diff --git a/CVE-2022/CVE-2022-374xx/CVE-2022-37424.json b/CVE-2022/CVE-2022-374xx/CVE-2022-37424.json index ad7947e2e3e..64e5ed05076 100644 --- a/CVE-2022/CVE-2022-374xx/CVE-2022-37424.json +++ b/CVE-2022/CVE-2022-374xx/CVE-2022-37424.json @@ -2,12 +2,16 @@ "id": "CVE-2022-37424", "sourceIdentifier": "secure@blackberry.com", "published": "2022-10-28T16:15:15.970", - "lastModified": "2022-11-01T17:26:40.537", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:07.587", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Archivos o Directorios Accesibles a Partes Externas en OpenNebula en Linux permite el Descubrimiento de Archivos.\n" } ], "metrics": { @@ -64,16 +68,6 @@ "value": "CWE-552" } ] - }, - { - "source": "secure@blackberry.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-552" - } - ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-374xx/CVE-2022-37425.json b/CVE-2022/CVE-2022-374xx/CVE-2022-37425.json index 383d4017928..e55115e2ec1 100644 --- a/CVE-2022/CVE-2022-374xx/CVE-2022-37425.json +++ b/CVE-2022/CVE-2022-374xx/CVE-2022-37425.json @@ -2,12 +2,16 @@ "id": "CVE-2022-37425", "sourceIdentifier": "secure@blackberry.com", "published": "2022-10-28T16:15:16.080", - "lastModified": "2022-11-02T18:15:12.130", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:07.727", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion." + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de Comando ('Command Injection') en OpenNebula OpenNebula core en Linux permite la Inclusi\u00f3n Remota de C\u00f3digo." } ], "metrics": { @@ -64,16 +68,6 @@ "value": "CWE-77" } ] - }, - { - "source": "secure@blackberry.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-77" - } - ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-374xx/CVE-2022-37426.json b/CVE-2022/CVE-2022-374xx/CVE-2022-37426.json index 6b52032d6f7..41f45787e35 100644 --- a/CVE-2022/CVE-2022-374xx/CVE-2022-37426.json +++ b/CVE-2022/CVE-2022-374xx/CVE-2022-37426.json @@ -2,12 +2,16 @@ "id": "CVE-2022-37426", "sourceIdentifier": "secure@blackberry.com", "published": "2022-10-28T16:15:16.193", - "lastModified": "2022-11-01T20:39:19.423", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:07.820", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection." + }, + { + "lang": "es", + "value": "Carga sin Restricciones de Archivo con vulnerabilidad de Tipo Peligrosa en OpenNebula OpenNebula core en Linux permite la inyecci\u00f3n de contenido de archivo." } ], "metrics": { @@ -64,16 +68,6 @@ "value": "CWE-434" } ] - }, - { - "source": "secure@blackberry.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-434" - } - ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json index 19538872e66..3e5b4f461f9 100644 --- a/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46337.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46337", "sourceIdentifier": "security@apache.org", "published": "2023-11-20T09:15:07.180", - "lastModified": "2023-11-20T15:04:56.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:16:14.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Un nombre de usuario inteligentemente dise\u00f1ado podr\u00eda omitir las comprobaciones de autenticaci\u00f3n LDAP. En instalaciones Derby autenticadas por LDAP, esto podr\u00eda permitir que un atacante llene el disco creando bases de datos Derby basura. En instalaciones de Derby autenticadas por LDAP, esto tambi\u00e9n podr\u00eda permitir al atacante ejecutar malware que era visible y ejecutable por la cuenta que arranc\u00f3 el servidor Derby. En bases de datos protegidas por LDAP que tampoco estaban protegidas por la autorizaci\u00f3n SQL GRANT/REVOKE, esta vulnerabilidad tambi\u00e9n podr\u00eda permitir que un atacante vea y corrompa datos confidenciales y ejecute funciones y procedimientos de bases de datos confidenciales. Mitigaci\u00f3n: los usuarios deben actualizar a Java 21 y Derby 10.17.1.0. Alternativamente, los usuarios que deseen permanecer en versiones anteriores de Java deben crear su propia distribuci\u00f3n Derby a partir de una de las familias de versiones a las que se admiti\u00f3 la soluci\u00f3n: 10.16, 10.15 y 10.14. Esas son las versiones que corresponden, respectivamente, a las versiones 17, 11 y 8 de Java LTS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:derby:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.1.0", + "versionEndExcluding": "10.17.1.0", + "matchCriteriaId": "FA7C1E7A-DE9A-4A32-B691-429A0D0048CE" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json index 96c447fee0c..dc53271ca77 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21968", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:16.470", - "lastModified": "2023-11-08T23:08:36.447", + "lastModified": "2023-11-30T15:24:32.653", "vulnStatus": "Analyzed", "descriptions": [ { @@ -153,12 +153,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", - "versionEndExcluding": "8", - "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A" - }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23978.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23978.json index 5e1c81562a2..012bf5e5dff 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23978.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23978.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23978", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:07.800", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:50:37.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:switchwp:wp_client_reports:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.17", + "matchCriteriaId": "26A0CFD1-4471-4A8E-9B09-49B2C5C289A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-client-reports/wordpress-wp-client-reports-plugin-1-0-16-subscriber-sensitive-data-exposure?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25057.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25057.json new file mode 100644 index 00000000000..c9824bd28df --- /dev/null +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25057.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25057", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:07.903", + "lastModified": "2023-11-30T16:15:07.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-3-2-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25835.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25835.json index 9e29915bd80..0a06069d604 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25835.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25835.json @@ -2,18 +2,18 @@ "id": "CVE-2023-25835", "sourceIdentifier": "psirt@esri.com", "published": "2023-07-21T00:15:10.343", - "lastModified": "2023-08-07T17:15:10.447", + "lastModified": "2023-11-30T16:15:08.103", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "\nThere is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\u00a0 The attack could disclose a privileged token which may result the attacker gaining full control of the Portal.\n\n" + "value": "\nThere is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\u00a0\u00a0\n\n" } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@esri.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,24 +33,24 @@ "impactScore": 2.7 }, { - "source": "nvd@nist.gov", + "source": "psirt@esri.com", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM" + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" }, "exploitabilityScore": 1.7, - "impactScore": 2.7 + "impactScore": 6.0 } ] }, diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json index 4736b474a04..e22efacbc6d 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json @@ -2,7 +2,7 @@ "id": "CVE-2023-25837", "sourceIdentifier": "psirt@esri.com", "published": "2023-07-21T04:15:12.377", - "lastModified": "2023-11-29T20:15:07.393", + "lastModified": "2023-11-30T16:15:08.313", "vulnStatus": "Modified", "descriptions": [ { @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@esri.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,24 +33,24 @@ "impactScore": 2.7 }, { - "source": "nvd@nist.gov", + "source": "psirt@esri.com", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM" + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" }, "exploitabilityScore": 1.7, - "impactScore": 2.7 + "impactScore": 6.0 } ] }, diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26533.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26533.json new file mode 100644 index 00000000000..a07bd56af41 --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26533.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26533", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:08.490", + "lastModified": "2023-11-30T16:15:08.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-1-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27383.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27383.json index f5a280d64a9..2a83584e17d 100644 --- a/CVE-2023/CVE-2023-273xx/CVE-2023-27383.json +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27383.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27383", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:20.840", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:39:04.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access." + }, + { + "lang": "es", + "value": "La falla del mecanismo de protecci\u00f3n en algunos software Intel(R) oneAPI HPC Toolkit 2023.1 e Intel(R)MPI Library anteriores a la versi\u00f3n 2021.9 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso adyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:advisor:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "8A6B4CD2-3E17-4BC8-AC12-38A0F7C5B85D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:inspector:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "AF974524-D8AA-475F-84E6-86D76C519032" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2021.9", + "matchCriteriaId": "A8DA0747-D8C7-4745-A2D5-574E41AB42B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "E9B0E003-2303-4BAA-AAB5-E41672DD36A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1", + "matchCriteriaId": "140E6A32-DD35-4BD9-8810-26359D76FEB7" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00841.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27461.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27461.json index 8247d454fd7..0206371937b 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27461.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27461.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27461", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:09.713", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:26:18.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <=\u00a01.2.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Yoohoo Plugins When Last Login en versiones <=1.2.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yoohooplugins:when_last_login:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.1", + "matchCriteriaId": "90F096A3-BFB4-43A3-960F-6B9BCD2312B4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/when-last-login/wordpress-when-last-login-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27513.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27513.json index 1c336d3131c..a9899f7338f 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27513.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27513.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27513", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:21.030", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:39:31.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "El elemento de ruta de b\u00fasqueda no controlado en alg\u00fan software Intel(R) Server Information Retrieval Utility anterior a la versi\u00f3n 16.0.9 puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:server_information_retrieval_utility:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.0.9", + "matchCriteriaId": "5C9D60B1-BE71-4C63-B611-EA08662FA040" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00894.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28388.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28388.json index 23d15a019c8..b1c0a2b4990 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28388.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28388.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28388", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:22.330", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:13:03.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "El elemento de ruta de b\u00fasqueda no controlado en Intel(R) Chipset Device Software anteriores a la versi\u00f3n 10.1.19444.8378 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:chipset_device_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "10.1.19444.8378", + "matchCriteriaId": "8135AC98-8E6F-4AAF-9A98-CB42B7F5C96D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28401.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28401.json index 6895b1757ec..8ddba55bf6f 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28401.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28401.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28401", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:22.680", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:12:37.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en algunos controladores Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 puede permitir que el usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,71 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28404.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28404.json index 816d233daa7..225b301b284 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28404.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28404.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28404", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:22.853", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:12:16.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access." + }, + { + "lang": "es", + "value": "Los l\u00edmites le\u00eddos en los controladores Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 pueden permitir que un usuario autenticado potencialmente habilite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,71 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28740.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28740.json index c1fcf72eed9..0fee441d585 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28740.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28740.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28740", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:23.370", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:11:43.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Elemento de ruta de b\u00fasqueda no controlado en Intel(R) QAT drivers for Windows - HW Version 2.0 anterior a la versi\u00f3n 2.0.4 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,100 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:quickassist_technology_library:22.07.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C2500ABC-5FA8-4C77-93F5-D8DFB1DC5C31" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "1.0", + "versionEndExcluding": "1.10", + "matchCriteriaId": "64DB6B9F-0D6B-4625-84AA-BF06678C6483" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "2.0", + "versionEndExcluding": "2.04", + "matchCriteriaId": "5A480ADD-18A7-4B76-8E7A-BD2947774D03" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28741.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28741.json index 422cebd4385..5765e1fd57c 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28741.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28741.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28741", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:23.547", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:11:10.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Desbordamiento de b\u00fafer en algunos controladores Intel(R) QAT para Windows: la versi\u00f3n de hardware 1.0 anterior a la 1.10 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,101 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:quickassist_technology_library:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.07.1", + "matchCriteriaId": "E54D2455-9259-49E4-9C05-95DBC7D2C0CD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "1.0", + "versionEndExcluding": "1.10", + "matchCriteriaId": "64DB6B9F-0D6B-4625-84AA-BF06678C6483" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "2.0", + "versionEndExcluding": "2.04", + "matchCriteriaId": "5A480ADD-18A7-4B76-8E7A-BD2947774D03" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "959491DE-2D21-4426-902A-E5638A4FCA4A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28812.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28812.json index d08b303ea77..b315b64042c 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28812.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28812.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28812", "sourceIdentifier": "hsrc@hikvision.com", "published": "2023-11-23T09:15:32.930", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:55:57.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "hsrc@hikvision.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hikvision:localservicecomponents:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.0.78", + "matchCriteriaId": "45D87F15-B878-4801-8095-57D968B98267" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/", - "source": "hsrc@hikvision.com" + "source": "hsrc@hikvision.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28813.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28813.json index 4f5a87218c3..e39f20ff5ec 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28813.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28813.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28813", "sourceIdentifier": "hsrc@hikvision.com", "published": "2023-11-23T09:15:33.190", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:34:22.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "hsrc@hikvision.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hikvision:localservicecomponents:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.0.78", + "matchCriteriaId": "45D87F15-B878-4801-8095-57D968B98267" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/", - "source": "hsrc@hikvision.com" + "source": "hsrc@hikvision.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-313xx/CVE-2023-31320.json b/CVE-2023/CVE-2023-313xx/CVE-2023-31320.json index db3662367ae..8ca35baf73c 100644 --- a/CVE-2023/CVE-2023-313xx/CVE-2023-31320.json +++ b/CVE-2023/CVE-2023-313xx/CVE-2023-31320.json @@ -2,19 +2,766 @@ "id": "CVE-2023-31320", "sourceIdentifier": "psirt@amd.com", "published": "2023-11-14T19:15:25.070", - "lastModified": "2023-11-14T19:30:24.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:10:43.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Una validaci\u00f3n de entrada incorrecta en el controlador de pantalla AMD RadeonTM Graphics puede permitir que un atacante da\u00f1e la pantalla, lo que podr\u00eda provocar una denegaci\u00f3n de servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*", + "versionEndExcluding": "23.7.1", + "matchCriteriaId": "538C0130-93FA-4B41-96CE-FEEC462A1135" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C9995FBE-D440-45BA-86B5-1CFADF5BEE2B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6289D311-1997-47E7-B8D9-75C27CD0B9D1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5300m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02AA337B-595F-4859-A82A-DEC7BB346773" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4C7F0F81-2896-4E79-AC16-EA6AA9EBE7B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F08BE928-65AA-4E21-A8F0-D013C8FFB693" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5500m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A1952152-A184-4FC9-B1CC-008B8238B5ED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3B2BEAF-AA1F-414D-A3DF-348B1033CAC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D51EA58C-3684-4567-A213-9351F2E521B9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5600m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0026781-F1DA-4533-870E-BCA14CFC7005" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27B8E08F-2DAC-41CF-9105-D9A4FDDEE19A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9BB84A38-F651-44CB-93EF-502F1A197FBA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_5700m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CEDC946-3685-4533-8D97-BDBDFB7AACBA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C66880A-FB33-477D-93FD-C280A4547D66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CD3F898-5AB1-4E60-A086-ADCF33820154" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "863770A0-3A7F-43E3-98E5-77E42827FA6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CC1F7CD2-7D13-48A9-A7CC-3547A1D241DB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4FED1D5-F31A-44C9-9101-D70486CC6FC7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DEB12B48-ABF8-4FFB-BD4E-6413C34D477B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2D1C027-56B1-4EA7-842B-09B300B17808" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4C24DE61-4036-42BF-A08F-67C234706703" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03D9040F-1D1D-49E5-A60E-4393F5D76B60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A76A792F-7026-4F29-9A00-3A2EAB2DE5FC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DAF63F-C468-438C-97C3-B6CE8BD12858" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82D4745-ACAB-4FC2-A63D-3B0FEA208BED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD80D674-1DD4-44E0-8C38-8341A7F392B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10DD7029-9299-4901-A3D1-84D6102471B9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F73C59A-CDE2-4203-921F-1831D4ACFD2A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C980129B-D717-47F7-A6C1-5EB64FB1BF9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B76C585C-FCC8-456D-A63C-7A769AF5EB07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC0C52E8-26B1-4F77-B9D3-D08BFF72DAFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12EF0B24-689D-4BE8-98D5-D88A84D5E473" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B58299A7-7CA4-4EF8-81DC-9A41AA84FB2A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AB218988-1483-4D96-9075-F79EDBC79974" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F14D5A16-F7BE-427A-98AB-2E120DB756DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "82E128B2-A9B7-4A1C-9ACF-7EB323B72B6F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BFC4A007-BEFD-4BF0-A176-7ECD6150041C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B658454-C160-4EBA-9F7A-E2B9FDEA8A1E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "838BCF03-8959-4B8F-96B2-416B880F33DE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "04102F65-DAA8-4E0A-88EF-44BAA8B4AAA7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33D5FFA6-9D23-4C95-B23D-F50EB60369CA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A82AB49-3ABB-4DE4-91DB-4AF8E1F3196E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "730BD289-75E3-4365-A0C1-D0AD1498F3C2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92A2E6B9-ADFB-4790-917B-9679CFE280E3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "334FD5E4-BA45-42BA-B1EC-0DC1E1F44018" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6B0E69-D944-48CF-A3F3-EA350C1451AF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4EDBF76B-3C2E-4421-800B-54CE6A997439" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72B69860-0C6F-40AD-8696-6150365D908F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9BFE5253-2401-4EE4-90E7-9459F2A93CF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*", + "versionEndExcluding": "23.q3", + "matchCriteriaId": "DA638E10-5A0F-43D5-BC26-5A18C987D467" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27D5FA49-D783-4DA5-AAED-F3BE3B4DA16D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD8E9065-121A-4220-A631-3B3EB43B2AAB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E39052CC-CC5F-4782-9CCE-2F5C8342AD79" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2D18A-955A-4415-A5B2-18258C0277B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "85E68F7E-0A57-498A-9DB9-3D36045D671E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CCC24F7-17CD-422A-B047-3E8B32D7B3F0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1DB91262-2EF4-4F0D-8B61-0012BD25E7A8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EACFFECA-179B-4911-85DE-D7270610E4A9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3083C065-5A2C-4B2D-9C1F-5793BA3C0A52" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47A9B2F1-D9C5-47F8-9B2D-7C2A1495972A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19588B3D-3F44-4127-8989-B535D4391201" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7557738A-5D93-4117-8FF2-9A27CD0E6BC5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E1BC3034-8C33-4AAF-BE81-9BCFBF0EE56A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*", + "matchCriteriaId": "697BB742-0A55-4165-B5BD-5BDCD67B62CD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "14599A66-17C9-4072-AA0D-EAE86DB496DD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1ED51D4C-2C19-4C3B-814C-3F88AF25870C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "233155D5-D0D9-4EC3-B7F7-2CB3F30E48A8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98B858C0-0490-4D50-BC1E-FFB5A54E5DBC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:radeon_rx_vega_56_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C296FBE4-A7CB-45CC-866F-9287CB2C4CD3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_vega_56:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76F9458D-7D2E-4664-A896-F1FB1907226F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:radeon_rx_vega_64_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "326A62D7-A59F-4577-A7C4-956E83B5F80E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_rx_vega_64:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A1781E1-CA76-4C8F-AAA5-FA2E0484C41A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:radeon_pro_vega_56_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "52880029-7A09-47F5-84B9-7A8A77D883F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_vega_56:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2819B30C-7A03-4A3B-8D34-080A85E83AE0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:radeon_pro_vega_64_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40A38A14-D45C-4746-BCDC-D26D178B1426" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:radeon_pro_vega_64:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D89E1B8-509D-428E-984C-E23D808A0006" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*", + "versionEndExcluding": "23.7.1", + "matchCriteriaId": "538C0130-93FA-4B41-96CE-FEEC462A1135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*", + "versionEndExcluding": "23.q3", + "matchCriteriaId": "DA638E10-5A0F-43D5-BC26-5A18C987D467" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_3015ce:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6513418A-C422-4C3B-8C5A-C1DB4BAC67C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_3015e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7774C021-B18A-473A-90B5-48A95071E5BA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_4100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "263E53BD-7A57-40AC-8A35-D761BD3895A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_4300g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BE6DAAF-7A5E-4D6C-862A-443647E66432" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_4300ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "492017EE-C13F-4C40-887F-9C3C9F439898" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_4300u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E02A9C95-DF12-4816-88C3-6AFC331B8426" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D34308FA-D6D1-4024-95F5-45C86EFBF00A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "94E19774-C744-46AC-B8F8-2B3E2BB19050" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5300u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE2EB95-146C-4DFA-A627-3E4B3CDD5F88" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5EE3D939-DA9A-4B78-AEBA-8C30AA7E9354" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4500u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0DA85AB-B5C0-4D99-BB89-FBDA7CC4E97F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4600g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0005355A-DA7A-417D-8AF9-F6CC880040BC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4600ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614C8C2-0DDF-464F-BAE5-812CED10CA17" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4600h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDA92163-5A72-4271-89D4-401C24950F62" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4600hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "510FB098-A28C-46AD-9244-438DC828A007" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4600u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "954500F1-6466-4A1C-8E0C-D759121CEBDC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_4680u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "73A4079E-01E9-4807-A293-F6E843752554" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5500h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69C443EB-CF9B-4B50-A0F2-CD652D5E1467" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5500u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C212F6CE-1920-44DC-AC13-4922A052CEBB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DDE6B0E7-AE27-4DE8-8AF2-801E57F5FC30" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F59A2AF2-5D13-480B-93CD-70AB6AEB60F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_3200g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9048FE84-62DA-4C1F-9EF2-0E94A10D116F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_3200ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D111819-345A-4BAF-83D0-1153209AFCEB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D242085-9B1A-4125-8070-50505531EECE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "055F87B8-FD74-44CC-A063-84E0BA2E8136" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43C5E75B-136B-4A60-9C2C-84D9C78C0453" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2C6A9017-FE60-4087-AA9D-AFB4E444E884" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_4700g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B44C21E-681A-4869-8D9D-D3898D9CBB3B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_4700ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D640C5C-C906-41A2-96BC-19299ADB9446" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_4700u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "474D45CF-EBBE-4013-B8EC-BCA3293B36B4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_4800h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D70D28B-809E-456C-96ED-84A4CA7EC942" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_4800hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "444F83B8-ABD0-401C-8028-CAF0DEECF7BB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_4980u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1622E6AD-CF6D-4C69-BAA6-BD5A2E658639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6746407-9EC7-49B2-93B4-926174F2A457" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B481C5C-90C3-4DC2-85DF-F1EA0F409DF3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5700u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "56772AAA-A5A9-4125-B4DB-939D583DA8E5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_4900h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9BEC933-8C69-4E47-B527-DA3ED3233B2D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_4900hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C5F418C-2989-44C0-A880-A7BBA067E581" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003", - "source": "psirt@amd.com" + "source": "psirt@amd.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3377.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3377.json index 4097accfada..4c3b6ccc883 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3377.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3377.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3377", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-11-23T09:15:33.353", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:06:38.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veribase:veribase:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-11-23", + "matchCriteriaId": "AC3653D5-9075-4BA6-A489-35F6AD228E7B" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0655", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3379.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3379.json index 81e240e4717..21633cbc239 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3379.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3379.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3379", "sourceIdentifier": "info@cert.vde.com", "published": "2023-11-20T08:15:44.280", - "lastModified": "2023-11-20T15:04:56.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:16:28.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -39,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "info@cert.vde.com", "type": "Secondary", @@ -50,10 +60,241 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "25", + "matchCriteriaId": "B6F27D52-0A31-4CE5-823B-7DA6DCF291AD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "532907AF-7E4A-4065-A799-753FC3313D6C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "25", + "matchCriteriaId": "67EF75C3-893E-408D-B3C6-464F3C7AC27D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2DFC57C8-6AF4-4771-B0A0-744137FBFECF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22", + "matchCriteriaId": "252F9DAE-5C46-48B3-A74A-8331DE3B5189" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*", + "matchCriteriaId": "4815DFF8-0CAE-4C85-9F5B-F64C12F43AB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc100_firmware:22:patch_1:*:*:*:*:*:*", + "matchCriteriaId": "8F71E8B5-7774-45BB-8B7D-7C38A4B90EA0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22", + "matchCriteriaId": "C741BCDD-8485-4DDC-9D51-143F1EE4824E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*", + "matchCriteriaId": "B876DC19-0523-41DB-8BD7-1ECC09FCFA01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc200_firmware:22:patch_1:*:*:*:*:*:*", + "matchCriteriaId": "CA491C96-F0CF-4960-8F91-831E80622D5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*", + "matchCriteriaId": "BE108CD0-B451-4ED5-83A1-CCEAACC1B40C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:pfc200_firmware:24:*:*:*:*:*:*:*", + "matchCriteriaId": "C4E45E9B-3F87-4758-8BCE-BCF79AD225DA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "25", + "matchCriteriaId": "AD598E88-4682-43AD-AD12-2763B931416C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "25", + "matchCriteriaId": "A9018036-B119-472C-A5A3-D0253E2FA425" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*", + "matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "25", + "matchCriteriaId": "99BEC3AF-787E-441A-A181-A491E119295B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-015/", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36038.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36038.json index f8776f46d27..e8f63503993 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36038.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36038.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36038", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T22:15:28.733", - "lastModified": "2023-11-20T20:36:46.283", + "lastModified": "2023-11-30T15:51:34.713", "vulnStatus": "Analyzed", "descriptions": [ { @@ -77,27 +77,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", - "versionEndExcluding": "8.0.0", - "matchCriteriaId": "F7A8A135-E9FA-43BC-AF86-8276F763742B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*", - "matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*", - "matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:microsoft:asp.net_core:8.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "71FB0BA0-0D9E-4420-8109-EDB9CF2D69AF" - }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", @@ -129,6 +108,73 @@ ] } ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:asp.net_core:8.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "71FB0BA0-0D9E-4420-8109-EDB9CF2D69AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.1:*:*:*:*:*:*", + "matchCriteriaId": "BB3DD9A8-684A-4D3C-AAC1-795A5154B8FF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.2:*:*:*:*:*:*", + "matchCriteriaId": "CF27FE4D-4019-44CB-B86A-0F6EB22043EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.3:*:*:*:*:*:*", + "matchCriteriaId": "2355C9C3-17D4-4024-B60A-55E698139269" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.4:*:*:*:*:*:*", + "matchCriteriaId": "4BF4A874-DE47-4662-82E8-899258ABCAA4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.5:*:*:*:*:*:*", + "matchCriteriaId": "A088E6AE-B04B-4BF2-9710-875767A17644" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.6:*:*:*:*:*:*", + "matchCriteriaId": "C499F62B-EE47-4F90-8E0C-BE5B3A95E6EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:preview.7:*:*:*:*:*:*", + "matchCriteriaId": "D9BE19EE-D1C3-4688-A614-0E906F949768" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7" + } + ] + } + ] } ], "references": [ diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36507.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36507.json new file mode 100644 index 00000000000..03704353797 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36507.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36507", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:08.693", + "lastModified": "2023-11-30T16:15:08.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-64-unauthenticated-server-information-disclosure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36523.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36523.json new file mode 100644 index 00000000000..b7b6097512e --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36523.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36523", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:08.893", + "lastModified": "2023-11-30T16:15:08.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/email-download-link/wordpress-email-download-link-plugin-3-7-sensitive-data-exposure?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37868.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37868.json new file mode 100644 index 00000000000..6da3b5771c4 --- /dev/null +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37868.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37868", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:09.080", + "lastModified": "2023-11-30T16:15:09.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/premium-addons-pro/wordpress-premium-addons-pro-plugin-2-9-0-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37890.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37890.json new file mode 100644 index 00000000000..da97d37ca9e --- /dev/null +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37890.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37890", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:09.267", + "lastModified": "2023-11-30T16:15:09.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs.\u00a0Users with a role as low as a subscriber can view other customers.This issue affects KB Support \u2013 WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37972.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37972.json new file mode 100644 index 00000000000..033dba5cf06 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37972.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37972", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:07.567", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-product-stock-alert/wordpress-woocommerce-product-stock-alert-plugin-2-0-1-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json index c883832939f..34e0e71adcb 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39253", "sourceIdentifier": "security_alert@emc.com", "published": "2023-11-23T07:15:45.300", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:38:26.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -50,10 +80,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:os_recovery_tool:2.2.4013:*:*:*:*:*:*:*", + "matchCriteriaId": "27D7466E-1ADC-4C9C-9AD8-77021108838F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:os_recovery_tool:2.3.7012.0:*:*:*:*:*:*:*", + "matchCriteriaId": "935BB4EC-A154-41EF-A7FB-7804081CF675" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:os_recovery_tool:2.3.7515.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0CB25BEE-EED1-42F2-A32A-6D8E61C2967E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000217699/dsa-2023-336-security-update-for-a-dell-os-recovery-tool-vulnerability", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39921.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39921.json new file mode 100644 index 00000000000..297e148e870 --- /dev/null +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39921.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39921", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:09.463", + "lastModified": "2023-11-30T16:15:09.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: from n/a through 4.6.19.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-author-box-for-authors-co-authors-multiple-authors-and-guest-authors-molongui-plugin-4-6-19-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40211.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40211.json new file mode 100644 index 00000000000..fa5684862a4 --- /dev/null +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40211.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-40211", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:07.773", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo \u2013 36+ Gutenberg Blocks.This issue affects Post Grid Combo \u2013 36+ Gutenberg Blocks: from n/a through 2.2.50.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/post-grid/wordpress-post-grid-combo-plugin-2-2-50-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40600.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40600.json new file mode 100644 index 00000000000..c225c5b6f43 --- /dev/null +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40600.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-40600", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:07.973", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer.\u00a0It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-0-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40662.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40662.json new file mode 100644 index 00000000000..deff83bd78b --- /dev/null +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40662.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-40662", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:08.050", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cookies-and-content-security-policy/wordpress-cookies-and-content-security-policy-plugin-2-15-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41139.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41139.json index 4dbdc2d8dfb..04bfc7de957 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41139.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41139.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41139", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-11-23T04:15:07.467", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:48:23.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Un archivo STP creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para eliminar la referencia a un puntero que no es de confianza. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "psirt@autodesk.com", "type": "Secondary", @@ -27,10 +60,168 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.0.0", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018", - "source": "psirt@autodesk.com" + "source": "psirt@autodesk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41140.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41140.json index d4fdab788a4..5d132d3510d 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41140.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41140.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41140", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-11-23T04:15:07.550", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:45:50.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Un archivo PRT creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar un desbordamiento del b\u00fafer basado en el heap. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@autodesk.com", "type": "Secondary", @@ -27,10 +60,168 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.0.0", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018", - "source": "psirt@autodesk.com" + "source": "psirt@autodesk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41735.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41735.json new file mode 100644 index 00000000000..71cb819413e --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41735.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41735", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:08.240", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/email-posts-to-subscribers/wordpress-email-posts-to-subscribers-plugin-6-2-sensitive-data-exposure?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44143.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44143.json new file mode 100644 index 00000000000..d1e3bb80c1f --- /dev/null +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44143.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44143", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:09.653", + "lastModified": "2023-11-30T16:15:09.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.This issue affects Bamboo Columns: from n/a through 1.6.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bamboo-columns/wordpress-bamboo-columns-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44150.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44150.json new file mode 100644 index 00000000000..b7deb5ff6f3 --- /dev/null +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44150.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44150", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:08.517", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress: from n/a through 4.13.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-2-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45066.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45066.json new file mode 100644 index 00000000000..6ea60eb7bd5 --- /dev/null +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45066.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45066", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:08.723", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45609.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45609.json new file mode 100644 index 00000000000..f1146663b57 --- /dev/null +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45609.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45609", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:09.843", + "lastModified": "2023-11-30T16:15:09.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form \u2013 Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form \u2013 Custom Builder, Payment Form, and More: from n/a through 2.1.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/powr-pack/wordpress-powr-pack-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45834.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45834.json new file mode 100644 index 00000000000..01111ea28d1 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45834.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45834", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:08.920", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46086.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46086.json new file mode 100644 index 00000000000..b27d7d4ccf6 --- /dev/null +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46086.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46086", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:10.037", + "lastModified": "2023-11-30T16:15:10.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n/a through 3.4.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-plugin-3-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46302.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46302.json index 5e329c4fded..d90d1912187 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46302.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46302.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46302", "sourceIdentifier": "security@apache.org", "published": "2023-11-20T09:15:07.293", - "lastModified": "2023-11-20T15:04:56.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:15:48.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Apache Software Foundation Apache Submarine tiene un error al serializar contra yaml. El error es causado por Snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471. Apache Submarine usa JAXRS para definir endpoints REST. Para manejar solicitudes YAML (usando el tipo de contenido application/yaml), define un proveedor de entidad YamlEntityProvider que procesar\u00e1 todas las solicitudes YAML entrantes. Para desorganizar la solicitud, se invoca el m\u00e9todo readFrom, pasando elentityStream que contiene los datos proporcionados por el usuario en `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`. Ahora hemos solucionado este problema en la nueva versi\u00f3n reemplaz\u00e1ndolo por `jackson-dataformat-yaml`. Este problema afecta a Apache Submarine: desde 0.7.0 antes de 0.8.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 0.8.0, que soluciona este problema. Si utiliza una versi\u00f3n inferior a 0.8.0 y no desea actualizar, puede intentar seleccionar PR https://github.com/apache/submarine/pull/1054 y reconstruir la imagen del servidor submart para solucionar este problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -27,18 +50,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.7.0", + "versionEndExcluding": "0.8.0", + "matchCriteriaId": "5227C744-A013-4BBA-945F-E7BCE19AA4B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/apache/submarine/pull/1054", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://issues.apache.org/jira/browse/SUBMARINE-1371", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/zf0wppzh239j4h131hm1dbswfnztxrr5", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46820.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46820.json new file mode 100644 index 00000000000..33b68f38356 --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46820.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46820", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:09.120", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/image-regenerate-select-crop/wordpress-image-regenerate-select-crop-plugin-7-3-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47244.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47244.json index 20cb0c68f21..53a6b5f3eb0 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47244.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47244.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47244", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T21:15:07.787", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:43:06.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:omnisend:email_marketing_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.13.9", + "matchCriteriaId": "571FCBF7-7C86-4C84-829F-6ED94DB22C94" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/omnisend-connect/wordpress-email-marketing-for-woocommerce-by-omnisend-plugin-1-13-7-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47529.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47529.json index a1c4b5dea7a..47e688abea9 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47529.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47529.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47529", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T21:15:07.990", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:42:23.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeisle:cloud_templates_\\&_patterns_collection:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.3", + "matchCriteriaId": "F5855DA5-DA90-447B-8BEB-7E7348A1E511" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/templates-patterns-collection/wordpress-cloud-templates-patterns-collection-plugin-1-2-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48301.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48301.json index 1e9a84e3002..902df89750a 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48301.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48301.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48301", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-21T22:15:07.490", - "lastModified": "2023-11-22T03:36:44.963", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:14:00.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles." + }, + { + "lang": "es", + "value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y antes de las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server, un atacante podr\u00eda insertar enlaces en el nombre de los c\u00edrculos que se abrir\u00edan al hacer clic en el nombre del c\u00edrculo en un filtro de busqueda. Las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server contienen una soluci\u00f3n para este problema. Como workaround, desactive los c\u00edrculos de aplicaciones." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,82 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndIncluding": "25.0.13", + "matchCriteriaId": "45B3E170-813D-4614-BCA3-831797C3A8AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.13", + "matchCriteriaId": "022E939C-D0FF-4B15-B196-2E31648A6D7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndIncluding": "26.0.8", + "matchCriteriaId": "B216177E-7BAC-4832-BE27-EE2E8135EF66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.8", + "matchCriteriaId": "73E25AF9-5CCD-45F9-AAB0-AFEF607B0F32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndIncluding": "27.1.3", + "matchCriteriaId": "6D49E228-57B2-495B-9816-B03929565977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.3", + "matchCriteriaId": "0584A036-2006-4032-85CA-673B4547F7EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/circles/pull/1415", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wgpw-qqq2-gwv6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2210038", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48302.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48302.json index b879afd6a44..99310383970 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48302.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48302.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48302", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-21T22:15:07.697", - "lastModified": "2023-11-22T03:36:44.963", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:13:33.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text." + }, + { + "lang": "es", + "value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y anteriores a las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server, cuando se enga\u00f1a a un usuario para que copie y pegue c\u00f3digo HTML sin marcado (Ctrl+Shift+V), el marcado realmente se representar\u00e1. Las versiones 25.0.13, 26.0.8 y 27.1.3 de Nextcloud Server y Nextcloud Enterprise Server contienen una soluci\u00f3n para este problema. Como workaround, desactive el texto de la aplicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.13", + "matchCriteriaId": "29861543-C0E0-4AE0-AB80-D355F7C87BC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.13", + "matchCriteriaId": "022E939C-D0FF-4B15-B196-2E31648A6D7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.8", + "matchCriteriaId": "11421EAE-68EA-4372-8AC0-F5A1E40A9351" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.8", + "matchCriteriaId": "73E25AF9-5CCD-45F9-AAB0-AFEF607B0F32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.3", + "matchCriteriaId": "DBD45C73-377F-4B88-BE87-1BBD9236CAEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.3", + "matchCriteriaId": "0584A036-2006-4032-85CA-673B4547F7EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p7g9-x25m-4h87", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/text/pull/4877", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://hackerone.com/reports/2211561", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48305.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48305.json index 7b4e461c57f..d4854e7bd3a 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48305.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48305.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48305", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-21T23:15:07.373", - "lastModified": "2023-11-22T03:36:37.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:06:58.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users' passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments)." + }, + { + "lang": "es", + "value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y antes de las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server, cuando el nivel de registro se configur\u00f3 para depurar, la aplicaci\u00f3n user_ldap registr\u00f3 las contrase\u00f1as de los usuarios en texto plano en el archivo de registro. Si el archivo de registro se filtrara o se compartiera de alguna manera, se filtrar\u00edan las contrase\u00f1as de los usuarios. Las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y Nextcloud Enterprise Server contienen un parche para este problema. Como workaround, cambie la configuraci\u00f3n \"loglevel\" a \"1\" o superior (siempre debe ser superior a 1 en entornos de producci\u00f3n)." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +70,91 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.11", + "matchCriteriaId": "CFCB9CDB-F661-496E-86B7-25B228A3C90E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.11", + "matchCriteriaId": "37949CD5-0B2D-40BE-83C8-E6A03CD0F7C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.6", + "matchCriteriaId": "9E2008E1-AFAE-40F5-8D64-A019F2222AA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.6", + "matchCriteriaId": "4C98058B-06EF-446E-A39D-F436627469C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.0", + "matchCriteriaId": "B8F5C07F-E133-4C54-B9A7-95A38086B28A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.0", + "matchCriteriaId": "E29703CE-0A92-47F3-96AE-0AC27641ECDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35p6-4992-w5fr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/server/issues/38461", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/nextcloud/server/pull/40013", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://hackerone.com/reports/2101165", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48306.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48306.json index 122e7a6e1e4..155b87a2233 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48306.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48306.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48306", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-21T23:15:07.600", - "lastModified": "2023-11-22T03:36:37.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:07:20.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available." + }, + { + "lang": "es", + "value": "Nextcloud Server proporciona almacenamiento de datos para Nextcloud, una plataforma en la nube de c\u00f3digo abierto. A partir de la versi\u00f3n 25.0.0 y anteriores a las versiones 25.0.11, 26.0.6 y 27.1.0 de Nextcloud Server y a partir de la versi\u00f3n 22.0.0 y anteriores a las versiones 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0. 11, 26.0.6 y 27.1.0 de Nextcloud Enterprise Server, el middleware de pines de DNS era vulnerable a la nueva vinculaci\u00f3n de DNS, lo que permit\u00eda a un atacante realizar SSRF como resultado final. Nextcloud Server 25.0.11, 26.0.6 y 27.1.0 y Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6 y 27.1.0 contienen parches para este problema. No hay workarounds conocidos disponibles." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +80,104 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.2.10.16", + "matchCriteriaId": "429A249E-7FF9-495A-9158-95B888ABD8D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.0.12.11", + "matchCriteriaId": "465AAFF0-9D24-451A-AAAE-9340A8BE1EC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.12.7", + "matchCriteriaId": "040721D3-7E8A-4DC2-978D-9AE6D5A606F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.11", + "matchCriteriaId": "CFCB9CDB-F661-496E-86B7-25B228A3C90E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.11", + "matchCriteriaId": "37949CD5-0B2D-40BE-83C8-E6A03CD0F7C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.6", + "matchCriteriaId": "9E2008E1-AFAE-40F5-8D64-A019F2222AA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.6", + "matchCriteriaId": "4C98058B-06EF-446E-A39D-F436627469C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.0", + "matchCriteriaId": "B8F5C07F-E133-4C54-B9A7-95A38086B28A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "27.0.0", + "versionEndExcluding": "27.1.0", + "matchCriteriaId": "E29703CE-0A92-47F3-96AE-0AC27641ECDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/server/pull/40234", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] }, { "url": "https://hackerone.com/reports/2115212", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48307.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48307.json index d5203fdb632..fb97228997c 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48307.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48307.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48307", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-21T23:15:07.807", - "lastModified": "2023-11-22T03:36:37.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T16:40:08.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app." + }, + { + "lang": "es", + "value": "Nextcloud Mail es la aplicaci\u00f3n de correo de Nextcloud, una plataforma de productividad autohospedada. A partir de la versi\u00f3n 1.13.0 y anteriores a las versiones 2.2.8 y 3.3.0, un atacante puede utilizar un endpoint desprotegido en la aplicaci\u00f3n de correo para realizar un ataque SSRF. Las versiones 2.2.8 y 3.3.0 de la aplicaci\u00f3n Nextcloud Mail contienen un parche para este problema. Como workaround, desactive la aplicaci\u00f3n de correo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.13.0", + "versionEndExcluding": "2.2.8", + "matchCriteriaId": "54F82061-3A70-47D7-9E95-26B10CA3553A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.3.0", + "matchCriteriaId": "98F3704F-323A-4BC4-BC5F-259C8648CB97" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/mail/pull/8709", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/1869714", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48328.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48328.json new file mode 100644 index 00000000000..3c5ac58ea59 --- /dev/null +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48328.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48328", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:10.227", + "lastModified": "2023-11-30T16:15:10.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin \u2013 NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin \u2013 NextGEN Gallery: from n/a through 3.37.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48333.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48333.json new file mode 100644 index 00000000000..bd2a40d83f5 --- /dev/null +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48333.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48333", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T15:15:09.310", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-1-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48699.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48699.json index 75752ac1811..28d52dbf0a6 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48699.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48699.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48699", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-21T23:15:08.103", - "lastModified": "2023-11-22T03:36:37.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:15:03.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above." + }, + { + "lang": "es", + "value": "fastbots es una librer\u00eda para el desarrollo r\u00e1pido de robots y raspadores utilizando selenio y el dise\u00f1o de Page Object Model (POM). Antes de la versi\u00f3n 0.1.5, un atacante pod\u00eda modificar el archivo localizador locators.ini con c\u00f3digo Python que sin la validaci\u00f3n adecuada se ejecutaba y podr\u00eda provocar rce. La vulnerabilidad est\u00e1 en la funci\u00f3n `def __locator__(self, locator_name: str)` en `page.py`. Para mitigar este problema, actualice a la versi\u00f3n 0.1.5 o superior de fastbots." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +80,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ubertidavide:fastbots:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.1.5", + "matchCriteriaId": "F4D23CDD-ACB2-427B-BC2C-1F98D79FE70C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48754.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48754.json new file mode 100644 index 00000000000..2fdc57ee995 --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48754.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48754", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:10.420", + "lastModified": "2023-11-30T16:15:10.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/delete-post-revisions-on-single-click/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json index 8f002e0f0e7..adea53a0207 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5528", "sourceIdentifier": "jordan@liggitt.net", "published": "2023-11-14T21:15:14.123", - "lastModified": "2023-11-28T03:15:07.023", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-30T15:10:23.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -50,26 +80,107 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.8.0", + "versionEndExcluding": "1.25.16", + "matchCriteriaId": "25FFBC6E-DCE9-4596-8ABE-AC6B6564AA40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.26.0", + "versionEndExcluding": "1.26.11", + "matchCriteriaId": "28E3CB24-4305-4E08-AD34-D29AE795FA4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.27.0", + "versionEndExcluding": "1.27.8", + "matchCriteriaId": "45E6B088-8FC7-476A-A661-A9402F857C4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.28.0", + "versionEndExcluding": "1.28.4", + "matchCriteriaId": "8C9231AD-C3B9-4531-9052-0317AA506B0B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kubernetes/kubernetes/issues/121879", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5593.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5593.json index d27feaee10a..67953136030 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5593.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5593.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5593", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-11-20T12:15:09.180", - "lastModified": "2023-11-20T15:04:56.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:14:15.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zyxel:secuextender_ssl_vpn:4.0.4.0:*:*:*:*:windows:*:*", + "matchCriteriaId": "46B6221D-7167-4AFF-9E26-6AE88C983EB9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-out-of-bounds-write-vulnerability-in-secuextender-ssl-vpn-client-software", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5720.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5720.json index ef8645665de..fa52df6a537 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5720.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5720.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5720", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-15T14:15:07.900", - "lastModified": "2023-11-22T22:39:50.083", + "lastModified": "2023-11-30T16:26:16.073", "vulnStatus": "Analyzed", "descriptions": [ { @@ -91,7 +91,8 @@ "vulnerable": true, "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0.1", - "matchCriteriaId": "9D9DE1DF-8CFA-4E57-B30E-CDB925589F0D" + "versionEndExcluding": "3.2.8", + "matchCriteriaId": "C787DE6A-4365-4B6E-A6A7-A92EB9BFE60A" }, { "vulnerable": true, diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5803.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5803.json new file mode 100644 index 00000000000..531384dbb95 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5803.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5803", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-30T16:15:10.610", + "lastModified": "2023-11-30T16:15:10.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin \u2013 Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin \u2013 Easy Listing Directories for WordPress: from n/a through 6.3.10.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5986.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5986.json index f2675d08a3c..c5c27a1000a 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5986.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5986.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5986", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-11-15T04:15:19.487", - "lastModified": "2023-11-15T13:54:26.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:24:25.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -50,10 +80,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "E4A6EB67-7D2A-4899-BAC7-18BD6F5D6700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_1:*:*:*:*:*:*", + "matchCriteriaId": "62689EF4-C9D4-47FB-9722-C9C2EFB0C858" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_2:*:*:*:*:*:*", + "matchCriteriaId": "2D20050D-A7BB-4BB1-9C4C-DB3321DF087B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:-:*:*:*:*:*:*", + "matchCriteriaId": "B4579BF1-DD9F-4AD7-A1CE-2AD2B7389B8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:cumulative_update_1:*:*:*:*:*:*", + "matchCriteriaId": "B38506D4-26CD-405C-99FC-0E8F9D39DA57" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5987.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5987.json index 8b726216fa1..b151e880673 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5987.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5987.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5987", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-11-15T04:15:19.700", - "lastModified": "2023-11-15T13:54:23.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:05:45.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -50,10 +70,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "E4A6EB67-7D2A-4899-BAC7-18BD6F5D6700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_1:*:*:*:*:*:*", + "matchCriteriaId": "62689EF4-C9D4-47FB-9722-C9C2EFB0C858" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_2:*:*:*:*:*:*", + "matchCriteriaId": "2D20050D-A7BB-4BB1-9C4C-DB3321DF087B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:-:*:*:*:*:*:*", + "matchCriteriaId": "B4579BF1-DD9F-4AD7-A1CE-2AD2B7389B8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:cumulative_update_1:*:*:*:*:*:*", + "matchCriteriaId": "B38506D4-26CD-405C-99FC-0E8F9D39DA57" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6032.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6032.json index 6b14b13013b..553369c9527 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6032.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6032.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6032", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-11-15T04:15:19.890", - "lastModified": "2023-11-15T13:54:23.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T15:17:18.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -50,10 +70,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:galaxy_vl_firmware:12.21:*:*:*:*:*:*:*", + "matchCriteriaId": "8BBA2696-BAD9-4DEF-A666-A1069911A1EA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:galaxy_vl:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2C17962-A380-4C2B-9765-6F7EBF009805" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:galaxy_vs_firmware:6.82:*:*:*:*:*:*:*", + "matchCriteriaId": "30E308F5-F39F-4542-B76E-B0DB08072B9E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:galaxy_vs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D34844F6-82C2-4791-9D5F-9364DFBC4438" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-03.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json index be79c7b88bf..45d8a336c1a 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6204", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.687", - "lastModified": "2023-11-28T19:45:10.887", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:10.803", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -121,6 +121,10 @@ "Mailing List" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5561", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json index 05b839c8a2f..a5c5e3164cd 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6205", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.737", - "lastModified": "2023-11-28T19:44:48.170", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:10.870", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -121,6 +121,10 @@ "Mailing List" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5561", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json index 083376165d0..1b7cb6c9aa4 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6206", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.787", - "lastModified": "2023-11-28T19:44:05.347", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:10.940", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -121,6 +121,10 @@ "Mailing List" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5561", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json index ef50a9d7d36..8e431c0d55b 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6207", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.843", - "lastModified": "2023-11-28T19:42:50.670", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:11.027", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -121,6 +121,10 @@ "Mailing List" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5561", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json index 8bdcf884660..1523e81fd73 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6208", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.900", - "lastModified": "2023-11-28T19:37:55.503", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:11.150", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -121,6 +121,10 @@ "Mailing List" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5561", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json index 5a4f91eae5d..5ad2d104b92 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6209", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.957", - "lastModified": "2023-11-28T19:37:34.557", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:11.277", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -121,6 +121,10 @@ "Mailing List" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5561", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json index e33b1c49acf..f3846281195 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6212", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:08.110", - "lastModified": "2023-11-28T19:30:41.437", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T16:15:11.417", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -120,6 +120,10 @@ "Mailing List" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5561", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6239.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6239.json index 1bd4aea93b5..0fd7c179986 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6239.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6239.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6239", "sourceIdentifier": "security@m-files.com", "published": "2023-11-28T14:15:07.697", - "lastModified": "2023-11-29T14:15:07.793", + "lastModified": "2023-11-30T16:15:11.570", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9 and 23.10 and 23.11 before 23.11.13168.7 allowing user to access object with incorrectly calculated privileges.\n" + "value": "Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6360.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6360.json new file mode 100644 index 00000000000..3ff85e5815f --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6360.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6360", + "sourceIdentifier": "vulnreport@tenable.com", + "published": "2023-11-30T16:15:11.820", + "lastModified": "2023-11-30T16:15:11.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vulnreport@tenable.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "vulnreport@tenable.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.tenable.com/security/research/tra-2023-40", + "source": "vulnreport@tenable.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6401.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6401.json new file mode 100644 index 00000000000..395329d072f --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6401.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-6401", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-30T15:15:09.507", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.246421", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.246421", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6402.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6402.json new file mode 100644 index 00000000000..e6fa7b6e2a9 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6402.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6402", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-30T15:15:09.813", + "lastModified": "2023-11-30T15:16:38.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dhabaleshwar/niv_testing_sqli/blob/main/exploit.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.246423", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.246423", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ad004f8cc7d..f48a20a3291 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-30T15:00:18.370884+00:00 +2023-11-30T17:00:18.296967+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-30T14:52:31.180000+00:00 +2023-11-30T16:43:06.887000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231821 +231847 ``` ### CVEs added in the last Commit -Recently added CVEs: `62` +Recently added CVEs: `26` -* [CVE-2023-48279](CVE-2023/CVE-2023-482xx/CVE-2023-48279.json) (`2023-11-30T14:15:10.590`) -* [CVE-2023-48281](CVE-2023/CVE-2023-482xx/CVE-2023-48281.json) (`2023-11-30T14:15:10.783`) -* [CVE-2023-48742](CVE-2023/CVE-2023-487xx/CVE-2023-48742.json) (`2023-11-30T14:15:10.983`) -* [CVE-2023-48912](CVE-2023/CVE-2023-489xx/CVE-2023-48912.json) (`2023-11-30T14:15:11.177`) -* [CVE-2023-48913](CVE-2023/CVE-2023-489xx/CVE-2023-48913.json) (`2023-11-30T14:15:11.220`) -* [CVE-2023-48914](CVE-2023/CVE-2023-489xx/CVE-2023-48914.json) (`2023-11-30T14:15:11.273`) -* [CVE-2023-48963](CVE-2023/CVE-2023-489xx/CVE-2023-48963.json) (`2023-11-30T14:15:11.477`) -* [CVE-2023-48964](CVE-2023/CVE-2023-489xx/CVE-2023-48964.json) (`2023-11-30T14:15:11.670`) -* [CVE-2023-4770](CVE-2023/CVE-2023-47xx/CVE-2023-4770.json) (`2023-11-30T14:15:11.880`) -* [CVE-2023-5965](CVE-2023/CVE-2023-59xx/CVE-2023-5965.json) (`2023-11-30T14:15:12.943`) -* [CVE-2023-5966](CVE-2023/CVE-2023-59xx/CVE-2023-5966.json) (`2023-11-30T14:15:13.450`) -* [CVE-2023-6026](CVE-2023/CVE-2023-60xx/CVE-2023-6026.json) (`2023-11-30T14:15:13.983`) -* [CVE-2023-6027](CVE-2023/CVE-2023-60xx/CVE-2023-6027.json) (`2023-11-30T14:15:14.497`) -* [CVE-2023-6136](CVE-2023/CVE-2023-61xx/CVE-2023-6136.json) (`2023-11-30T14:15:14.983`) -* [CVE-2023-6410](CVE-2023/CVE-2023-64xx/CVE-2023-6410.json) (`2023-11-30T14:15:15.497`) -* [CVE-2023-6411](CVE-2023/CVE-2023-64xx/CVE-2023-6411.json) (`2023-11-30T14:15:16.017`) -* [CVE-2023-6412](CVE-2023/CVE-2023-64xx/CVE-2023-6412.json) (`2023-11-30T14:15:16.527`) -* [CVE-2023-6413](CVE-2023/CVE-2023-64xx/CVE-2023-6413.json) (`2023-11-30T14:15:17.020`) -* [CVE-2023-6414](CVE-2023/CVE-2023-64xx/CVE-2023-6414.json) (`2023-11-30T14:15:17.523`) -* [CVE-2023-33333](CVE-2023/CVE-2023-333xx/CVE-2023-33333.json) (`2023-11-30T14:15:08.323`) -* [CVE-2023-34030](CVE-2023/CVE-2023-340xx/CVE-2023-34030.json) (`2023-11-30T14:15:09.397`) -* [CVE-2023-36682](CVE-2023/CVE-2023-366xx/CVE-2023-36682.json) (`2023-11-30T14:15:09.583`) -* [CVE-2023-36685](CVE-2023/CVE-2023-366xx/CVE-2023-36685.json) (`2023-11-30T14:15:09.787`) -* [CVE-2023-37867](CVE-2023/CVE-2023-378xx/CVE-2023-37867.json) (`2023-11-30T14:15:09.983`) -* [CVE-2023-47645](CVE-2023/CVE-2023-476xx/CVE-2023-47645.json) (`2023-11-30T14:15:10.200`) +* [CVE-2023-40211](CVE-2023/CVE-2023-402xx/CVE-2023-40211.json) (`2023-11-30T15:15:07.773`) +* [CVE-2023-40600](CVE-2023/CVE-2023-406xx/CVE-2023-40600.json) (`2023-11-30T15:15:07.973`) +* [CVE-2023-40662](CVE-2023/CVE-2023-406xx/CVE-2023-40662.json) (`2023-11-30T15:15:08.050`) +* [CVE-2023-41735](CVE-2023/CVE-2023-417xx/CVE-2023-41735.json) (`2023-11-30T15:15:08.240`) +* [CVE-2023-44150](CVE-2023/CVE-2023-441xx/CVE-2023-44150.json) (`2023-11-30T15:15:08.517`) +* [CVE-2023-45066](CVE-2023/CVE-2023-450xx/CVE-2023-45066.json) (`2023-11-30T15:15:08.723`) +* [CVE-2023-45834](CVE-2023/CVE-2023-458xx/CVE-2023-45834.json) (`2023-11-30T15:15:08.920`) +* [CVE-2023-46820](CVE-2023/CVE-2023-468xx/CVE-2023-46820.json) (`2023-11-30T15:15:09.120`) +* [CVE-2023-48333](CVE-2023/CVE-2023-483xx/CVE-2023-48333.json) (`2023-11-30T15:15:09.310`) +* [CVE-2023-6401](CVE-2023/CVE-2023-64xx/CVE-2023-6401.json) (`2023-11-30T15:15:09.507`) +* [CVE-2023-6402](CVE-2023/CVE-2023-64xx/CVE-2023-6402.json) (`2023-11-30T15:15:09.813`) +* [CVE-2023-25057](CVE-2023/CVE-2023-250xx/CVE-2023-25057.json) (`2023-11-30T16:15:07.903`) +* [CVE-2023-26533](CVE-2023/CVE-2023-265xx/CVE-2023-26533.json) (`2023-11-30T16:15:08.490`) +* [CVE-2023-36507](CVE-2023/CVE-2023-365xx/CVE-2023-36507.json) (`2023-11-30T16:15:08.693`) +* [CVE-2023-36523](CVE-2023/CVE-2023-365xx/CVE-2023-36523.json) (`2023-11-30T16:15:08.893`) +* [CVE-2023-37868](CVE-2023/CVE-2023-378xx/CVE-2023-37868.json) (`2023-11-30T16:15:09.080`) +* [CVE-2023-37890](CVE-2023/CVE-2023-378xx/CVE-2023-37890.json) (`2023-11-30T16:15:09.267`) +* [CVE-2023-39921](CVE-2023/CVE-2023-399xx/CVE-2023-39921.json) (`2023-11-30T16:15:09.463`) +* [CVE-2023-44143](CVE-2023/CVE-2023-441xx/CVE-2023-44143.json) (`2023-11-30T16:15:09.653`) +* [CVE-2023-45609](CVE-2023/CVE-2023-456xx/CVE-2023-45609.json) (`2023-11-30T16:15:09.843`) +* [CVE-2023-46086](CVE-2023/CVE-2023-460xx/CVE-2023-46086.json) (`2023-11-30T16:15:10.037`) +* [CVE-2023-48328](CVE-2023/CVE-2023-483xx/CVE-2023-48328.json) (`2023-11-30T16:15:10.227`) +* [CVE-2023-48754](CVE-2023/CVE-2023-487xx/CVE-2023-48754.json) (`2023-11-30T16:15:10.420`) +* [CVE-2023-5803](CVE-2023/CVE-2023-58xx/CVE-2023-5803.json) (`2023-11-30T16:15:10.610`) +* [CVE-2023-6360](CVE-2023/CVE-2023-63xx/CVE-2023-6360.json) (`2023-11-30T16:15:11.820`) ### CVEs modified in the last Commit -Recently modified CVEs: `66` +Recently modified CVEs: `48` -* [CVE-2023-4474](CVE-2023/CVE-2023-44xx/CVE-2023-4474.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-5247](CVE-2023/CVE-2023-52xx/CVE-2023-5247.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-5772](CVE-2023/CVE-2023-57xx/CVE-2023-5772.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-47463](CVE-2023/CVE-2023-474xx/CVE-2023-47463.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-47464](CVE-2023/CVE-2023-474xx/CVE-2023-47464.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-49094](CVE-2023/CVE-2023-490xx/CVE-2023-49094.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-49097](CVE-2023/CVE-2023-490xx/CVE-2023-49097.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-5274](CVE-2023/CVE-2023-52xx/CVE-2023-5274.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-5275](CVE-2023/CVE-2023-52xx/CVE-2023-5275.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-47418](CVE-2023/CVE-2023-474xx/CVE-2023-47418.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-49076](CVE-2023/CVE-2023-490xx/CVE-2023-49076.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-49087](CVE-2023/CVE-2023-490xx/CVE-2023-49087.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-49052](CVE-2023/CVE-2023-490xx/CVE-2023-49052.json) (`2023-11-30T13:39:13.380`) -* [CVE-2023-40458](CVE-2023/CVE-2023-404xx/CVE-2023-40458.json) (`2023-11-30T13:39:19.237`) -* [CVE-2023-49693](CVE-2023/CVE-2023-496xx/CVE-2023-49693.json) (`2023-11-30T13:39:19.237`) -* [CVE-2023-6011](CVE-2023/CVE-2023-60xx/CVE-2023-6011.json) (`2023-11-30T13:59:08.237`) -* [CVE-2023-37924](CVE-2023/CVE-2023-379xx/CVE-2023-37924.json) (`2023-11-30T14:00:17.920`) -* [CVE-2023-4931](CVE-2023/CVE-2023-49xx/CVE-2023-4931.json) (`2023-11-30T14:15:12.720`) -* [CVE-2023-38881](CVE-2023/CVE-2023-388xx/CVE-2023-38881.json) (`2023-11-30T14:19:39.523`) -* [CVE-2023-38882](CVE-2023/CVE-2023-388xx/CVE-2023-38882.json) (`2023-11-30T14:20:28.047`) -* [CVE-2023-38883](CVE-2023/CVE-2023-388xx/CVE-2023-38883.json) (`2023-11-30T14:21:33.187`) -* [CVE-2023-38884](CVE-2023/CVE-2023-388xx/CVE-2023-38884.json) (`2023-11-30T14:22:37.007`) -* [CVE-2023-38885](CVE-2023/CVE-2023-388xx/CVE-2023-38885.json) (`2023-11-30T14:23:35.557`) -* [CVE-2023-49060](CVE-2023/CVE-2023-490xx/CVE-2023-49060.json) (`2023-11-30T14:29:10.127`) -* [CVE-2023-6133](CVE-2023/CVE-2023-61xx/CVE-2023-6133.json) (`2023-11-30T14:52:31.180`) +* [CVE-2023-39253](CVE-2023/CVE-2023-392xx/CVE-2023-39253.json) (`2023-11-30T15:38:26.050`) +* [CVE-2023-41140](CVE-2023/CVE-2023-411xx/CVE-2023-41140.json) (`2023-11-30T15:45:50.633`) +* [CVE-2023-41139](CVE-2023/CVE-2023-411xx/CVE-2023-41139.json) (`2023-11-30T15:48:23.633`) +* [CVE-2023-23978](CVE-2023/CVE-2023-239xx/CVE-2023-23978.json) (`2023-11-30T15:50:37.040`) +* [CVE-2023-36038](CVE-2023/CVE-2023-360xx/CVE-2023-36038.json) (`2023-11-30T15:51:34.713`) +* [CVE-2023-28812](CVE-2023/CVE-2023-288xx/CVE-2023-28812.json) (`2023-11-30T15:55:57.863`) +* [CVE-2023-3377](CVE-2023/CVE-2023-33xx/CVE-2023-3377.json) (`2023-11-30T16:06:38.067`) +* [CVE-2023-48306](CVE-2023/CVE-2023-483xx/CVE-2023-48306.json) (`2023-11-30T16:07:20.860`) +* [CVE-2023-25835](CVE-2023/CVE-2023-258xx/CVE-2023-25835.json) (`2023-11-30T16:15:08.103`) +* [CVE-2023-25837](CVE-2023/CVE-2023-258xx/CVE-2023-25837.json) (`2023-11-30T16:15:08.313`) +* [CVE-2023-6204](CVE-2023/CVE-2023-62xx/CVE-2023-6204.json) (`2023-11-30T16:15:10.803`) +* [CVE-2023-6205](CVE-2023/CVE-2023-62xx/CVE-2023-6205.json) (`2023-11-30T16:15:10.870`) +* [CVE-2023-6206](CVE-2023/CVE-2023-62xx/CVE-2023-6206.json) (`2023-11-30T16:15:10.940`) +* [CVE-2023-6207](CVE-2023/CVE-2023-62xx/CVE-2023-6207.json) (`2023-11-30T16:15:11.027`) +* [CVE-2023-6208](CVE-2023/CVE-2023-62xx/CVE-2023-6208.json) (`2023-11-30T16:15:11.150`) +* [CVE-2023-6209](CVE-2023/CVE-2023-62xx/CVE-2023-6209.json) (`2023-11-30T16:15:11.277`) +* [CVE-2023-6212](CVE-2023/CVE-2023-62xx/CVE-2023-6212.json) (`2023-11-30T16:15:11.417`) +* [CVE-2023-6239](CVE-2023/CVE-2023-62xx/CVE-2023-6239.json) (`2023-11-30T16:15:11.570`) +* [CVE-2023-5720](CVE-2023/CVE-2023-57xx/CVE-2023-5720.json) (`2023-11-30T16:26:16.073`) +* [CVE-2023-28813](CVE-2023/CVE-2023-288xx/CVE-2023-28813.json) (`2023-11-30T16:34:22.153`) +* [CVE-2023-27383](CVE-2023/CVE-2023-273xx/CVE-2023-27383.json) (`2023-11-30T16:39:04.510`) +* [CVE-2023-27513](CVE-2023/CVE-2023-275xx/CVE-2023-27513.json) (`2023-11-30T16:39:31.357`) +* [CVE-2023-48307](CVE-2023/CVE-2023-483xx/CVE-2023-48307.json) (`2023-11-30T16:40:08.900`) +* [CVE-2023-47529](CVE-2023/CVE-2023-475xx/CVE-2023-47529.json) (`2023-11-30T16:42:23.307`) +* [CVE-2023-47244](CVE-2023/CVE-2023-472xx/CVE-2023-47244.json) (`2023-11-30T16:43:06.887`) ## Download and Usage