admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-08T21:00:24.445554+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-08 21:00:28 +00:00
parent 8dba4af0d4
commit 92050295a3
88 changed files with 3839 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2018/CVE-2018-250xx/CVE-2018-25095.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2018-25095",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:08.377",
"lastModified": "2024-01-08T19:30:10.403",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee",
"source": "contact@wpscan.com"
}
]
}

51
CVE-2021/CVE-2021-36xx/CVE-2021-3600.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2021-3600",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-08T19:15:08.470",
"lastModified": "2024-01-08T19:30:10.403",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600",
"source": "security@ubuntu.com"
},
{
"url": "https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90",
"source": "security@ubuntu.com"
},
{
"url": "https://ubuntu.com/security/notices/USN-5003-1",
"source": "security@ubuntu.com"
}
]
}

74
CVE-2021/CVE-2021-469xx/CVE-2021-46901.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2021-46901",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-31T07:15:07.443",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:09:08.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network."
},
{
"lang": "es",
"value": "example/6lbr/apps/6lbr-webserver/httpd.c en CETIC-6LBR (tambi\u00e9n conocido como 6lbr) 1.5.0 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria strcat a trav\u00e9s de una solicitud de una URL larga a trav\u00e9s de una red 6LoWPAN."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cetic:cetic-6lbr:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E465E0D8-8E05-4C5D-B4FD-CE7B5AFC5E46"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cetic/6lbr/blob/c3092a1ccc6b6b0e668f33f6f4b2d6967975d664/examples/6lbr/apps/6lbr-webserver/httpd.c#L119",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/cetic/6lbr/issues/414",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-25xx/CVE-2022-2585.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2585",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-08T18:15:44.383",
"lastModified": "2024-01-08T18:15:44.383",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-25xx/CVE-2022-2586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2586",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-08T18:15:44.620",
"lastModified": "2024-01-08T18:15:44.620",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-25xx/CVE-2022-2588.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2588",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-08T18:15:44.840",
"lastModified": "2024-01-08T18:15:44.840",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-26xx/CVE-2022-2602.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2602",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-08T18:15:45.037",
"lastModified": "2024-01-08T18:15:45.037",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-33xx/CVE-2022-3328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3328",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-08T18:15:45.233",
"lastModified": "2024-01-08T18:15:45.233",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
CVE-2023/CVE-2023-10xx/CVE-2023-1032.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-1032",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-08T19:15:08.663",
"lastModified": "2024-01-08T19:30:10.403",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032",
"source": "security@ubuntu.com"
},
{
"url": "https://ubuntu.com/security/notices/USN-5977-1",
"source": "security@ubuntu.com"
},
{
"url": "https://ubuntu.com/security/notices/USN-6024-1",
"source": "security@ubuntu.com"
},
{
"url": "https://ubuntu.com/security/notices/USN-6033-1",
"source": "security@ubuntu.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/03/13/2",
"source": "security@ubuntu.com"
}
]
}

69
CVE-2023/CVE-2023-261xx/CVE-2023-26157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26157",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-02T05:15:08.160",
"lastModified": "2024-01-02T13:47:24.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:33:27.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,18 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5.6384",
"matchCriteriaId": "C0D7618D-9F7C-4654-822E-48A907537B85"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/LibreDWG/libredwg/issues/850",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-455xx/CVE-2023-45561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45561",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.530",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:32:10.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,80 @@
"value": "Un problema en A-WORLD OIRASE BEER_waiting Line v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "http://a-world.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://oirase.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45561.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-458xx/CVE-2023-45892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45892",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.583",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:31:03.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema descubierto en las p\u00e1ginas de Order y Invoice en Floorsight Insights Q3 2023 permite a un atacante remoto no autenticado ver informaci\u00f3n confidencial del cliente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:floorsightsoftware:insight:*:*:*:*:*:*:*:*",
"versionEndIncluding": "q3_2023",
"matchCriteriaId": "2E8DDEB0-C955-4205-A6A6-7E89ADCBB42D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-458xx/CVE-2023-45893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45893",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.630",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:30:51.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una referencia de objeto indirecto (IDOR) en las p\u00e1ginas Order y Invoice de Floorsight Customer Portal Q3 2023 permite a un atacante remoto no autenticado ver informaci\u00f3n confidencial del cliente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:floorsightsoftware:customer_portal:*:*:*:*:*:*:*:*",
"versionEndIncluding": "q3_2023",
"matchCriteriaId": "A14EA7C4-AC8E-40BE-9411-A3B153092532"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-470xx/CVE-2023-47039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47039",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T06:15:13.737",
"lastModified": "2024-01-02T13:47:18.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:02:03.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.32.1",
"matchCriteriaId": "941F7B31-C194-4B93-AA3E-4F84C0DB4AF5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-47039",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

74
CVE-2023/CVE-2023-474xx/CVE-2023-47458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47458",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.673",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:29:49.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Un problema en SpringBlade v.3.7.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s de la falta de un framework de permisos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bladex:springblade:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.0",
"matchCriteriaId": "0316ED89-1327-46DA-BD43-995B6DC663DE"
}
]
}
]
}
],
"references": [
{
"url": "http://springblade.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gitee.com/smallc/SpringBlade",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

8
CVE-2023/CVE-2023-474xx/CVE-2023-47488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47488",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T06:15:24.290",
"lastModified": "2023-11-16T16:42:19.467",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-08T20:15:44.340",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -74,6 +74,10 @@
"tags": [
"Broken Link"
]
},
{
"url": "https://nitipoom-jar.github.io/CVE-2023-47488/",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-478xx/CVE-2023-47804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47804",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-29T15:15:09.157",
"lastModified": "2024-01-03T12:15:23.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:22:31.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Los documentos de Apache OpenOffice pueden contener enlaces que llaman a macros internas con argumentos arbitrarios. Para este fin se definen varios esquemas de URI. Los enlaces se pueden activar mediante clics o mediante eventos autom\u00e1ticos del documento. La ejecuci\u00f3n de dichos enlaces debe estar sujeta a la aprobaci\u00f3n del usuario. En las versiones afectadas de OpenOffice, no se solicita aprobaci\u00f3n para ciertos enlaces; Cuando se activan, dichos enlaces podr\u00edan dar lugar a la ejecuci\u00f3n de scripts arbitrarios. Este es un caso de esquina de CVE-2022-47502."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -31,18 +64,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.15",
"matchCriteriaId": "767062E8-2AC4-433B-88DD-F7A36A9CB97C"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/ygp59swfcy6g46jf8v9s6qpwmxn8fsvb",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://www.openoffice.org/security/cves/CVE-2023-47804.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-478xx/CVE-2023-47858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47858",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-01-02T10:15:08.117",
"lastModified": "2024-01-02T13:47:18.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:03:08.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.7",
"matchCriteriaId": "4FFBD373-195D-4481-B87D-5B329DBEC33D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.5",
"matchCriteriaId": "707E5CDF-AD8D-4D91-8DE8-B32E6E06003B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.4",
"matchCriteriaId": "689E6CCF-B722-4C95-AAB6-010CC285CF80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "9.2.3",
"matchCriteriaId": "51A35D8A-9E04-4450-B27E-401B9D43CC12"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-478xx/CVE-2023-47890.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47890",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T20:15:44.453",
"lastModified": "2024-01-08T20:15:44.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "pyLoad 0.5.0 is vulnerable to Unrestricted File Upload."
}
],
"metrics": {},
"references": [
{
"url": "http://pyload.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-h73m-pcfw-25h2",
"source": "cve@mitre.org"
}
]
}

57
CVE-2023/CVE-2023-487xx/CVE-2023-48732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48732",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-01-02T10:15:08.487",
"lastModified": "2024-01-02T13:47:18.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:03:27.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.7",
"matchCriteriaId": "4FFBD373-195D-4481-B87D-5B329DBEC33D"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-497xx/CVE-2023-49794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49794",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T20:15:10.020",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:37:53.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kernelsu:kernelsu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.7.1",
"matchCriteriaId": "4C6A3ED4-679D-46F9-A6EF-EF7A2D7E9135"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1b9UrmG_co9EJXB_yMBneRArUIR5sTuaN/view?usp=drive_link",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/tiann/KernelSU/security/advisories/GHSA-8rc5-x54x-5qc4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-503xx/CVE-2023-50333.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50333",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-01-02T10:15:08.723",
"lastModified": "2024-01-02T13:47:18.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:04:13.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.7",
"matchCriteriaId": "4FFBD373-195D-4481-B87D-5B329DBEC33D"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-507xx/CVE-2023-50711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50711",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T20:15:10.250",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:36:27.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rust-vmm:vmm-sys-util:*:*:*:*:*:rust:*:*",
"versionStartIncluding": "0.5.0",
"versionEndExcluding": "0.12.0",
"matchCriteriaId": "8BF935A7-CACE-4181-AF8F-46107DE2240B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-509xx/CVE-2023-50982.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-50982",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T20:15:44.513",
"lastModified": "2024-01-08T20:15:44.513",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://gitlab.studip.de/studip/studip/-/tags",
"source": "cve@mitre.org"
},
{
"url": "https://rehmeinfosec.de/labor/cve-2023-50982",
"source": "cve@mitre.org"
},
{
"url": "https://sourceforge.net/projects/studip/files/Stud.IP/5.4/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-512xx/CVE-2023-51246.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-51246",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T20:15:44.723",
"lastModified": "2024-01-08T20:15:44.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/NING0121/25498c5326c2590423b26ace38d2cf39",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/NING0121/CVE/issues/1",
"source": "cve@mitre.org"
}
]
}

57
CVE-2023/CVE-2023-516xx/CVE-2023-51652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51652",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T20:15:10.453",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:35:18.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spassarop:owasp_antisamy_.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "13BDB025-E8FE-41BA-8BEC-53FC1A8994D3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-516xx/CVE-2023-51675.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51675",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T14:15:48.117",
"lastModified": "2023-12-29T14:46:03.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:23:02.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza (\"Open Redirect\") en AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More. Este problema afecta a Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: desde n/a hasta el 6.9.18."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.9.19",
"matchCriteriaId": "DA6B31DA-F955-4FFF-B547-6DA36ECCFF48"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-18-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-517xx/CVE-2023-51713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51713",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T03:15:09.730",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:06:50.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,87 @@
"value": "make_ftp_cmd en main.c en ProFTPD anterior a 1.3.8a tiene una lectura fuera de los l\u00edmites de un byte y el daemon falla debido a un mal manejo de las sem\u00e1nticas de quote/backslash."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.8a",
"matchCriteriaId": "82A8E114-13E4-4799-8838-37D9BB4BB4D1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/proftpd/proftpd/blob/1.3.8/NEWS",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/proftpd/proftpd/issues/1683",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-521xx/CVE-2023-52190.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52190",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T19:15:08.863",
"lastModified": "2024-01-08T19:30:10.403",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/coupon-referral-program/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-sensitive-data-pii-coupon-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-522xx/CVE-2023-52200.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-52200",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T20:15:44.777",
"lastModified": "2024-01-08T20:15:44.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52203.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52203",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T20:15:45.010",
"lastModified": "2024-01-08T20:15:45.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cforms2/wordpress-cformsii-plugin-15-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52204.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52204",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T20:15:45.263",
"lastModified": "2024-01-08T20:15:45.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/randomize/wordpress-randomize-plugin-1-4-3-contributor-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52205.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52205",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T20:15:45.463",
"lastModified": "2024-01-08T20:15:45.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/html5-soundcloud-player-with-playlist/wordpress-html5-soundcloud-player-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52206.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52206",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T20:15:45.680",
"lastModified": "2024-01-08T20:15:45.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-25-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52207.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52207",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T19:15:09.053",
"lastModified": "2024-01-08T19:30:10.403",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/html5-mp3-player-with-playlist/wordpress-html5-mp3-player-plugin-3-0-0-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52208.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52208",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T19:15:09.380",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-2-4-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52213.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52213",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T20:15:45.920",
"lastModified": "2024-01-08T20:15:45.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rate-star-review/wordpress-rate-star-review-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-522xx/CVE-2023-52215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52215",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T18:15:51.680",
"lastModified": "2024-01-08T18:15:51.680",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-522xx/CVE-2023-52216.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52216",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T20:15:46.173",
"lastModified": "2024-01-08T20:15:46.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/js-css-script-optimizer/wordpress-js-css-script-optimizer-plugin-0-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-522xx/CVE-2023-52218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52218",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T18:15:51.870",
"lastModified": "2024-01-08T18:15:51.870",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-522xx/CVE-2023-52219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52219",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T18:15:52.070",
"lastModified": "2024-01-08T18:15:52.070",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-522xx/CVE-2023-52222.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52222",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T19:15:09.577",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-522xx/CVE-2023-52225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52225",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T18:15:52.273",
"lastModified": "2024-01-08T18:15:52.273",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-522xx/CVE-2023-52271.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52271",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T20:15:46.387",
"lastModified": "2024-01-08T20:15:46.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time)."
}
],
"metrics": {},
"references": [
{
"url": "https://northwave-cybersecurity.com/vulnerability-notice-topaz-antifraud",
"source": "cve@mitre.org"
},
{
"url": "https://www.topazevolution.com/en/antifraud/",
"source": "cve@mitre.org"
}
]
}

81
CVE-2023/CVE-2023-522xx/CVE-2023-52284.json
View File

@ -2,27 +2,96 @@
"id": "CVE-2023-52284",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-31T06:15:08.487",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:07:52.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an \"double free or corruption\" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled."
},
{
"lang": "es",
"value": "Bytecode Alliance wasm-micro-runtime (tambi\u00e9n conocido como WebAssembly Micro Runtime o WAMR) anterior a 1.3.0 puede tener un error de \"double free or corruption\" para un m\u00f3dulo WebAssembly v\u00e1lido porque push_pop_frame_ref_offset no se maneja correctamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "8D76C425-15E0-42A8-B9E2-8EC56FF15980"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

20
CVE-2023/CVE-2023-52xx/CVE-2023-5235.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5235",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:09.790",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3db",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-59xx/CVE-2023-5911.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5911",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:09.843",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/dde0767d-1dff-4261-adbe-1f3fdf2d9aae",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-59xx/CVE-2023-5957.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5957",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:09.890",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/70f823ff-64ad-4f05-9eb3-b69b3b79dc12",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-60xx/CVE-2023-6042.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6042",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:09.937",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Any unauthenticated user may send e-mail from the site with any title or content to the admin"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/56a1c050-67b5-43bc-b5b6-28d9a5a59eba",
"source": "contact@wpscan.com"
}
]
}

71
CVE-2023/CVE-2023-60xx/CVE-2023-6093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6093",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-12-31T10:15:08.570",
"lastModified": "2024-01-04T15:15:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:09:29.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,11 +11,31 @@
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad es el resultado de restringir incorrectamente los objetos del marco, lo que genera confusi\u00f3n en el usuario sobre con qu\u00e9 interfaz est\u00e1 interactuando. Esta vulnerabilidad puede llevar al atacante a enga\u00f1ar al usuario para que interact\u00fae con la aplicaci\u00f3n."
"value": "Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad es el resultado de restringir incorrectamente los objetos del frame, lo que genera confusi\u00f3n en el usuario sobre con qu\u00e9 interfaz est\u00e1 interactuando. Esta vulnerabilidad puede llevar al atacante a enga\u00f1ar al usuario para que interact\u00fae con la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@moxa.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
},
{
"source": "psirt@moxa.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:moxa:oncell_g3150a-lte_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.3",
"matchCriteriaId": "4F758200-C50E-4456-AAA9-870206050FAE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:moxa:oncell_g3150a-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BDE004-9181-4030-AEB3-594B9B478879"
}
]
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement",
"source": "psirt@moxa.com"
"source": "psirt@moxa.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-61xx/CVE-2023-6113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6113",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-01T15:15:43.243",
"lastModified": "2024-01-02T13:47:38.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:05:26.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "WP STAGING WordPress Backup Plugin anterior a 3.1.3 y WP STAGING Pro WordPress Backup Plugin anterior a 5.1.3 no impiden que los visitantes filtren informaci\u00f3n clave sobre los procesos de copia de seguridad en curso, lo que permite a atacantes no autenticados descargar dichas copias de seguridad m\u00e1s tarde."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-staging:wp_staging:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.3",
"matchCriteriaId": "6249078F-54BE-4941-9345-AD52EBC82EEC"
}
]
}
]
}
],
"references": [
{
"url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-61xx/CVE-2023-6139.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6139",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:09.980",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/96396a22-f523-4c51-8b72-52be266988aa",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-61xx/CVE-2023-6140.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6140",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.027",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-61xx/CVE-2023-6141.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6141",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.083",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/df12513b-9664-45be-8824-2924bfddf364",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-61xx/CVE-2023-6161.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6161",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.137",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/ca7b6a39-a910-4b4f-b9cc-be444ec44942",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-63xx/CVE-2023-6383.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6383",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.183",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb",
"source": "contact@wpscan.com"
}
]
}

68
CVE-2023/CVE-2023-64xx/CVE-2023-6421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6421",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-01T15:15:43.347",
"lastModified": "2024-01-02T13:47:38.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:08:31.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,14 +11,72 @@
},
{
"lang": "es",
"value": "Download Manager WordPress plugin anterior a 3.2.83 no protege las contrase\u00f1as de descarga de archivos y las filtra al recibir una no v\u00e1lida."
"value": "El complemento Download Manager de WordPress anterior a 3.2.83 no protege las contrase\u00f1as de descarga de archivos y las filtra al recibir una no v\u00e1lida."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.83",
"matchCriteriaId": "9EA740C8-DEA3-4F7E-A804-8E59102ECB35"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-64xx/CVE-2023-6436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6436",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-01-02T13:15:08.930",
"lastModified": "2024-01-02T13:47:18.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:40:27.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ekolbilisim:web_sablonu_yazilimi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20231215",
"matchCriteriaId": "D95E015B-13FA-40D2-B95F-4FE7CF7B6ABD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0001",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-64xx/CVE-2023-6485.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6485",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-01T15:15:43.393",
"lastModified": "2024-01-02T13:47:38.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:31:52.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,14 +11,71 @@
},
{
"lang": "es",
"value": "Html5 Video Player WordPress plugin anterior a 2.5.19 no sanitiza ni escapa a algunas de las configuraciones de su reproductor, lo que, combinado con la falta de comprobaciones de capacidad en torno al plugin, podr\u00eda permitir que cualquier usuario autenticado, como suscriptores bajos, realice ataques de Cross-Site Scripting almacenado contra usuarios con altos privilegios como administradores"
"value": "El complemento Html5 Video Player de WordPress anterior a 2.5.19 no sanitiza ni escapa a algunas de las configuraciones de su reproductor, lo que, combinado con la falta de comprobaciones de capacidad en torno al complemento, podr\u00eda permitir que cualquier usuario autenticado, como suscriptores bajos, realice ataques de Cross-Site Scripting almacenado contra usuarios con altos privilegios como administradores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.19",
"matchCriteriaId": "18C2421F-4BDD-46B6-85AA-C5FDA095A6C8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/759b3866-c619-42cc-94a8-0af6d199cc81",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-65xx/CVE-2023-6505.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6505",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.230",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-65xx/CVE-2023-6528.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6528",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.273",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-65xx/CVE-2023-6529.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6529",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.320",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/c36314c1-a2c0-4816-93c9-e61f9cf7f27a",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-65xx/CVE-2023-6532.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6532",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.363",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6532.txt",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/05a730bc-2d72-49e3-a608-e4390b19e97f",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-65xx/CVE-2023-6555.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6555",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.413",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/58803934-dbd3-422d-88e7-ebbc5e8c0886",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-66xx/CVE-2023-6627.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6627",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.460",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54",
"source": "contact@wpscan.com"
}
]
}

59
CVE-2023/CVE-2023-66xx/CVE-2023-6631.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6631",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-08T19:15:10.507",
"lastModified": "2024-01-08T20:15:46.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
}
],
"references": [
{
"url": "https://subnet.com/contact/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

87
CVE-2023/CVE-2023-66xx/CVE-2023-6693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6693",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T10:15:08.930",
"lastModified": "2024-01-02T13:47:18.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:04:42.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,14 +80,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
"matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6693",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254580",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

20
CVE-2023/CVE-2023-67xx/CVE-2023-6750.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6750",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.680",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/fad9eefe-4552-4d20-a1fd-bb2e172ec8d7",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6845.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6845",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-08T19:15:10.727",
"lastModified": "2024-01-08T19:30:06.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/2023-6845",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/cbdaf158-f277-4be4-b022-68d18dae4c55",
"source": "contact@wpscan.com"
}
]
}

53
CVE-2024/CVE-2024-01xx/CVE-2024-0182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0182",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-01T21:15:24.777",
"lastModified": "2024-01-02T13:47:38.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:25:18.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,14 +95,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:engineers_online_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "461D780B-1D99-40B8-BE65-497FAD073EBE"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.249440",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249440",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-01xx/CVE-2024-0186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0186",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T01:15:08.273",
"lastModified": "2024-01-02T13:47:31.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:26:38.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huiran_host_reseller_system_project:huiran_host_reseller_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "10DCC976-72AC-4F2C-AB2F-282987111DBF"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/WwPWWizD2Spk",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.249444",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249444",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-01xx/CVE-2024-0194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0194",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T21:15:09.760",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:44:29.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeastro:internet_banking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E22B024-DF7A-4CC7-BE59-CFA07165DC9F"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249509",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249509",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2024/CVE-2024-02xx/CVE-2024-0222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0222",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-04T02:15:28.933",
"lastModified": "2024-01-07T02:15:44.190",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:43:37.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,112 @@
"value": "El use after free en ANGLE en Google Chrome anterior a 120.0.6099.199 permiti\u00f3 a un atacante remoto que hab\u00eda comprometido el proceso de renderizado explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.6099.199",
"matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1501798",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-02xx/CVE-2024-0223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0223",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-04T02:15:28.987",
"lastModified": "2024-01-07T02:15:44.243",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:43:03.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "El desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en ANGLE en Google Chrome anterior a 120.0.6099.199 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.6099.199",
"matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1505009",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-02xx/CVE-2024-0224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0224",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-04T02:15:29.033",
"lastModified": "2024-01-07T02:15:44.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:42:29.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "El use after free en WebAudio en Google Chrome anterior a 120.0.6099.199 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.6099.199",
"matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1505086",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-02xx/CVE-2024-0225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0225",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-04T02:15:29.080",
"lastModified": "2024-01-07T02:15:44.340",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:41:43.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "El use after free en WebGPU en Google Chrome anterior a 120.0.6099.199 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.6099.199",
"matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1506923",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-02xx/CVE-2024-0270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0270",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T08:15:07.840",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:04:24.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "BBBECC06-F3D5-4B63-8EB2-8E44A64624C5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249825",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249825",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-216xx/CVE-2024-21623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21623",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T21:15:10.250",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:29:32.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,11 +11,31 @@
},
{
"lang": "es",
"value": "OTCLient es un cliente de tibia alternativo para otserv. Antes de confirmar db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyecci\u00f3n de expresi\u00f3n en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. La confirmaci\u00f3n db560de0b56476c87a2f967466407939196dd254 contiene una soluci\u00f3n para este problema."
"value": "OTCLient es un cliente de tibia alternativo para otserv. Antes del commit db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyecci\u00f3n de expresi\u00f3n en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. El commit db560de0b56476c87a2f967466407939196dd254 contiene una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,26 +70,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mehah:otclient:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-12-30",
"matchCriteriaId": "60A3865E-2453-4A5A-9685-34494CC8BCD1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-216xx/CVE-2024-21627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T21:15:10.467",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:23:49.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,11 +11,31 @@
},
{
"lang": "es",
"value": "PrestaShop es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. Antes de las versiones 8.1.3 y 1.7.8.11, el m\u00e9todo `isCleanHTML` no detecta algunos atributos de eventos. Algunos m\u00f3dulos que utilizan el m\u00e9todo `isCleanHTML` podr\u00edan ser vulnerables a cross site scripting. Las versiones 8.1.3 y 1.7.8.11 contienen un parche para este problema. La mejor soluci\u00f3n es utilizar la biblioteca `HTMLPurifier` para sanitizar la entrada HTML proveniente de los usuarios. La biblioteca ya est\u00e1 disponible como dependencia en el proyecto PrestaShop. Sin embargo, tenga en cuenta que en los modelos de objetos heredados, los campos de tipo `HTML` llamar\u00e1n `isCleanHTML`."
"value": "PrestaShop es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. Antes de las versiones 8.1.3 y 1.7.8.11, el m\u00e9todo `isCleanHTML` no detecta algunos atributos de eventos. Algunos m\u00f3dulos que utilizan el m\u00e9todo `isCleanHTML` podr\u00edan ser vulnerables a cross site scripting. Las versiones 8.1.3 y 1.7.8.11 contienen un parche para este problema. La mejor soluci\u00f3n es utilizar la librer\u00eda `HTMLPurifier` para sanitizar la entrada HTML proveniente de los usuarios. La librer\u00eda ya est\u00e1 disponible como dependencia en el proyecto PrestaShop. Sin embargo, tenga en cuenta que en los modelos de objetos heredados, los campos de tipo `HTML` llamar\u00e1n `isCleanHTML`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -54,18 +84,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.8.11",
"matchCriteriaId": "A2437874-DFE9-40D7-830C-727A225366DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.1.3",
"matchCriteriaId": "6D8ED724-5385-47E2-8BE2-C2588964AADA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-216xx/CVE-2024-21628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:09.687",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:11:25.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.3",
"matchCriteriaId": "A2753F25-DACD-4FB1-A8B6-299D04D7F40A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-216xx/CVE-2024-21650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21650",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-08T16:15:46.903",
"lastModified": "2024-01-08T16:15:46.903",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-217xx/CVE-2024-21744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21744",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T17:15:07.763",
"lastModified": "2024-01-08T17:15:07.763",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-217xx/CVE-2024-21745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21745",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T17:15:07.973",
"lastModified": "2024-01-08T17:15:07.973",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-217xx/CVE-2024-21747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21747",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T17:15:08.163",
"lastModified": "2024-01-08T17:15:08.163",
"vulnStatus": "Received",
"lastModified": "2024-01-08T19:05:05.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

83
CVE-2024/CVE-2024-219xx/CVE-2024-21908.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-21908",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:08.913",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:46:41.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones de TinyMCE anteriores a la 5.9.0 se ven afectadas por una vulnerabilidad de cross site scripting almacenado. Un atacante remoto y no autenticado podr\u00eda insertar HTML manipulado en el editor, lo que provocar\u00eda la ejecuci\u00f3n arbitraria de JavaScript en el navegador de otro usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,22 +60,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.9.0",
"matchCriteriaId": "ABCA10B9-8E44-481C-A931-D81D95400CDF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-5h9g-x5rv-25wg",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
}
]
}

93
CVE-2024/CVE-2024-219xx/CVE-2024-21910.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-21910",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.090",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:46:25.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.\n"
},
{
"lang": "es",
"value": "Las versiones de TinyMCE anteriores a la 5.10.0 se ven afectadas por una vulnerabilidad de cross site scripting. Un atacante remoto y no autenticado podr\u00eda introducir im\u00e1genes manipuladas o URL de enlaces que dar\u00edan como resultado la ejecuci\u00f3n de JavaScript arbitrario en el navegador de un usuario que est\u00e9 editando."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,30 +60,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "1CDEC000-8A31-496B-9137-F71208146F9D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-r8hm-w5f7-wj39",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jazzband/django-tinymce/issues/366",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jazzband/django-tinymce/releases/tag/3.4.0",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pypi.org/project/django-tinymce/3.4.0/",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-219xx/CVE-2024-21911.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-21911",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.170",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T19:46:14.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser."
},
{
"lang": "es",
"value": "Las versiones de TinyMCE anteriores a la 5.6.0 se ven afectadas por una vulnerabilidad de cross site scripting almacenado. Un atacante remoto y no autenticado podr\u00eda insertar HTML manipulado en el editor, lo que provocar\u00eda la ejecuci\u00f3n arbitraria de JavaScript en el navegador de otro usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,26 +60,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6.0",
"matchCriteriaId": "F64C0DD4-B960-418F-A2B0-07A5BFAD3DA3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-w7jx-j77m-wp65",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.npmjs.com/package/tinymce",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
}
]
}

97
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-08T19:00:24.884214+00:00
2024-01-08T21:00:24.445554+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-08T18:59:13.010000+00:00
2024-01-08T20:15:46.437000+00:00
```
### Last Data Feed Release
@ -29,56 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235140
235176
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `36`
* [CVE-2022-2585](CVE-2022/CVE-2022-25xx/CVE-2022-2585.json) (`2024-01-08T18:15:44.383`)
* [CVE-2022-2586](CVE-2022/CVE-2022-25xx/CVE-2022-2586.json) (`2024-01-08T18:15:44.620`)
* [CVE-2022-2588](CVE-2022/CVE-2022-25xx/CVE-2022-2588.json) (`2024-01-08T18:15:44.840`)
* [CVE-2022-2602](CVE-2022/CVE-2022-26xx/CVE-2022-2602.json) (`2024-01-08T18:15:45.037`)
* [CVE-2022-3328](CVE-2022/CVE-2022-33xx/CVE-2022-3328.json) (`2024-01-08T18:15:45.233`)
* [CVE-2023-52215](CVE-2023/CVE-2023-522xx/CVE-2023-52215.json) (`2024-01-08T18:15:51.680`)
* [CVE-2023-52218](CVE-2023/CVE-2023-522xx/CVE-2023-52218.json) (`2024-01-08T18:15:51.870`)
* [CVE-2023-52219](CVE-2023/CVE-2023-522xx/CVE-2023-52219.json) (`2024-01-08T18:15:52.070`)
* [CVE-2023-52225](CVE-2023/CVE-2023-522xx/CVE-2023-52225.json) (`2024-01-08T18:15:52.273`)
* [CVE-2024-21744](CVE-2024/CVE-2024-217xx/CVE-2024-21744.json) (`2024-01-08T17:15:07.763`)
* [CVE-2024-21745](CVE-2024/CVE-2024-217xx/CVE-2024-21745.json) (`2024-01-08T17:15:07.973`)
* [CVE-2024-21747](CVE-2024/CVE-2024-217xx/CVE-2024-21747.json) (`2024-01-08T17:15:08.163`)
* [CVE-2023-6161](CVE-2023/CVE-2023-61xx/CVE-2023-6161.json) (`2024-01-08T19:15:10.137`)
* [CVE-2023-6383](CVE-2023/CVE-2023-63xx/CVE-2023-6383.json) (`2024-01-08T19:15:10.183`)
* [CVE-2023-6505](CVE-2023/CVE-2023-65xx/CVE-2023-6505.json) (`2024-01-08T19:15:10.230`)
* [CVE-2023-6528](CVE-2023/CVE-2023-65xx/CVE-2023-6528.json) (`2024-01-08T19:15:10.273`)
* [CVE-2023-6529](CVE-2023/CVE-2023-65xx/CVE-2023-6529.json) (`2024-01-08T19:15:10.320`)
* [CVE-2023-6532](CVE-2023/CVE-2023-65xx/CVE-2023-6532.json) (`2024-01-08T19:15:10.363`)
* [CVE-2023-6555](CVE-2023/CVE-2023-65xx/CVE-2023-6555.json) (`2024-01-08T19:15:10.413`)
* [CVE-2023-6627](CVE-2023/CVE-2023-66xx/CVE-2023-6627.json) (`2024-01-08T19:15:10.460`)
* [CVE-2023-6750](CVE-2023/CVE-2023-67xx/CVE-2023-6750.json) (`2024-01-08T19:15:10.680`)
* [CVE-2023-6845](CVE-2023/CVE-2023-68xx/CVE-2023-6845.json) (`2024-01-08T19:15:10.727`)
* [CVE-2023-1032](CVE-2023/CVE-2023-10xx/CVE-2023-1032.json) (`2024-01-08T19:15:08.663`)
* [CVE-2023-52190](CVE-2023/CVE-2023-521xx/CVE-2023-52190.json) (`2024-01-08T19:15:08.863`)
* [CVE-2023-52207](CVE-2023/CVE-2023-522xx/CVE-2023-52207.json) (`2024-01-08T19:15:09.053`)
* [CVE-2023-47890](CVE-2023/CVE-2023-478xx/CVE-2023-47890.json) (`2024-01-08T20:15:44.453`)
* [CVE-2023-50982](CVE-2023/CVE-2023-509xx/CVE-2023-50982.json) (`2024-01-08T20:15:44.513`)
* [CVE-2023-51246](CVE-2023/CVE-2023-512xx/CVE-2023-51246.json) (`2024-01-08T20:15:44.723`)
* [CVE-2023-52200](CVE-2023/CVE-2023-522xx/CVE-2023-52200.json) (`2024-01-08T20:15:44.777`)
* [CVE-2023-52203](CVE-2023/CVE-2023-522xx/CVE-2023-52203.json) (`2024-01-08T20:15:45.010`)
* [CVE-2023-52204](CVE-2023/CVE-2023-522xx/CVE-2023-52204.json) (`2024-01-08T20:15:45.263`)
* [CVE-2023-52205](CVE-2023/CVE-2023-522xx/CVE-2023-52205.json) (`2024-01-08T20:15:45.463`)
* [CVE-2023-52206](CVE-2023/CVE-2023-522xx/CVE-2023-52206.json) (`2024-01-08T20:15:45.680`)
* [CVE-2023-52213](CVE-2023/CVE-2023-522xx/CVE-2023-52213.json) (`2024-01-08T20:15:45.920`)
* [CVE-2023-52216](CVE-2023/CVE-2023-522xx/CVE-2023-52216.json) (`2024-01-08T20:15:46.173`)
* [CVE-2023-52271](CVE-2023/CVE-2023-522xx/CVE-2023-52271.json) (`2024-01-08T20:15:46.387`)
* [CVE-2023-6631](CVE-2023/CVE-2023-66xx/CVE-2023-6631.json) (`2024-01-08T19:15:10.507`)
### CVEs modified in the last Commit
Recently modified CVEs: `129`
Recently modified CVEs: `51`
* [CVE-2023-43512](CVE-2023/CVE-2023-435xx/CVE-2023-43512.json) (`2024-01-08T18:58:42.300`)
* [CVE-2023-43514](CVE-2023/CVE-2023-435xx/CVE-2023-43514.json) (`2024-01-08T18:59:13.010`)
* [CVE-2024-0284](CVE-2024/CVE-2024-02xx/CVE-2024-0284.json) (`2024-01-08T17:50:23.470`)
* [CVE-2024-0287](CVE-2024/CVE-2024-02xx/CVE-2024-0287.json) (`2024-01-08T17:51:58.093`)
* [CVE-2024-0288](CVE-2024/CVE-2024-02xx/CVE-2024-0288.json) (`2024-01-08T17:52:18.343`)
* [CVE-2024-0289](CVE-2024/CVE-2024-02xx/CVE-2024-0289.json) (`2024-01-08T17:52:33.037`)
* [CVE-2024-0290](CVE-2024/CVE-2024-02xx/CVE-2024-0290.json) (`2024-01-08T17:52:47.720`)
* [CVE-2024-0283](CVE-2024/CVE-2024-02xx/CVE-2024-0283.json) (`2024-01-08T17:55:40.947`)
* [CVE-2024-0282](CVE-2024/CVE-2024-02xx/CVE-2024-0282.json) (`2024-01-08T17:55:46.990`)
* [CVE-2024-0281](CVE-2024/CVE-2024-02xx/CVE-2024-0281.json) (`2024-01-08T18:04:28.407`)
* [CVE-2024-0280](CVE-2024/CVE-2024-02xx/CVE-2024-0280.json) (`2024-01-08T18:04:43.933`)
* [CVE-2024-0276](CVE-2024/CVE-2024-02xx/CVE-2024-0276.json) (`2024-01-08T18:18:13.730`)
* [CVE-2024-0277](CVE-2024/CVE-2024-02xx/CVE-2024-0277.json) (`2024-01-08T18:18:21.587`)
* [CVE-2024-0278](CVE-2024/CVE-2024-02xx/CVE-2024-0278.json) (`2024-01-08T18:18:29.317`)
* [CVE-2024-0279](CVE-2024/CVE-2024-02xx/CVE-2024-0279.json) (`2024-01-08T18:18:37.673`)
* [CVE-2024-0273](CVE-2024/CVE-2024-02xx/CVE-2024-0273.json) (`2024-01-08T18:19:08.660`)
* [CVE-2024-0274](CVE-2024/CVE-2024-02xx/CVE-2024-0274.json) (`2024-01-08T18:19:13.867`)
* [CVE-2024-0275](CVE-2024/CVE-2024-02xx/CVE-2024-0275.json) (`2024-01-08T18:19:20.420`)
* [CVE-2024-0271](CVE-2024/CVE-2024-02xx/CVE-2024-0271.json) (`2024-01-08T18:21:11.393`)
* [CVE-2024-0272](CVE-2024/CVE-2024-02xx/CVE-2024-0272.json) (`2024-01-08T18:21:25.347`)
* [CVE-2024-0185](CVE-2024/CVE-2024-01xx/CVE-2024-0185.json) (`2024-01-08T18:33:53.383`)
* [CVE-2024-0184](CVE-2024/CVE-2024-01xx/CVE-2024-0184.json) (`2024-01-08T18:34:12.340`)
* [CVE-2024-0183](CVE-2024/CVE-2024-01xx/CVE-2024-0183.json) (`2024-01-08T18:34:33.723`)
* [CVE-2024-0181](CVE-2024/CVE-2024-01xx/CVE-2024-0181.json) (`2024-01-08T18:37:21.657`)
* [CVE-2024-21732](CVE-2024/CVE-2024-217xx/CVE-2024-21732.json) (`2024-01-08T18:51:23.740`)
* [CVE-2023-45561](CVE-2023/CVE-2023-455xx/CVE-2023-45561.json) (`2024-01-08T19:32:10.703`)
* [CVE-2023-26157](CVE-2023/CVE-2023-261xx/CVE-2023-26157.json) (`2024-01-08T19:33:27.113`)
* [CVE-2023-51652](CVE-2023/CVE-2023-516xx/CVE-2023-51652.json) (`2024-01-08T19:35:18.890`)
* [CVE-2023-50711](CVE-2023/CVE-2023-507xx/CVE-2023-50711.json) (`2024-01-08T19:36:27.290`)
* [CVE-2023-49794](CVE-2023/CVE-2023-497xx/CVE-2023-49794.json) (`2024-01-08T19:37:53.727`)
* [CVE-2023-6436](CVE-2023/CVE-2023-64xx/CVE-2023-6436.json) (`2024-01-08T19:40:27.743`)
* [CVE-2023-47488](CVE-2023/CVE-2023-474xx/CVE-2023-47488.json) (`2024-01-08T20:15:44.340`)
* [CVE-2024-0270](CVE-2024/CVE-2024-02xx/CVE-2024-0270.json) (`2024-01-08T19:04:24.233`)
* [CVE-2024-21650](CVE-2024/CVE-2024-216xx/CVE-2024-21650.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21744](CVE-2024/CVE-2024-217xx/CVE-2024-21744.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21745](CVE-2024/CVE-2024-217xx/CVE-2024-21745.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21747](CVE-2024/CVE-2024-217xx/CVE-2024-21747.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21628](CVE-2024/CVE-2024-216xx/CVE-2024-21628.json) (`2024-01-08T19:11:25.070`)
* [CVE-2024-21627](CVE-2024/CVE-2024-216xx/CVE-2024-21627.json) (`2024-01-08T19:23:49.707`)
* [CVE-2024-0182](CVE-2024/CVE-2024-01xx/CVE-2024-0182.json) (`2024-01-08T19:25:18.583`)
* [CVE-2024-0186](CVE-2024/CVE-2024-01xx/CVE-2024-0186.json) (`2024-01-08T19:26:38.947`)
* [CVE-2024-21623](CVE-2024/CVE-2024-216xx/CVE-2024-21623.json) (`2024-01-08T19:29:32.277`)
* [CVE-2024-0225](CVE-2024/CVE-2024-02xx/CVE-2024-0225.json) (`2024-01-08T19:41:43.560`)
* [CVE-2024-0224](CVE-2024/CVE-2024-02xx/CVE-2024-0224.json) (`2024-01-08T19:42:29.143`)
* [CVE-2024-0223](CVE-2024/CVE-2024-02xx/CVE-2024-0223.json) (`2024-01-08T19:43:03.690`)
* [CVE-2024-0222](CVE-2024/CVE-2024-02xx/CVE-2024-0222.json) (`2024-01-08T19:43:37.003`)
* [CVE-2024-0194](CVE-2024/CVE-2024-01xx/CVE-2024-0194.json) (`2024-01-08T19:44:29.260`)
* [CVE-2024-21911](CVE-2024/CVE-2024-219xx/CVE-2024-21911.json) (`2024-01-08T19:46:14.513`)
* [CVE-2024-21910](CVE-2024/CVE-2024-219xx/CVE-2024-21910.json) (`2024-01-08T19:46:25.757`)
* [CVE-2024-21908](CVE-2024/CVE-2024-219xx/CVE-2024-21908.json) (`2024-01-08T19:46:41.157`)
## Download and Usage