* [CVE-2023-6574](CVE-2023/CVE-2023-65xx/CVE-2023-6574.json) (`2023-12-13T18:45:36.640`)
* [CVE-2023-6575](CVE-2023/CVE-2023-65xx/CVE-2023-6575.json) (`2023-12-13T18:45:52.623`)
* [CVE-2023-34320](CVE-2023/CVE-2023-343xx/CVE-2023-34320.json) (`2023-12-13T18:46:07.917`)
* [CVE-2023-4486](CVE-2023/CVE-2023-44xx/CVE-2023-4486.json) (`2023-12-13T18:47:41.807`)
* [CVE-2023-42906](CVE-2023/CVE-2023-429xx/CVE-2023-42906.json) (`2023-12-13T19:51:46.413`)
* [CVE-2023-42901](CVE-2023/CVE-2023-429xx/CVE-2023-42901.json) (`2023-12-13T19:52:31.333`)
* [CVE-2023-42902](CVE-2023/CVE-2023-429xx/CVE-2023-42902.json) (`2023-12-13T19:52:46.847`)
* [CVE-2023-42903](CVE-2023/CVE-2023-429xx/CVE-2023-42903.json) (`2023-12-13T19:53:01.920`)
* [CVE-2023-5907](CVE-2023/CVE-2023-59xx/CVE-2023-5907.json) (`2023-12-13T19:55:59.017`)
* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2023-12-13T19:56:50.143`)
* [CVE-2023-45670](CVE-2023/CVE-2023-456xx/CVE-2023-45670.json) (`2023-12-13T20:15:49.010`)
* [CVE-2023-45671](CVE-2023/CVE-2023-456xx/CVE-2023-45671.json) (`2023-12-13T20:15:49.170`)
* [CVE-2023-45672](CVE-2023/CVE-2023-456xx/CVE-2023-45672.json) (`2023-12-13T20:15:49.260`)
* [CVE-2023-6507](CVE-2023/CVE-2023-65xx/CVE-2023-6507.json) (`2023-12-13T20:17:39.047`)
* [CVE-2023-49417](CVE-2023/CVE-2023-494xx/CVE-2023-49417.json) (`2023-12-13T20:23:25.940`)
* [CVE-2023-49418](CVE-2023/CVE-2023-494xx/CVE-2023-49418.json) (`2023-12-13T20:26:37.280`)
* [CVE-2023-6671](CVE-2023/CVE-2023-66xx/CVE-2023-6671.json) (`2023-12-13T20:26:53.753`)
* [CVE-2023-5749](CVE-2023/CVE-2023-57xx/CVE-2023-5749.json) (`2023-12-13T20:28:26.880`)
* [CVE-2023-5750](CVE-2023/CVE-2023-57xx/CVE-2023-5750.json) (`2023-12-13T20:28:36.853`)
* [CVE-2023-5757](CVE-2023/CVE-2023-57xx/CVE-2023-5757.json) (`2023-12-13T20:29:04.543`)
* [CVE-2023-6657](CVE-2023/CVE-2023-66xx/CVE-2023-6657.json) (`2023-12-13T20:30:26.467`)
* [CVE-2023-50463](CVE-2023/CVE-2023-504xx/CVE-2023-50463.json) (`2023-12-13T20:33:08.687`)
* [CVE-2023-6658](CVE-2023/CVE-2023-66xx/CVE-2023-6658.json) (`2023-12-13T20:34:08.910`)
* [CVE-2023-36646](CVE-2023/CVE-2023-366xx/CVE-2023-36646.json) (`2023-12-13T20:38:27.083`)
* [CVE-2023-36652](CVE-2023/CVE-2023-366xx/CVE-2023-36652.json) (`2023-12-13T20:42:54.737`)
* [CVE-2023-36654](CVE-2023/CVE-2023-366xx/CVE-2023-36654.json) (`2023-12-13T20:51:12.487`)
* [CVE-2023-40446](CVE-2023/CVE-2023-404xx/CVE-2023-40446.json) (`2023-12-13T20:56:06.690`)
* [CVE-2023-50465](CVE-2023/CVE-2023-504xx/CVE-2023-50465.json) (`2023-12-13T20:56:40.520`)
* [CVE-2023-42897](CVE-2023/CVE-2023-428xx/CVE-2023-42897.json) (`2023-12-13T20:57:23.147`)
## Download and Usage