admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-30T17:00:18.296967+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-30 17:00:22 +00:00
parent ae914437f6
commit 919c10b435
75 changed files with 5150 additions and 282 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
CVE-2022/CVE-2022-374xx/CVE-2022-37424.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-37424",
"sourceIdentifier": "secure@blackberry.com",
"published": "2022-10-28T16:15:15.970",
"lastModified": "2022-11-01T17:26:40.537",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:07.587",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery."
},
{
"lang": "es",
"value": "La vulnerabilidad de Archivos o Directorios Accesibles a Partes Externas en OpenNebula en Linux permite el Descubrimiento de Archivos.\n"
}
],
"metrics": {
@ -64,16 +68,6 @@
"value": "CWE-552"
}
]
},
{
"source": "secure@blackberry.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"configurations": [

18
CVE-2022/CVE-2022-374xx/CVE-2022-37425.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-37425",
"sourceIdentifier": "secure@blackberry.com",
"published": "2022-10-28T16:15:16.080",
"lastModified": "2022-11-02T18:15:12.130",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:07.727",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de Comando ('Command Injection') en OpenNebula OpenNebula core en Linux permite la Inclusi\u00f3n Remota de C\u00f3digo."
}
],
"metrics": {
@ -64,16 +68,6 @@
"value": "CWE-77"
}
]
},
{
"source": "secure@blackberry.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [

18
CVE-2022/CVE-2022-374xx/CVE-2022-37426.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-37426",
"sourceIdentifier": "secure@blackberry.com",
"published": "2022-10-28T16:15:16.193",
"lastModified": "2022-11-01T20:39:19.423",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:07.820",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection."
},
{
"lang": "es",
"value": "Carga sin Restricciones de Archivo con vulnerabilidad de Tipo Peligrosa en OpenNebula OpenNebula core en Linux permite la inyecci\u00f3n de contenido de archivo."
}
],
"metrics": {
@ -64,16 +68,6 @@
"value": "CWE-434"
}
]
},
{
"source": "secure@blackberry.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [

65
CVE-2022/CVE-2022-463xx/CVE-2022-46337.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46337",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-20T09:15:07.180",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:16:14.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Un nombre de usuario inteligentemente dise\u00f1ado podr\u00eda omitir las comprobaciones de autenticaci\u00f3n LDAP. En instalaciones Derby autenticadas por LDAP, esto podr\u00eda permitir que un atacante llene el disco creando bases de datos Derby basura. En instalaciones de Derby autenticadas por LDAP, esto tambi\u00e9n podr\u00eda permitir al atacante ejecutar malware que era visible y ejecutable por la cuenta que arranc\u00f3 el servidor Derby. En bases de datos protegidas por LDAP que tampoco estaban protegidas por la autorizaci\u00f3n SQL GRANT/REVOKE, esta vulnerabilidad tambi\u00e9n podr\u00eda permitir que un atacante vea y corrompa datos confidenciales y ejecute funciones y procedimientos de bases de datos confidenciales. Mitigaci\u00f3n: los usuarios deben actualizar a Java 21 y Derby 10.17.1.0. Alternativamente, los usuarios que deseen permanecer en versiones anteriores de Java deben crear su propia distribuci\u00f3n Derby a partir de una de las familias de versiones a las que se admiti\u00f3 la soluci\u00f3n: 10.16, 10.15 y 10.14. Esas son las versiones que corresponden, respectivamente, a las versiones 17, 11 y 8 de Java LTS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:derby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.1.0",
"versionEndExcluding": "10.17.1.0",
"matchCriteriaId": "FA7C1E7A-DE9A-4A32-B691-429A0D0048CE"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

8
CVE-2023/CVE-2023-219xx/CVE-2023-21968.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-21968",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:16.470",
"lastModified": "2023-11-08T23:08:36.447",
"lastModified": "2023-11-30T15:24:32.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -153,12 +153,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8",
"matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",

59
CVE-2023/CVE-2023-239xx/CVE-2023-23978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23978",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:07.800",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:50:37.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:switchwp:wp_client_reports:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.17",
"matchCriteriaId": "26A0CFD1-4471-4A8E-9B09-49B2C5C289A1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-client-reports/wordpress-wp-client-reports-plugin-1-0-16-subscriber-sensitive-data-exposure?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25057.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25057",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:07.903",
"lastModified": "2023-11-30T16:15:07.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-3-2-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

22
CVE-2023/CVE-2023-258xx/CVE-2023-25835.json
View File

@ -2,18 +2,18 @@
"id": "CVE-2023-25835",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-07-21T00:15:10.343",
"lastModified": "2023-08-07T17:15:10.447",
"lastModified": "2023-11-30T16:15:08.103",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\u00a0 The attack could disclose a privileged token which may result the attacker gaining full control of the Portal.\n\n"
"value": "\nThere is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\u00a0\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,24 +33,24 @@
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"source": "psirt@esri.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
"impactScore": 6.0
}
]
},

20
CVE-2023/CVE-2023-258xx/CVE-2023-25837.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25837",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-07-21T04:15:12.377",
"lastModified": "2023-11-29T20:15:07.393",
"lastModified": "2023-11-30T16:15:08.313",
"vulnStatus": "Modified",
"descriptions": [
{
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,24 +33,24 @@
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"source": "psirt@esri.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
"impactScore": 6.0
}
]
},

55
CVE-2023/CVE-2023-265xx/CVE-2023-26533.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26533",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.490",
"lastModified": "2023-11-30T16:15:08.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-1-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

86
CVE-2023/CVE-2023-273xx/CVE-2023-27383.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27383",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:20.840",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:39:04.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access."
},
{
"lang": "es",
"value": "La falla del mecanismo de protecci\u00f3n en algunos software Intel(R) oneAPI HPC Toolkit 2023.1 e Intel(R)MPI Library anteriores a la versi\u00f3n 2021.9 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso adyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:advisor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1",
"matchCriteriaId": "8A6B4CD2-3E17-4BC8-AC12-38A0F7C5B85D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:inspector:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1",
"matchCriteriaId": "AF974524-D8AA-475F-84E6-86D76C519032"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021.9",
"matchCriteriaId": "A8DA0747-D8C7-4745-A2D5-574E41AB42B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1",
"matchCriteriaId": "E9B0E003-2303-4BAA-AAB5-E41672DD36A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1",
"matchCriteriaId": "140E6A32-DD35-4BD9-8810-26359D76FEB7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00841.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27461.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27461",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.713",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:26:18.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <=\u00a01.2.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Yoohoo Plugins When Last Login en versiones &lt;=1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yoohooplugins:when_last_login:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.1",
"matchCriteriaId": "90F096A3-BFB4-43A3-960F-6B9BCD2312B4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/when-last-login/wordpress-when-last-login-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-275xx/CVE-2023-27513.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27513",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:21.030",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:39:31.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El elemento de ruta de b\u00fasqueda no controlado en alg\u00fan software Intel(R) Server Information Retrieval Utility anterior a la versi\u00f3n 16.0.9 puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:server_information_retrieval_utility:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.9",
"matchCriteriaId": "5C9D60B1-BE71-4C63-B611-EA08662FA040"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00894.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-283xx/CVE-2023-28388.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28388",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:22.330",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:13:03.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El elemento de ruta de b\u00fasqueda no controlado en Intel(R) Chipset Device Software anteriores a la versi\u00f3n 10.1.19444.8378 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:chipset_device_software:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.1.19444.8378",
"matchCriteriaId": "8135AC98-8E6F-4AAF-9A98-CB42B7F5C96D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-284xx/CVE-2023-28401.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28401",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:22.680",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:12:37.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en algunos controladores Intel(R) Arc(TM) &amp; Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 puede permitir que el usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,71 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-284xx/CVE-2023-28404.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28404",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:22.853",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:12:16.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Los l\u00edmites le\u00eddos en los controladores Intel(R) Arc(TM) &amp; Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 pueden permitir que un usuario autenticado potencialmente habilite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,71 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-287xx/CVE-2023-28740.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28740",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:23.370",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:11:43.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Elemento de ruta de b\u00fasqueda no controlado en Intel(R) QAT drivers for Windows - HW Version 2.0 anterior a la versi\u00f3n 2.0.4 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,100 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:quickassist_technology_library:22.07.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2500ABC-5FA8-4C77-93F5-D8DFB1DC5C31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "1.10",
"matchCriteriaId": "64DB6B9F-0D6B-4625-84AA-BF06678C6483"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.0",
"versionEndExcluding": "2.04",
"matchCriteriaId": "5A480ADD-18A7-4B76-8E7A-BD2947774D03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

131
CVE-2023/CVE-2023-287xx/CVE-2023-28741.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28741",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:23.547",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:11:10.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en algunos controladores Intel(R) QAT para Windows: la versi\u00f3n de hardware 1.0 anterior a la 1.10 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,101 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:quickassist_technology_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.07.1",
"matchCriteriaId": "E54D2455-9259-49E4-9C05-95DBC7D2C0CD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "1.10",
"matchCriteriaId": "64DB6B9F-0D6B-4625-84AA-BF06678C6483"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.0",
"versionEndExcluding": "2.04",
"matchCriteriaId": "5A480ADD-18A7-4B76-8E7A-BD2947774D03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-288xx/CVE-2023-28812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28812",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2023-11-23T09:15:32.930",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:55:57.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "hsrc@hikvision.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hikvision:localservicecomponents:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.0.78",
"matchCriteriaId": "45D87F15-B878-4801-8095-57D968B98267"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/",
"source": "hsrc@hikvision.com"
"source": "hsrc@hikvision.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-288xx/CVE-2023-28813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28813",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2023-11-23T09:15:33.190",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:34:22.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "hsrc@hikvision.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hikvision:localservicecomponents:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.0.78",
"matchCriteriaId": "45D87F15-B878-4801-8095-57D968B98267"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/",
"source": "hsrc@hikvision.com"
"source": "hsrc@hikvision.com",
"tags": [
"Vendor Advisory"
]
}
]
}

755
CVE-2023/CVE-2023-313xx/CVE-2023-31320.json
View File

@ -2,19 +2,766 @@
"id": "CVE-2023-31320",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-11-14T19:15:25.070",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:10:43.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en el controlador de pantalla AMD RadeonTM Graphics puede permitir que un atacante da\u00f1e la pantalla, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*",
"versionEndExcluding": "23.7.1",
"matchCriteriaId": "538C0130-93FA-4B41-96CE-FEEC462A1135"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9995FBE-D440-45BA-86B5-1CFADF5BEE2B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6289D311-1997-47E7-B8D9-75C27CD0B9D1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02AA337B-595F-4859-A82A-DEC7BB346773"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7F0F81-2896-4E79-AC16-EA6AA9EBE7B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F08BE928-65AA-4E21-A8F0-D013C8FFB693"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1952152-A184-4FC9-B1CC-008B8238B5ED"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B2BEAF-AA1F-414D-A3DF-348B1033CAC8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51EA58C-3684-4567-A213-9351F2E521B9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0026781-F1DA-4533-870E-BCA14CFC7005"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B8E08F-2DAC-41CF-9105-D9A4FDDEE19A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB84A38-F651-44CB-93EF-502F1A197FBA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_5700m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEDC946-3685-4533-8D97-BDBDFB7AACBA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66880A-FB33-477D-93FD-C280A4547D66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD3F898-5AB1-4E60-A086-ADCF33820154"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "863770A0-3A7F-43E3-98E5-77E42827FA6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1F7CD2-7D13-48A9-A7CC-3547A1D241DB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4FED1D5-F31A-44C9-9101-D70486CC6FC7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB12B48-ABF8-4FFB-BD4E-6413C34D477B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D1C027-56B1-4EA7-842B-09B300B17808"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C24DE61-4036-42BF-A08F-67C234706703"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D9040F-1D1D-49E5-A60E-4393F5D76B60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A792F-7026-4F29-9A00-3A2EAB2DE5FC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33DAF63F-C468-438C-97C3-B6CE8BD12858"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82D4745-ACAB-4FC2-A63D-3B0FEA208BED"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80D674-1DD4-44E0-8C38-8341A7F392B1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10DD7029-9299-4901-A3D1-84D6102471B9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F73C59A-CDE2-4203-921F-1831D4ACFD2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C980129B-D717-47F7-A6C1-5EB64FB1BF9A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B76C585C-FCC8-456D-A63C-7A769AF5EB07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0C52E8-26B1-4F77-B9D3-D08BFF72DAFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF0B24-689D-4BE8-98D5-D88A84D5E473"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B58299A7-7CA4-4EF8-81DC-9A41AA84FB2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB218988-1483-4D96-9075-F79EDBC79974"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D5A16-F7BE-427A-98AB-2E120DB756DC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82E128B2-A9B7-4A1C-9ACF-7EB323B72B6F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC4A007-BEFD-4BF0-A176-7ECD6150041C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B658454-C160-4EBA-9F7A-E2B9FDEA8A1E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "838BCF03-8959-4B8F-96B2-416B880F33DE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04102F65-DAA8-4E0A-88EF-44BAA8B4AAA7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33D5FFA6-9D23-4C95-B23D-F50EB60369CA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A82AB49-3ABB-4DE4-91DB-4AF8E1F3196E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "730BD289-75E3-4365-A0C1-D0AD1498F3C2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92A2E6B9-ADFB-4790-917B-9679CFE280E3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "334FD5E4-BA45-42BA-B1EC-0DC1E1F44018"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6B0E69-D944-48CF-A3F3-EA350C1451AF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDBF76B-3C2E-4421-800B-54CE6A997439"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72B69860-0C6F-40AD-8696-6150365D908F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFE5253-2401-4EE4-90E7-9459F2A93CF1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*",
"versionEndExcluding": "23.q3",
"matchCriteriaId": "DA638E10-5A0F-43D5-BC26-5A18C987D467"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D5FA49-D783-4DA5-AAED-F3BE3B4DA16D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8E9065-121A-4220-A631-3B3EB43B2AAB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E39052CC-CC5F-4782-9CCE-2F5C8342AD79"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2D18A-955A-4415-A5B2-18258C0277B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85E68F7E-0A57-498A-9DB9-3D36045D671E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCC24F7-17CD-422A-B047-3E8B32D7B3F0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB91262-2EF4-4F0D-8B61-0012BD25E7A8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EACFFECA-179B-4911-85DE-D7270610E4A9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3083C065-5A2C-4B2D-9C1F-5793BA3C0A52"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47A9B2F1-D9C5-47F8-9B2D-7C2A1495972A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19588B3D-3F44-4127-8989-B535D4391201"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7557738A-5D93-4117-8FF2-9A27CD0E6BC5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BC3034-8C33-4AAF-BE81-9BCFBF0EE56A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "697BB742-0A55-4165-B5BD-5BDCD67B62CD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14599A66-17C9-4072-AA0D-EAE86DB496DD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED51D4C-2C19-4C3B-814C-3F88AF25870C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "233155D5-D0D9-4EC3-B7F7-2CB3F30E48A8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98B858C0-0490-4D50-BC1E-FFB5A54E5DBC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:radeon_rx_vega_56_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C296FBE4-A7CB-45CC-866F-9287CB2C4CD3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_vega_56:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76F9458D-7D2E-4664-A896-F1FB1907226F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:radeon_rx_vega_64_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326A62D7-A59F-4577-A7C4-956E83B5F80E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_vega_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1781E1-CA76-4C8F-AAA5-FA2E0484C41A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:radeon_pro_vega_56_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52880029-7A09-47F5-84B9-7A8A77D883F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_vega_56:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2819B30C-7A03-4A3B-8D34-080A85E83AE0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:radeon_pro_vega_64_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A38A14-D45C-4746-BCDC-D26D178B1426"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_vega_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D89E1B8-509D-428E-984C-E23D808A0006"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*",
"versionEndExcluding": "23.7.1",
"matchCriteriaId": "538C0130-93FA-4B41-96CE-FEEC462A1135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*",
"versionEndExcluding": "23.q3",
"matchCriteriaId": "DA638E10-5A0F-43D5-BC26-5A18C987D467"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_3015ce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6513418A-C422-4C3B-8C5A-C1DB4BAC67C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_3015e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7774C021-B18A-473A-90B5-48A95071E5BA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "263E53BD-7A57-40AC-8A35-D761BD3895A5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_4300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE6DAAF-7A5E-4D6C-862A-443647E66432"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_4300ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492017EE-C13F-4C40-887F-9C3C9F439898"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_4300u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E02A9C95-DF12-4816-88C3-6AFC331B8426"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D34308FA-D6D1-4024-95F5-45C86EFBF00A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94E19774-C744-46AC-B8F8-2B3E2BB19050"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_5300u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE2EB95-146C-4DFA-A627-3E4B3CDD5F88"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE3D939-DA9A-4B78-AEBA-8C30AA7E9354"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4500u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA85AB-B5C0-4D99-BB89-FBDA7CC4E97F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4600g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0005355A-DA7A-417D-8AF9-F6CC880040BC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4600ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1614C8C2-0DDF-464F-BAE5-812CED10CA17"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4600h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA92163-5A72-4271-89D4-401C24950F62"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4600hs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "510FB098-A28C-46AD-9244-438DC828A007"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4600u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "954500F1-6466-4A1C-8E0C-D759121CEBDC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_4680u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A4079E-01E9-4807-A293-F6E843752554"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_5500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C443EB-CF9B-4B50-A0F2-CD652D5E1467"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_5500u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C212F6CE-1920-44DC-AC13-4922A052CEBB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6B0E7-AE27-4DE8-8AF2-801E57F5FC30"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F59A2AF2-5D13-480B-93CD-70AB6AEB60F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9048FE84-62DA-4C1F-9EF2-0E94A10D116F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D111819-345A-4BAF-83D0-1153209AFCEB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D242085-9B1A-4125-8070-50505531EECE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "055F87B8-FD74-44CC-A063-84E0BA2E8136"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43C5E75B-136B-4A60-9C2C-84D9C78C0453"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6A9017-FE60-4087-AA9D-AFB4E444E884"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_4700g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B44C21E-681A-4869-8D9D-D3898D9CBB3B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_4700ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D640C5C-C906-41A2-96BC-19299ADB9446"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_4700u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "474D45CF-EBBE-4013-B8EC-BCA3293B36B4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_4800h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D70D28B-809E-456C-96ED-84A4CA7EC942"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_4800hs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "444F83B8-ABD0-401C-8028-CAF0DEECF7BB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_4980u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1622E6AD-CF6D-4C69-BAA6-BD5A2E658639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6746407-9EC7-49B2-93B4-926174F2A457"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B481C5C-90C3-4DC2-85DF-F1EA0F409DF3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_7_5700u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56772AAA-A5A9-4125-B4DB-939D583DA8E5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_9_4900h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BEC933-8C69-4E47-B527-DA3ED3233B2D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_9_4900hs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5F418C-2989-44C0-A880-A7BBA067E581"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003",
"source": "psirt@amd.com"
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-33xx/CVE-2023-3377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3377",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-23T09:15:33.353",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:06:38.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veribase:veribase:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-11-23",
"matchCriteriaId": "AC3653D5-9075-4BA6-A489-35F6AD228E7B"
}
]
}
]
}
],
"references": [
{
"url": "https://https://www.usom.gov.tr/bildirim/tr-23-0655",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Broken Link"
]
}
]
}

247
CVE-2023/CVE-2023-33xx/CVE-2023-3379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3379",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-11-20T08:15:44.280",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:16:28.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
@ -50,10 +60,241 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "B6F27D52-0A31-4CE5-823B-7DA6DCF291AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "532907AF-7E4A-4065-A799-753FC3313D6C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "67EF75C3-893E-408D-B3C6-464F3C7AC27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFC57C8-6AF4-4771-B0A0-744137FBFECF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22",
"matchCriteriaId": "252F9DAE-5C46-48B3-A74A-8331DE3B5189"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*",
"matchCriteriaId": "4815DFF8-0CAE-4C85-9F5B-F64C12F43AB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc100_firmware:22:patch_1:*:*:*:*:*:*",
"matchCriteriaId": "8F71E8B5-7774-45BB-8B7D-7C38A4B90EA0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22",
"matchCriteriaId": "C741BCDD-8485-4DDC-9D51-143F1EE4824E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*",
"matchCriteriaId": "B876DC19-0523-41DB-8BD7-1ECC09FCFA01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc200_firmware:22:patch_1:*:*:*:*:*:*",
"matchCriteriaId": "CA491C96-F0CF-4960-8F91-831E80622D5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*",
"matchCriteriaId": "BE108CD0-B451-4ED5-83A1-CCEAACC1B40C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:pfc200_firmware:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E45E9B-3F87-4758-8BCE-BCF79AD225DA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "AD598E88-4682-43AD-AD12-2763B931416C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "A9018036-B119-472C-A5A3-D0253E2FA425"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "99BEC3AF-787E-441A-A181-A491E119295B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-015/",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-360xx/CVE-2023-36038.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36038",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T22:15:28.733",
"lastModified": "2023-11-20T20:36:46.283",
"lastModified": "2023-11-30T15:51:34.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -77,27 +77,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.0",
"matchCriteriaId": "F7A8A135-E9FA-43BC-AF86-8276F763742B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:asp.net_core:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71FB0BA0-0D9E-4420-8109-EDB9CF2D69AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
@ -129,6 +108,73 @@
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:asp.net_core:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71FB0BA0-0D9E-4420-8109-EDB9CF2D69AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.1:*:*:*:*:*:*",
"matchCriteriaId": "BB3DD9A8-684A-4D3C-AAC1-795A5154B8FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.2:*:*:*:*:*:*",
"matchCriteriaId": "CF27FE4D-4019-44CB-B86A-0F6EB22043EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.3:*:*:*:*:*:*",
"matchCriteriaId": "2355C9C3-17D4-4024-B60A-55E698139269"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.4:*:*:*:*:*:*",
"matchCriteriaId": "4BF4A874-DE47-4662-82E8-899258ABCAA4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.5:*:*:*:*:*:*",
"matchCriteriaId": "A088E6AE-B04B-4BF2-9710-875767A17644"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.6:*:*:*:*:*:*",
"matchCriteriaId": "C499F62B-EE47-4F90-8E0C-BE5B3A95E6EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.7:*:*:*:*:*:*",
"matchCriteriaId": "D9BE19EE-D1C3-4688-A614-0E906F949768"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7"
}
]
}
]
}
],
"references": [

55
CVE-2023/CVE-2023-365xx/CVE-2023-36507.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36507",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.693",
"lastModified": "2023-11-30T16:15:08.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-64-unauthenticated-server-information-disclosure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36523.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36523",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:08.893",
"lastModified": "2023-11-30T16:15:08.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/email-download-link/wordpress-email-download-link-plugin-3-7-sensitive-data-exposure?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-378xx/CVE-2023-37868.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37868",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.080",
"lastModified": "2023-11-30T16:15:09.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/premium-addons-pro/wordpress-premium-addons-pro-plugin-2-9-0-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-378xx/CVE-2023-37890.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37890",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.267",
"lastModified": "2023-11-30T16:15:09.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs.\u00a0Users with a role as low as a subscriber can view other customers.This issue affects KB Support \u2013 WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37972.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37972",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:07.567",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-product-stock-alert/wordpress-woocommerce-product-stock-alert-plugin-2-0-1-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

66
CVE-2023/CVE-2023-392xx/CVE-2023-39253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39253",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:45.300",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:38:26.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:os_recovery_tool:2.2.4013:*:*:*:*:*:*:*",
"matchCriteriaId": "27D7466E-1ADC-4C9C-9AD8-77021108838F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:os_recovery_tool:2.3.7012.0:*:*:*:*:*:*:*",
"matchCriteriaId": "935BB4EC-A154-41EF-A7FB-7804081CF675"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:os_recovery_tool:2.3.7515.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB25BEE-EED1-42F2-A32A-6D8E61C2967E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000217699/dsa-2023-336-security-update-for-a-dell-os-recovery-tool-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-399xx/CVE-2023-39921.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39921",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.463",
"lastModified": "2023-11-30T16:15:09.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: from n/a through 4.6.19.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-author-box-for-authors-co-authors-multiple-authors-and-guest-authors-molongui-plugin-4-6-19-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-402xx/CVE-2023-40211.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40211",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:07.773",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo \u2013 36+ Gutenberg Blocks.This issue affects Post Grid Combo \u2013 36+ Gutenberg Blocks: from n/a through 2.2.50.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-grid/wordpress-post-grid-combo-plugin-2-2-50-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-406xx/CVE-2023-40600.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-40600",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:07.973",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer.\u00a0It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-0-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-406xx/CVE-2023-40662.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40662",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:08.050",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cookies-and-content-security-policy/wordpress-cookies-and-content-security-policy-plugin-2-15-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

199
CVE-2023/CVE-2023-411xx/CVE-2023-41139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41139",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.467",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:48:23.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Un archivo STP creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para eliminar la referencia a un puntero que no es de confianza. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -27,10 +60,168 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

199
CVE-2023/CVE-2023-411xx/CVE-2023-41140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41140",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.550",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:45:50.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Un archivo PRT creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar un desbordamiento del b\u00fafer basado en el heap. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -27,10 +60,168 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41735.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41735",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:08.240",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/email-posts-to-subscribers/wordpress-email-posts-to-subscribers-plugin-6-2-sensitive-data-exposure?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44143.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44143",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.653",
"lastModified": "2023-11-30T16:15:09.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.This issue affects Bamboo Columns: from n/a through 1.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bamboo-columns/wordpress-bamboo-columns-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44150.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44150",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:08.517",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress: from n/a through 4.13.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-2-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-450xx/CVE-2023-45066.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45066",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:08.723",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-456xx/CVE-2023-45609.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45609",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:09.843",
"lastModified": "2023-11-30T16:15:09.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form \u2013 Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form \u2013 Custom Builder, Payment Form, and More: from n/a through 2.1.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/powr-pack/wordpress-powr-pack-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-458xx/CVE-2023-45834.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:08.920",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-460xx/CVE-2023-46086.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46086",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.037",
"lastModified": "2023-11-30T16:15:10.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n/a through 3.4.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-plugin-3-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

65
CVE-2023/CVE-2023-463xx/CVE-2023-46302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46302",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-20T09:15:07.293",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:15:48.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Apache Software Foundation Apache Submarine tiene un error al serializar contra yaml. El error es causado por Snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471. Apache Submarine usa JAXRS para definir endpoints REST. Para manejar solicitudes YAML (usando el tipo de contenido application/yaml), define un proveedor de entidad YamlEntityProvider que procesar\u00e1 todas las solicitudes YAML entrantes. Para desorganizar la solicitud, se invoca el m\u00e9todo readFrom, pasando elentityStream que contiene los datos proporcionados por el usuario en `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`. Ahora hemos solucionado este problema en la nueva versi\u00f3n reemplaz\u00e1ndolo por `jackson-dataformat-yaml`. Este problema afecta a Apache Submarine: desde 0.7.0 antes de 0.8.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 0.8.0, que soluciona este problema. Si utiliza una versi\u00f3n inferior a 0.8.0 y no desea actualizar, puede intentar seleccionar PR https://github.com/apache/submarine/pull/1054 y reconstruir la imagen del servidor submart para solucionar este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,18 +50,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.7.0",
"versionEndExcluding": "0.8.0",
"matchCriteriaId": "5227C744-A013-4BBA-945F-E7BCE19AA4B8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/apache/submarine/pull/1054",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://issues.apache.org/jira/browse/SUBMARINE-1371",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://lists.apache.org/thread/zf0wppzh239j4h131hm1dbswfnztxrr5",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

55
CVE-2023/CVE-2023-468xx/CVE-2023-46820.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46820",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:09.120",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/image-regenerate-select-crop/wordpress-image-regenerate-select-crop-plugin-7-3-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-472xx/CVE-2023-47244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47244",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T21:15:07.787",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:43:06.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:omnisend:email_marketing_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.13.9",
"matchCriteriaId": "571FCBF7-7C86-4C84-829F-6ED94DB22C94"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/omnisend-connect/wordpress-email-marketing-for-woocommerce-by-omnisend-plugin-1-13-7-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-475xx/CVE-2023-47529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47529",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T21:15:07.990",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:42:23.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:cloud_templates_\\&_patterns_collection:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.3",
"matchCriteriaId": "F5855DA5-DA90-447B-8BEB-7E7348A1E511"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/templates-patterns-collection/wordpress-cloud-templates-patterns-collection-plugin-1-2-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

98
CVE-2023/CVE-2023-483xx/CVE-2023-48301.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48301",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T22:15:07.490",
"lastModified": "2023-11-22T03:36:44.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:14:00.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y antes de las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server, un atacante podr\u00eda insertar enlaces en el nombre de los c\u00edrculos que se abrir\u00edan al hacer clic en el nombre del c\u00edrculo en un filtro de busqueda. Las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server contienen una soluci\u00f3n para este problema. Como workaround, desactive los c\u00edrculos de aplicaciones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndIncluding": "25.0.13",
"matchCriteriaId": "45B3E170-813D-4614-BCA3-831797C3A8AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.13",
"matchCriteriaId": "022E939C-D0FF-4B15-B196-2E31648A6D7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndIncluding": "26.0.8",
"matchCriteriaId": "B216177E-7BAC-4832-BE27-EE2E8135EF66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.8",
"matchCriteriaId": "73E25AF9-5CCD-45F9-AAB0-AFEF607B0F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndIncluding": "27.1.3",
"matchCriteriaId": "6D49E228-57B2-495B-9816-B03929565977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.3",
"matchCriteriaId": "0584A036-2006-4032-85CA-673B4547F7EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/circles/pull/1415",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wgpw-qqq2-gwv6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2210038",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-483xx/CVE-2023-48302.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48302",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T22:15:07.697",
"lastModified": "2023-11-22T03:36:44.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:13:33.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y anteriores a las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server, cuando se enga\u00f1a a un usuario para que copie y pegue c\u00f3digo HTML sin marcado (Ctrl+Shift+V), el marcado realmente se representar\u00e1. Las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server contienen una soluci\u00f3n para este problema. Como workaround, desactive el texto de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.13",
"matchCriteriaId": "29861543-C0E0-4AE0-AB80-D355F7C87BC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.13",
"matchCriteriaId": "022E939C-D0FF-4B15-B196-2E31648A6D7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.8",
"matchCriteriaId": "11421EAE-68EA-4372-8AC0-F5A1E40A9351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.8",
"matchCriteriaId": "73E25AF9-5CCD-45F9-AAB0-AFEF607B0F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.3",
"matchCriteriaId": "DBD45C73-377F-4B88-BE87-1BBD9236CAEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.3",
"matchCriteriaId": "0584A036-2006-4032-85CA-673B4547F7EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p7g9-x25m-4h87",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/text/pull/4877",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2211561",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

105
CVE-2023/CVE-2023-483xx/CVE-2023-48305.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48305",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T23:15:07.373",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:06:58.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users' passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments)."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y antes de las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server, cuando el nivel de registro se configur\u00f3 para depurar, la aplicaci\u00f3n user_ldap registr\u00f3 las contrase\u00f1as de los usuarios en texto plano en el archivo de registro. Si el archivo de registro se filtrara o se compartiera de alguna manera, se filtrar\u00edan las contrase\u00f1as de los usuarios. Las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server contienen un parche para este problema. Como workaround, cambie la configuraci\u00f3n \"loglevel\" a \"1\" o superior (siempre debe ser superior a 1 en entornos de producci\u00f3n)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,91 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "CFCB9CDB-F661-496E-86B7-25B228A3C90E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "37949CD5-0B2D-40BE-83C8-E6A03CD0F7C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "9E2008E1-AFAE-40F5-8D64-A019F2222AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "4C98058B-06EF-446E-A39D-F436627469C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "B8F5C07F-E133-4C54-B9A7-95A38086B28A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "E29703CE-0A92-47F3-96AE-0AC27641ECDF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35p6-4992-w5fr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/issues/38461",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/nextcloud/server/pull/40013",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2101165",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-483xx/CVE-2023-48306.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48306",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T23:15:07.600",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:07:20.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y anteriores a las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y a partir de la versi\u00f3n 22.0.0 y anteriores a las versiones 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0. 11, 26.0.6 y 27.1.0 de Nextcloud Enterprise Server, el middleware de pines de DNS era vulnerable a la nueva vinculaci\u00f3n de DNS, lo que permit\u00eda a un atacante realizar SSRF como resultado final. Nextcloud Server 25.0.11, 26.0.6 y 27.1.0 y Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6 y 27.1.0 contienen parches para este problema. No hay workarounds conocidos disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,104 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "22.0.0",
"versionEndExcluding": "22.2.10.16",
"matchCriteriaId": "429A249E-7FF9-495A-9158-95B888ABD8D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.11",
"matchCriteriaId": "465AAFF0-9D24-451A-AAAE-9340A8BE1EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.7",
"matchCriteriaId": "040721D3-7E8A-4DC2-978D-9AE6D5A606F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "CFCB9CDB-F661-496E-86B7-25B228A3C90E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.11",
"matchCriteriaId": "37949CD5-0B2D-40BE-83C8-E6A03CD0F7C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "9E2008E1-AFAE-40F5-8D64-A019F2222AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.6",
"matchCriteriaId": "4C98058B-06EF-446E-A39D-F436627469C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "B8F5C07F-E133-4C54-B9A7-95A38086B28A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.1.0",
"matchCriteriaId": "E29703CE-0A92-47F3-96AE-0AC27641ECDF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/40234",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2115212",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2023/CVE-2023-483xx/CVE-2023-48307.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48307",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T23:15:07.807",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T16:40:08.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app."
},
{
"lang": "es",
"value": "Nextcloud Mail es la aplicaci\u00f3n de correo de Nextcloud, una plataforma de productividad autohospedada. A partir de la versi\u00f3n 1.13.0 y anteriores a las versiones 2.2.8 y 3.3.0, un atacante puede utilizar un endpoint desprotegido en la aplicaci\u00f3n de correo para realizar un ataque SSRF. Las versiones 2.2.8 y 3.3.0 de la aplicaci\u00f3n Nextcloud Mail contienen un parche para este problema. Como workaround, desactive la aplicaci\u00f3n de correo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "2.2.8",
"matchCriteriaId": "54F82061-3A70-47D7-9E95-26B10CA3553A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.3.0",
"matchCriteriaId": "98F3704F-323A-4BC4-BC5F-259C8648CB97"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/mail/pull/8709",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/1869714",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48328.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48328",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.227",
"lastModified": "2023-11-30T16:15:10.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin \u2013 NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin \u2013 NextGEN Gallery: from n/a through 3.37.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48333.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48333",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T15:15:09.310",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-1-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

73
CVE-2023/CVE-2023-486xx/CVE-2023-48699.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48699",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T23:15:08.103",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:15:03.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above."
},
{
"lang": "es",
"value": "fastbots es una librer\u00eda para el desarrollo r\u00e1pido de robots y raspadores utilizando selenio y el dise\u00f1o de Page Object Model (POM). Antes de la versi\u00f3n 0.1.5, un atacante pod\u00eda modificar el archivo localizador locators.ini con c\u00f3digo Python que sin la validaci\u00f3n adecuada se ejecutaba y podr\u00eda provocar rce. La vulnerabilidad est\u00e1 en la funci\u00f3n `def __locator__(self, locator_name: str)` en `page.py`. Para mitigar este problema, actualice a la versi\u00f3n 0.1.5 o superior de fastbots."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ubertidavide:fastbots:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.1.5",
"matchCriteriaId": "F4D23CDD-ACB2-427B-BC2C-1F98D79FE70C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48754.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48754",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.420",
"lastModified": "2023-11-30T16:15:10.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/delete-post-revisions-on-single-click/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

125
CVE-2023/CVE-2023-55xx/CVE-2023-5528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5528",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-11-14T21:15:14.123",
"lastModified": "2023-11-28T03:15:07.023",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-30T15:10:23.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -50,26 +80,107 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.8.0",
"versionEndExcluding": "1.25.16",
"matchCriteriaId": "25FFBC6E-DCE9-4596-8ABE-AC6B6564AA40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.11",
"matchCriteriaId": "28E3CB24-4305-4E08-AD34-D29AE795FA4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.8",
"matchCriteriaId": "45E6B088-8FC7-476A-A661-A9402F857C4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.4",
"matchCriteriaId": "8C9231AD-C3B9-4531-9052-0317AA506B0B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/121879",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
]
}
]
}

27
CVE-2023/CVE-2023-55xx/CVE-2023-5593.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5593",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-20T12:15:09.180",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:14:15.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zyxel:secuextender_ssl_vpn:4.0.4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "46B6221D-7167-4AFF-9E26-6AE88C983EB9"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-out-of-bounds-write-vulnerability-in-secuextender-ssl-vpn-client-software",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

5
CVE-2023/CVE-2023-57xx/CVE-2023-5720.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5720",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-15T14:15:07.900",
"lastModified": "2023-11-22T22:39:50.083",
"lastModified": "2023-11-30T16:26:16.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -91,7 +91,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.1",
"matchCriteriaId": "9D9DE1DF-8CFA-4E57-B30E-CDB925589F0D"
"versionEndExcluding": "3.2.8",
"matchCriteriaId": "C787DE6A-4365-4B6E-A6A7-A92EB9BFE60A"
},
{
"vulnerable": true,

55
CVE-2023/CVE-2023-58xx/CVE-2023-5803.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5803",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T16:15:10.610",
"lastModified": "2023-11-30T16:15:10.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin \u2013 Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin \u2013 Easy Listing Directories for WordPress: from n/a through 6.3.10.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

76
CVE-2023/CVE-2023-59xx/CVE-2023-5986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5986",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.487",
"lastModified": "2023-11-15T13:54:26.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:24:25.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -50,10 +80,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "E4A6EB67-7D2A-4899-BAC7-18BD6F5D6700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "62689EF4-C9D4-47FB-9722-C9C2EFB0C858"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "2D20050D-A7BB-4BB1-9C4C-DB3321DF087B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:-:*:*:*:*:*:*",
"matchCriteriaId": "B4579BF1-DD9F-4AD7-A1CE-2AD2B7389B8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "B38506D4-26CD-405C-99FC-0E8F9D39DA57"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf",
"source": "cybersecurity@se.com"
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-59xx/CVE-2023-5987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5987",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.700",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:05:45.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -50,10 +70,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "E4A6EB67-7D2A-4899-BAC7-18BD6F5D6700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "62689EF4-C9D4-47FB-9722-C9C2EFB0C858"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "2D20050D-A7BB-4BB1-9C4C-DB3321DF087B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:-:*:*:*:*:*:*",
"matchCriteriaId": "B4579BF1-DD9F-4AD7-A1CE-2AD2B7389B8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "B38506D4-26CD-405C-99FC-0E8F9D39DA57"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf",
"source": "cybersecurity@se.com"
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-60xx/CVE-2023-6032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6032",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.890",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T15:17:18.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -50,10 +70,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:galaxy_vl_firmware:12.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBA2696-BAD9-4DEF-A666-A1069911A1EA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:galaxy_vl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C17962-A380-4C2B-9765-6F7EBF009805"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:galaxy_vs_firmware:6.82:*:*:*:*:*:*:*",
"matchCriteriaId": "30E308F5-F39F-4542-B76E-B0DB08072B9E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:galaxy_vs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D34844F6-82C2-4791-9D5F-9364DFBC4438"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-03.pdf",
"source": "cybersecurity@se.com"
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-62xx/CVE-2023-6204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6204",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.687",
"lastModified": "2023-11-28T19:45:10.887",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:10.803",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-62xx/CVE-2023-6205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6205",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.737",
"lastModified": "2023-11-28T19:44:48.170",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:10.870",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-62xx/CVE-2023-6206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6206",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.787",
"lastModified": "2023-11-28T19:44:05.347",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:10.940",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-62xx/CVE-2023-6207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6207",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.843",
"lastModified": "2023-11-28T19:42:50.670",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:11.027",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-62xx/CVE-2023-6208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6208",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.900",
"lastModified": "2023-11-28T19:37:55.503",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:11.150",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-62xx/CVE-2023-6209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6209",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.957",
"lastModified": "2023-11-28T19:37:34.557",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:11.277",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org",

8
CVE-2023/CVE-2023-62xx/CVE-2023-6212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6212",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:08.110",
"lastModified": "2023-11-28T19:30:41.437",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T16:15:11.417",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -120,6 +120,10 @@
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org",

4
CVE-2023/CVE-2023-62xx/CVE-2023-6239.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6239",
"sourceIdentifier": "security@m-files.com",
"published": "2023-11-28T14:15:07.697",
"lastModified": "2023-11-29T14:15:07.793",
"lastModified": "2023-11-30T16:15:11.570",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9 and 23.10 and 23.11 before 23.11.13168.7 allowing user to access object with incorrectly calculated privileges.\n"
"value": "Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.\n"
},
{
"lang": "es",

55
CVE-2023/CVE-2023-63xx/CVE-2023-6360.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6360",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-30T16:15:11.820",
"lastModified": "2023-11-30T16:15:11.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-40",
"source": "vulnreport@tenable.com"
}
]
}

84
CVE-2023/CVE-2023-64xx/CVE-2023-6401.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-6401",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-30T15:15:09.507",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.246421",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.246421",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-64xx/CVE-2023-6402.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6402",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-30T15:15:09.813",
"lastModified": "2023-11-30T15:16:38.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/dhabaleshwar/niv_testing_sqli/blob/main/exploit.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.246423",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.246423",
"source": "cna@vuldb.com"
}
]
}

110
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-30T15:00:18.370884+00:00
2023-11-30T17:00:18.296967+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-30T14:52:31.180000+00:00
2023-11-30T16:43:06.887000+00:00
```
### Last Data Feed Release
@ -29,69 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231821
231847
```
### CVEs added in the last Commit
Recently added CVEs: `62`
Recently added CVEs: `26`
* [CVE-2023-48279](CVE-2023/CVE-2023-482xx/CVE-2023-48279.json) (`2023-11-30T14:15:10.590`)
* [CVE-2023-48281](CVE-2023/CVE-2023-482xx/CVE-2023-48281.json) (`2023-11-30T14:15:10.783`)
* [CVE-2023-48742](CVE-2023/CVE-2023-487xx/CVE-2023-48742.json) (`2023-11-30T14:15:10.983`)
* [CVE-2023-48912](CVE-2023/CVE-2023-489xx/CVE-2023-48912.json) (`2023-11-30T14:15:11.177`)
* [CVE-2023-48913](CVE-2023/CVE-2023-489xx/CVE-2023-48913.json) (`2023-11-30T14:15:11.220`)
* [CVE-2023-48914](CVE-2023/CVE-2023-489xx/CVE-2023-48914.json) (`2023-11-30T14:15:11.273`)
* [CVE-2023-48963](CVE-2023/CVE-2023-489xx/CVE-2023-48963.json) (`2023-11-30T14:15:11.477`)
* [CVE-2023-48964](CVE-2023/CVE-2023-489xx/CVE-2023-48964.json) (`2023-11-30T14:15:11.670`)
* [CVE-2023-4770](CVE-2023/CVE-2023-47xx/CVE-2023-4770.json) (`2023-11-30T14:15:11.880`)
* [CVE-2023-5965](CVE-2023/CVE-2023-59xx/CVE-2023-5965.json) (`2023-11-30T14:15:12.943`)
* [CVE-2023-5966](CVE-2023/CVE-2023-59xx/CVE-2023-5966.json) (`2023-11-30T14:15:13.450`)
* [CVE-2023-6026](CVE-2023/CVE-2023-60xx/CVE-2023-6026.json) (`2023-11-30T14:15:13.983`)
* [CVE-2023-6027](CVE-2023/CVE-2023-60xx/CVE-2023-6027.json) (`2023-11-30T14:15:14.497`)
* [CVE-2023-6136](CVE-2023/CVE-2023-61xx/CVE-2023-6136.json) (`2023-11-30T14:15:14.983`)
* [CVE-2023-6410](CVE-2023/CVE-2023-64xx/CVE-2023-6410.json) (`2023-11-30T14:15:15.497`)
* [CVE-2023-6411](CVE-2023/CVE-2023-64xx/CVE-2023-6411.json) (`2023-11-30T14:15:16.017`)
* [CVE-2023-6412](CVE-2023/CVE-2023-64xx/CVE-2023-6412.json) (`2023-11-30T14:15:16.527`)
* [CVE-2023-6413](CVE-2023/CVE-2023-64xx/CVE-2023-6413.json) (`2023-11-30T14:15:17.020`)
* [CVE-2023-6414](CVE-2023/CVE-2023-64xx/CVE-2023-6414.json) (`2023-11-30T14:15:17.523`)
* [CVE-2023-33333](CVE-2023/CVE-2023-333xx/CVE-2023-33333.json) (`2023-11-30T14:15:08.323`)
* [CVE-2023-34030](CVE-2023/CVE-2023-340xx/CVE-2023-34030.json) (`2023-11-30T14:15:09.397`)
* [CVE-2023-36682](CVE-2023/CVE-2023-366xx/CVE-2023-36682.json) (`2023-11-30T14:15:09.583`)
* [CVE-2023-36685](CVE-2023/CVE-2023-366xx/CVE-2023-36685.json) (`2023-11-30T14:15:09.787`)
* [CVE-2023-37867](CVE-2023/CVE-2023-378xx/CVE-2023-37867.json) (`2023-11-30T14:15:09.983`)
* [CVE-2023-47645](CVE-2023/CVE-2023-476xx/CVE-2023-47645.json) (`2023-11-30T14:15:10.200`)
* [CVE-2023-40211](CVE-2023/CVE-2023-402xx/CVE-2023-40211.json) (`2023-11-30T15:15:07.773`)
* [CVE-2023-40600](CVE-2023/CVE-2023-406xx/CVE-2023-40600.json) (`2023-11-30T15:15:07.973`)
* [CVE-2023-40662](CVE-2023/CVE-2023-406xx/CVE-2023-40662.json) (`2023-11-30T15:15:08.050`)
* [CVE-2023-41735](CVE-2023/CVE-2023-417xx/CVE-2023-41735.json) (`2023-11-30T15:15:08.240`)
* [CVE-2023-44150](CVE-2023/CVE-2023-441xx/CVE-2023-44150.json) (`2023-11-30T15:15:08.517`)
* [CVE-2023-45066](CVE-2023/CVE-2023-450xx/CVE-2023-45066.json) (`2023-11-30T15:15:08.723`)
* [CVE-2023-45834](CVE-2023/CVE-2023-458xx/CVE-2023-45834.json) (`2023-11-30T15:15:08.920`)
* [CVE-2023-46820](CVE-2023/CVE-2023-468xx/CVE-2023-46820.json) (`2023-11-30T15:15:09.120`)
* [CVE-2023-48333](CVE-2023/CVE-2023-483xx/CVE-2023-48333.json) (`2023-11-30T15:15:09.310`)
* [CVE-2023-6401](CVE-2023/CVE-2023-64xx/CVE-2023-6401.json) (`2023-11-30T15:15:09.507`)
* [CVE-2023-6402](CVE-2023/CVE-2023-64xx/CVE-2023-6402.json) (`2023-11-30T15:15:09.813`)
* [CVE-2023-25057](CVE-2023/CVE-2023-250xx/CVE-2023-25057.json) (`2023-11-30T16:15:07.903`)
* [CVE-2023-26533](CVE-2023/CVE-2023-265xx/CVE-2023-26533.json) (`2023-11-30T16:15:08.490`)
* [CVE-2023-36507](CVE-2023/CVE-2023-365xx/CVE-2023-36507.json) (`2023-11-30T16:15:08.693`)
* [CVE-2023-36523](CVE-2023/CVE-2023-365xx/CVE-2023-36523.json) (`2023-11-30T16:15:08.893`)
* [CVE-2023-37868](CVE-2023/CVE-2023-378xx/CVE-2023-37868.json) (`2023-11-30T16:15:09.080`)
* [CVE-2023-37890](CVE-2023/CVE-2023-378xx/CVE-2023-37890.json) (`2023-11-30T16:15:09.267`)
* [CVE-2023-39921](CVE-2023/CVE-2023-399xx/CVE-2023-39921.json) (`2023-11-30T16:15:09.463`)
* [CVE-2023-44143](CVE-2023/CVE-2023-441xx/CVE-2023-44143.json) (`2023-11-30T16:15:09.653`)
* [CVE-2023-45609](CVE-2023/CVE-2023-456xx/CVE-2023-45609.json) (`2023-11-30T16:15:09.843`)
* [CVE-2023-46086](CVE-2023/CVE-2023-460xx/CVE-2023-46086.json) (`2023-11-30T16:15:10.037`)
* [CVE-2023-48328](CVE-2023/CVE-2023-483xx/CVE-2023-48328.json) (`2023-11-30T16:15:10.227`)
* [CVE-2023-48754](CVE-2023/CVE-2023-487xx/CVE-2023-48754.json) (`2023-11-30T16:15:10.420`)
* [CVE-2023-5803](CVE-2023/CVE-2023-58xx/CVE-2023-5803.json) (`2023-11-30T16:15:10.610`)
* [CVE-2023-6360](CVE-2023/CVE-2023-63xx/CVE-2023-6360.json) (`2023-11-30T16:15:11.820`)
### CVEs modified in the last Commit
Recently modified CVEs: `66`
Recently modified CVEs: `48`
* [CVE-2023-4474](CVE-2023/CVE-2023-44xx/CVE-2023-4474.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-5247](CVE-2023/CVE-2023-52xx/CVE-2023-5247.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-5772](CVE-2023/CVE-2023-57xx/CVE-2023-5772.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-47463](CVE-2023/CVE-2023-474xx/CVE-2023-47463.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-47464](CVE-2023/CVE-2023-474xx/CVE-2023-47464.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-49094](CVE-2023/CVE-2023-490xx/CVE-2023-49094.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-49097](CVE-2023/CVE-2023-490xx/CVE-2023-49097.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-5274](CVE-2023/CVE-2023-52xx/CVE-2023-5274.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-5275](CVE-2023/CVE-2023-52xx/CVE-2023-5275.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-47418](CVE-2023/CVE-2023-474xx/CVE-2023-47418.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-49076](CVE-2023/CVE-2023-490xx/CVE-2023-49076.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-49087](CVE-2023/CVE-2023-490xx/CVE-2023-49087.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-49052](CVE-2023/CVE-2023-490xx/CVE-2023-49052.json) (`2023-11-30T13:39:13.380`)
* [CVE-2023-40458](CVE-2023/CVE-2023-404xx/CVE-2023-40458.json) (`2023-11-30T13:39:19.237`)
* [CVE-2023-49693](CVE-2023/CVE-2023-496xx/CVE-2023-49693.json) (`2023-11-30T13:39:19.237`)
* [CVE-2023-6011](CVE-2023/CVE-2023-60xx/CVE-2023-6011.json) (`2023-11-30T13:59:08.237`)
* [CVE-2023-37924](CVE-2023/CVE-2023-379xx/CVE-2023-37924.json) (`2023-11-30T14:00:17.920`)
* [CVE-2023-4931](CVE-2023/CVE-2023-49xx/CVE-2023-4931.json) (`2023-11-30T14:15:12.720`)
* [CVE-2023-38881](CVE-2023/CVE-2023-388xx/CVE-2023-38881.json) (`2023-11-30T14:19:39.523`)
* [CVE-2023-38882](CVE-2023/CVE-2023-388xx/CVE-2023-38882.json) (`2023-11-30T14:20:28.047`)
* [CVE-2023-38883](CVE-2023/CVE-2023-388xx/CVE-2023-38883.json) (`2023-11-30T14:21:33.187`)
* [CVE-2023-38884](CVE-2023/CVE-2023-388xx/CVE-2023-38884.json) (`2023-11-30T14:22:37.007`)
* [CVE-2023-38885](CVE-2023/CVE-2023-388xx/CVE-2023-38885.json) (`2023-11-30T14:23:35.557`)
* [CVE-2023-49060](CVE-2023/CVE-2023-490xx/CVE-2023-49060.json) (`2023-11-30T14:29:10.127`)
* [CVE-2023-6133](CVE-2023/CVE-2023-61xx/CVE-2023-6133.json) (`2023-11-30T14:52:31.180`)
* [CVE-2023-39253](CVE-2023/CVE-2023-392xx/CVE-2023-39253.json) (`2023-11-30T15:38:26.050`)
* [CVE-2023-41140](CVE-2023/CVE-2023-411xx/CVE-2023-41140.json) (`2023-11-30T15:45:50.633`)
* [CVE-2023-41139](CVE-2023/CVE-2023-411xx/CVE-2023-41139.json) (`2023-11-30T15:48:23.633`)
* [CVE-2023-23978](CVE-2023/CVE-2023-239xx/CVE-2023-23978.json) (`2023-11-30T15:50:37.040`)
* [CVE-2023-36038](CVE-2023/CVE-2023-360xx/CVE-2023-36038.json) (`2023-11-30T15:51:34.713`)
* [CVE-2023-28812](CVE-2023/CVE-2023-288xx/CVE-2023-28812.json) (`2023-11-30T15:55:57.863`)
* [CVE-2023-3377](CVE-2023/CVE-2023-33xx/CVE-2023-3377.json) (`2023-11-30T16:06:38.067`)
* [CVE-2023-48306](CVE-2023/CVE-2023-483xx/CVE-2023-48306.json) (`2023-11-30T16:07:20.860`)
* [CVE-2023-25835](CVE-2023/CVE-2023-258xx/CVE-2023-25835.json) (`2023-11-30T16:15:08.103`)
* [CVE-2023-25837](CVE-2023/CVE-2023-258xx/CVE-2023-25837.json) (`2023-11-30T16:15:08.313`)
* [CVE-2023-6204](CVE-2023/CVE-2023-62xx/CVE-2023-6204.json) (`2023-11-30T16:15:10.803`)
* [CVE-2023-6205](CVE-2023/CVE-2023-62xx/CVE-2023-6205.json) (`2023-11-30T16:15:10.870`)
* [CVE-2023-6206](CVE-2023/CVE-2023-62xx/CVE-2023-6206.json) (`2023-11-30T16:15:10.940`)
* [CVE-2023-6207](CVE-2023/CVE-2023-62xx/CVE-2023-6207.json) (`2023-11-30T16:15:11.027`)
* [CVE-2023-6208](CVE-2023/CVE-2023-62xx/CVE-2023-6208.json) (`2023-11-30T16:15:11.150`)
* [CVE-2023-6209](CVE-2023/CVE-2023-62xx/CVE-2023-6209.json) (`2023-11-30T16:15:11.277`)
* [CVE-2023-6212](CVE-2023/CVE-2023-62xx/CVE-2023-6212.json) (`2023-11-30T16:15:11.417`)
* [CVE-2023-6239](CVE-2023/CVE-2023-62xx/CVE-2023-6239.json) (`2023-11-30T16:15:11.570`)
* [CVE-2023-5720](CVE-2023/CVE-2023-57xx/CVE-2023-5720.json) (`2023-11-30T16:26:16.073`)
* [CVE-2023-28813](CVE-2023/CVE-2023-288xx/CVE-2023-28813.json) (`2023-11-30T16:34:22.153`)
* [CVE-2023-27383](CVE-2023/CVE-2023-273xx/CVE-2023-27383.json) (`2023-11-30T16:39:04.510`)
* [CVE-2023-27513](CVE-2023/CVE-2023-275xx/CVE-2023-27513.json) (`2023-11-30T16:39:31.357`)
* [CVE-2023-48307](CVE-2023/CVE-2023-483xx/CVE-2023-48307.json) (`2023-11-30T16:40:08.900`)
* [CVE-2023-47529](CVE-2023/CVE-2023-475xx/CVE-2023-47529.json) (`2023-11-30T16:42:23.307`)
* [CVE-2023-47244](CVE-2023/CVE-2023-472xx/CVE-2023-47244.json) (`2023-11-30T16:43:06.887`)
## Download and Usage