From 963dd644cce87f18b191b2e9929ed4a642c42f95 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 3 Jan 2024 05:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-03T05:00:25.105272+00:00 --- CVE-2023/CVE-2023-457xx/CVE-2023-45722.json | 43 +++++++++++ CVE-2023/CVE-2023-457xx/CVE-2023-45723.json | 43 +++++++++++ CVE-2023/CVE-2023-457xx/CVE-2023-45724.json | 43 +++++++++++ CVE-2023/CVE-2023-459xx/CVE-2023-45957.json | 78 ++++++++++++++++++-- CVE-2023/CVE-2023-499xx/CVE-2023-49933.json | 12 +++- CVE-2023/CVE-2023-499xx/CVE-2023-49934.json | 12 +++- CVE-2023/CVE-2023-499xx/CVE-2023-49935.json | 12 +++- CVE-2023/CVE-2023-499xx/CVE-2023-49936.json | 12 +++- CVE-2023/CVE-2023-499xx/CVE-2023-49937.json | 12 +++- CVE-2023/CVE-2023-499xx/CVE-2023-49938.json | 12 +++- CVE-2023/CVE-2023-503xx/CVE-2023-50341.json | 43 +++++++++++ CVE-2023/CVE-2023-503xx/CVE-2023-50342.json | 43 +++++++++++ CVE-2023/CVE-2023-503xx/CVE-2023-50343.json | 43 +++++++++++ CVE-2023/CVE-2023-503xx/CVE-2023-50344.json | 43 +++++++++++ CVE-2023/CVE-2023-507xx/CVE-2023-50712.json | 56 +++++++++++++-- CVE-2023/CVE-2023-507xx/CVE-2023-50725.json | 67 +++++++++++++++-- CVE-2023/CVE-2023-507xx/CVE-2023-50727.json | 62 ++++++++++++++-- CVE-2023/CVE-2023-510xx/CVE-2023-51034.json | 80 +++++++++++++++++++-- CVE-2023/CVE-2023-510xx/CVE-2023-51035.json | 80 +++++++++++++++++++-- CVE-2023/CVE-2023-516xx/CVE-2023-51661.json | 75 +++++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7134.json | 73 +++++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7135.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7136.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7137.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7138.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7139.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7140.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7141.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7142.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7143.json | 61 ++++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7149.json | 56 +++++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7155.json | 57 +++++++++++++-- README.md | 60 ++++++++++------ 33 files changed, 1535 insertions(+), 131 deletions(-) create mode 100644 CVE-2023/CVE-2023-457xx/CVE-2023-45722.json create mode 100644 CVE-2023/CVE-2023-457xx/CVE-2023-45723.json create mode 100644 CVE-2023/CVE-2023-457xx/CVE-2023-45724.json create mode 100644 CVE-2023/CVE-2023-503xx/CVE-2023-50341.json create mode 100644 CVE-2023/CVE-2023-503xx/CVE-2023-50342.json create mode 100644 CVE-2023/CVE-2023-503xx/CVE-2023-50343.json create mode 100644 CVE-2023/CVE-2023-503xx/CVE-2023-50344.json diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45722.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45722.json new file mode 100644 index 00000000000..ef058a4ead6 --- /dev/null +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45722.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-45722", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-01-03T03:15:09.200", + "lastModified": "2024-01-03T03:15:09.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. \u00a0The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45723.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45723.json new file mode 100644 index 00000000000..55cbd8c4814 --- /dev/null +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45723.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-45723", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-01-03T03:15:09.380", + "lastModified": "2024-01-03T03:15:09.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. \u00a0Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45724.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45724.json new file mode 100644 index 00000000000..fddd6214d23 --- /dev/null +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45724.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-45724", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-01-03T03:15:09.537", + "lastModified": "2024-01-03T03:15:09.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45957.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45957.json index fc547a667cb..93539c2cb87 100644 --- a/CVE-2023/CVE-2023-459xx/CVE-2023-45957.json +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45957.json @@ -2,27 +2,93 @@ "id": "CVE-2023-45957", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T16:15:08.327", - "lastModified": "2023-12-22T20:32:41.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T03:06:41.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en el componente admin/AdminRequestSqlController.php de thirty bees anteriores a 1.5.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante un manejo incorrecto del error $e->getMessage()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thirtybees:thirty_bees:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.5.0", + "matchCriteriaId": "6F616AF3-86CE-490F-A99D-5FA8C80254BE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/thirtybees/thirtybees/commit/f5b2c1e0094ce53fded1443bab99a604ae8e2968", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/thirtybees/thirtybees/compare/1.4.0...1.5.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://zigrin.com/advisories/thirty-bees-stored-cross-site-scripting-xss/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json index d0792d01f07..10f36c2eed5 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49933", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T05:15:08.810", - "lastModified": "2023-12-20T18:50:47.213", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-03T03:15:09.697", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -87,6 +87,14 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/", + "source": "cve@mitre.org" + }, { "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json index 62174eb4c3f..ee822c3bd3b 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49934", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T05:15:10.023", - "lastModified": "2023-12-20T18:49:55.000", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-03T03:15:09.803", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -73,6 +73,14 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/", + "source": "cve@mitre.org" + }, { "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json index 48054a23e92..24b916515b0 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49935", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T05:15:10.490", - "lastModified": "2023-12-20T18:47:36.937", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-03T03:15:09.867", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -80,6 +80,14 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/", + "source": "cve@mitre.org" + }, { "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json index fed287ee5ca..9f5f4c89e2f 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49936", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T05:15:10.980", - "lastModified": "2023-12-20T18:47:01.043", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-03T03:15:09.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -87,6 +87,14 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/", + "source": "cve@mitre.org" + }, { "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json index 77a81edd7f1..27f11706b94 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49937", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T05:15:11.493", - "lastModified": "2023-12-21T17:17:34.317", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-03T03:15:09.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -87,6 +87,14 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/", + "source": "cve@mitre.org" + }, { "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json index 1446596ec25..db2bdb9229a 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49938", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T05:15:11.890", - "lastModified": "2023-12-19T16:08:07.640", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-03T03:15:10.053", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -77,6 +77,14 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/", + "source": "cve@mitre.org" + }, { "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50341.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50341.json new file mode 100644 index 00000000000..2d5ecff32e5 --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50341.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-50341", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-01-03T03:15:10.127", + "lastModified": "2024-01-03T03:15:10.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50342.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50342.json new file mode 100644 index 00000000000..83e9f7daf73 --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50342.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-50342", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-01-03T03:15:10.817", + "lastModified": "2024-01-03T03:15:10.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. \u00a0A user can obtain certain details about another user as a result of improper access control.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50343.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50343.json new file mode 100644 index 00000000000..93997f8099e --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50343.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-50343", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-01-03T03:15:11.210", + "lastModified": "2024-01-03T03:15:11.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50344.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50344.json new file mode 100644 index 00000000000..97d035aa9d9 --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50344.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-50344", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-01-03T03:15:11.373", + "lastModified": "2024-01-03T03:15:11.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50712.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50712.json index 3aca8d4df5e..efab97cf91c 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50712.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50712.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50712", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T20:15:07.443", - "lastModified": "2023-12-22T20:32:25.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T03:12:23.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available." + }, + { + "lang": "es", + "value": "Iris es una plataforma colaborativa web que tiene como objetivo ayudar a los servicios de respuesta a incidentes a compartir detalles t\u00e9cnicos durante las investigaciones. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en iris-web, que afecta a varias ubicaciones en versiones anteriores a la v2.3.7. La vulnerabilidad puede permitir a un atacante inyectar scripts maliciosos en la aplicaci\u00f3n, que luego podr\u00edan ejecutarse cuando un usuario visite las ubicaciones afectadas. Esto podr\u00eda provocar acceso no autorizado, robo de datos u otras actividades maliciosas relacionadas. Un atacante debe autenticarse en la aplicaci\u00f3n para aprovechar esta vulnerabilidad. El problema se solucion\u00f3 en la versi\u00f3n v2.3.7 de iris-web. No hay soluciones conocidas disponibles." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +74,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.3.7", + "matchCriteriaId": "1D39F424-50ED-4F5B-ACE2-9524841C32E1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50725.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50725.json index 7f54ae85501..2952b90d0ab 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50725.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50725.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50725", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T20:15:07.657", - "lastModified": "2023-12-22T20:32:25.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T03:20:02.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: \"/failed/?class=\" and \"/queues/>\". This issue has been patched in version 2.2.1." + }, + { + "lang": "es", + "value": "Resque es una librer\u00eda Ruby respaldada por Redis para crear jobs en segundo plano, colocarlos en varias colas y procesarlos m\u00e1s tarde. Se ha descubierto que las siguientes rutas en resque-web son vulnerables al XSS reflejado: \"/failed/?class=\" y \"/queues/>\". Este problema se solucion\u00f3 en la versi\u00f3n 2.2.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +70,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:resque:resque:*:*:*:*:*:ruby:*:*", + "versionEndExcluding": "2.2.1", + "matchCriteriaId": "C9D16E9F-4E53-4657-99FF-1CD6DB37F6C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/resque/resque/commit/ee99d2ed6cc75d9d384483b70c2d96d312115f07", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/resque/resque/pull/1790", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/resque/resque/security/advisories/GHSA-gc3j-vvwf-4rp8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50725.yml", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50727.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50727.json index f8133e20313..fee066b7107 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50727.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50727.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50727", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T21:15:07.690", - "lastModified": "2023-12-25T03:08:20.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T03:25:51.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /\">. This issue has been patched in version 2.6.0." + }, + { + "lang": "es", + "value": "Resque es una librer\u00eda Ruby respaldada por Redis para crear trabajos en segundo plano, colocarlos en varias colas y procesarlos m\u00e1s tarde. El problema de XSS reflejado ocurre cuando /queues se agrega con /\">. Este problema se solucion\u00f3 en la versi\u00f3n 2.6.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:resque:resque:*:*:*:*:*:ruby:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "443F9594-AEFD-4F85-BFEF-5C7C70C44DF7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/resque/resque/commit/7623b8dfbdd0a07eb04b19fb25b16a8d6f087f9a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/resque/resque/pull/1865", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/resque/resque/security/advisories/GHSA-r9mq-m72x-257g", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51034.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51034.json index 00b45788bd2..fb9226a1ed1 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51034.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51034.json @@ -2,19 +2,91 @@ "id": "CVE-2023-51034", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T19:15:09.877", - "lastModified": "2023-12-22T20:32:25.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T03:17:07.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface." + }, + { + "lang": "es", + "value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios a trav\u00e9s de la interfaz cstecgi.cgi UploadFirmwareFile." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A5A448-0444-4DA7-8C74-66AA5300D40D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ex1200l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4BC1501-2EAC-43B7-83E0-04FBA874D29D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51035.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51035.json index 5ddb29bef7b..5231f15fe2a 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51035.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51035.json @@ -2,19 +2,91 @@ "id": "CVE-2023-51035", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T19:15:09.920", - "lastModified": "2023-12-22T20:32:25.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T03:15:54.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface." + }, + { + "lang": "es", + "value": "TOTOLINK EX1200L V9.3.5u.6146_B20201023 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios en la interfaz cstecgi.cgi NTPSyncWithHost." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A5A448-0444-4DA7-8C74-66AA5300D40D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ex1200l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4BC1501-2EAC-43B7-83E0-04FBA874D29D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51661.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51661.json index cbaa5dd05de..26a4b629064 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51661.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51661.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51661", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T15:15:08.377", - "lastModified": "2023-12-22T20:32:41.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T03:03:04.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4." + }, + { + "lang": "es", + "value": "Wasmer es un runtime de WebAssembly que permite que los contenedores se ejecuten en cualquier lugar: desde el escritorio hasta la nube, Edge e incluso el navegador. Los programas Wasm pueden acceder al sistema de archivos fuera del entorno limitado. Los proveedores de servicios que ejecutan c\u00f3digo Wasm que no es de confianza en Wasmer pueden exponer inesperadamente el sistema de archivos del host. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.2.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +80,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wasmer:wasmer:*:*:*:*:*:rust:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "4.2.4", + "matchCriteriaId": "14DB3027-8D4F-47CB-9B0C-9603C74C4299" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/wasmerio/wasmer/issues/4267", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7134.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7134.json index 443b91569c2..3219566e2db 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7134.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7134.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7134", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T20:16:07.607", - "lastModified": "2023-12-28T20:21:23.907", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:54:46.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Medicine Tracking System 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a path traversal: '../filedir'. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249137." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:medicine_tracker_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "44A35599-C92F-4A69-B7B1-C768223118FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@2839549219ljk/medicine-tracking-system-rce-vulnerability-1f009165b915", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249137", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249137", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json index a83d31a4406..04e408ec86a 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7135", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T21:15:07.897", - "lastModified": "2023-12-29T03:13:50.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:54:08.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument officename with the input \"> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249138 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en code-projects Record Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /main/offices.php del componente Offices Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento officename con la entrada \"> conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser utilizado. VDB-249138 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:record_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "885E7D96-AB41-42EC-9FCD-9A75D814A98C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Record_Management_System/Record_Management_System-Blind_Cross_Site_Scripting-1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249138", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249138", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json index 8dcba3a5b25..c0b80ccabf7 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7136", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T21:15:08.130", - "lastModified": "2023-12-29T03:13:50.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:54:01.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the argument docname with the input \"> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249139." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en code-projects Record Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /main/doctype.php del componente Document Type Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento docname con la entrada \"> conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser utilizada. El identificador asociado de esta vulnerabilidad es VDB-249139." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:record_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "885E7D96-AB41-42EC-9FCD-9A75D814A98C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Record_Management_System/Record_Management_System-Blind_Cross_Site_Scripting-2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249139", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249139", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json index 8447d5eb1cc..2f4203556a2 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7137", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T22:15:45.373", - "lastModified": "2023-12-29T03:13:50.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:53:54.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140." + }, + { + "lang": "es", + "value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Client Details System 1.0. Una funci\u00f3n desconocida del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento uemail conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249140." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249140", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249140", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json index 499a99f103e..6cb84703ea2 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7138", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T22:15:45.603", - "lastModified": "2023-12-29T03:13:50.730", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:53:48.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en code-projects Client Details System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /admin del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento username o conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249141." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249141", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249141", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json index 68086b2b49e..f8f60419188 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7139", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T23:15:44.263", - "lastModified": "2023-12-29T03:13:44.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:53:39.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0 y se clasific\u00f3 como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/regester.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento fname/lname/email/contact conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249142 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_3.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249142", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249142", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json index 600ffe93730..cfecc655146 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7140", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T23:15:44.623", - "lastModified": "2023-12-29T03:13:44.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:53:29.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249143." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0 y se clasific\u00f3 como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /admin/manage-users.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249143." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_4.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249143", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249143", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json index 7d22aac740b..a7170361dc0 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7141", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T00:15:50.517", - "lastModified": "2023-12-29T03:13:44.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:53:19.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/update-clients.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento uid conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249144." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_5.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249144", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249144", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json index 627ea5922f7..44420acd6f2 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7142", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T00:15:50.740", - "lastModified": "2023-12-29T03:13:44.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:53:10.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0. Ha sido declarada problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/clientview.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ID conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249145." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_6.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249145", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249145", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json index 9896516a20d..053e9fc691f 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7143", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T01:15:43.917", - "lastModified": "2023-12-29T03:13:44.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:53:01.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/regester.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fname/lname/email/contact conduce a cross site scripting. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249146 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-Blind_Cross_Site_Scripting.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249146", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249146", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7149.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7149.json index 7e3a6352483..766d0068dda 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7149.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7149.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7149", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T04:15:11.103", - "lastModified": "2023-12-29T13:56:39.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:49:35.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:qr_code_generator:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "98482386-BBC2-4F5E-AFDB-AEB5CFA588AD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/QR_Code_Generator/QR_Code_Generator-Reflected_Cross_Site_Scripting.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.249153", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249153", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7155.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7155.json index 8a80445acab..63627b938da 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7155.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7155.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7155", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T05:15:09.843", - "lastModified": "2023-12-29T13:56:33.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T04:49:27.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D414DE2C-F2F3-4159-9D7F-A81930652C97" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@heishou/inventory-management-system-sql-injection-f6d67247c7ae", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249177", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249177", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 60689482cf3..86b80ac3e75 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-03T03:00:25.072289+00:00 +2024-01-03T05:00:25.105272+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-03T02:51:33.450000+00:00 +2024-01-03T04:54:46.117000+00:00 ``` ### Last Data Feed Release @@ -29,37 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234742 +234749 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `7` -* [CVE-2023-41776](CVE-2023/CVE-2023-417xx/CVE-2023-41776.json) (`2024-01-03T02:15:42.993`) -* [CVE-2023-41779](CVE-2023/CVE-2023-417xx/CVE-2023-41779.json) (`2024-01-03T02:15:43.217`) -* [CVE-2023-41780](CVE-2023/CVE-2023-417xx/CVE-2023-41780.json) (`2024-01-03T02:15:43.403`) -* [CVE-2023-41783](CVE-2023/CVE-2023-417xx/CVE-2023-41783.json) (`2024-01-03T02:15:43.573`) -* [CVE-2023-50345](CVE-2023/CVE-2023-503xx/CVE-2023-50345.json) (`2024-01-03T02:15:43.757`) -* [CVE-2023-50346](CVE-2023/CVE-2023-503xx/CVE-2023-50346.json) (`2024-01-03T02:15:43.913`) -* [CVE-2023-50348](CVE-2023/CVE-2023-503xx/CVE-2023-50348.json) (`2024-01-03T02:15:44.070`) -* [CVE-2023-50350](CVE-2023/CVE-2023-503xx/CVE-2023-50350.json) (`2024-01-03T02:15:44.227`) -* [CVE-2023-50351](CVE-2023/CVE-2023-503xx/CVE-2023-50351.json) (`2024-01-03T02:15:44.387`) +* [CVE-2023-45722](CVE-2023/CVE-2023-457xx/CVE-2023-45722.json) (`2024-01-03T03:15:09.200`) +* [CVE-2023-45723](CVE-2023/CVE-2023-457xx/CVE-2023-45723.json) (`2024-01-03T03:15:09.380`) +* [CVE-2023-45724](CVE-2023/CVE-2023-457xx/CVE-2023-45724.json) (`2024-01-03T03:15:09.537`) +* [CVE-2023-50341](CVE-2023/CVE-2023-503xx/CVE-2023-50341.json) (`2024-01-03T03:15:10.127`) +* [CVE-2023-50342](CVE-2023/CVE-2023-503xx/CVE-2023-50342.json) (`2024-01-03T03:15:10.817`) +* [CVE-2023-50343](CVE-2023/CVE-2023-503xx/CVE-2023-50343.json) (`2024-01-03T03:15:11.210`) +* [CVE-2023-50344](CVE-2023/CVE-2023-503xx/CVE-2023-50344.json) (`2024-01-03T03:15:11.373`) ### CVEs modified in the last Commit -Recently modified CVEs: `9` +Recently modified CVEs: `25` -* [CVE-2023-7024](CVE-2023/CVE-2023-70xx/CVE-2023-7024.json) (`2024-01-03T02:00:01.237`) -* [CVE-2023-7101](CVE-2023/CVE-2023-71xx/CVE-2023-7101.json) (`2024-01-03T02:00:01.237`) -* [CVE-2023-49391](CVE-2023/CVE-2023-493xx/CVE-2023-49391.json) (`2024-01-03T02:17:23.870`) -* [CVE-2023-48298](CVE-2023/CVE-2023-482xx/CVE-2023-48298.json) (`2024-01-03T02:23:30.487`) -* [CVE-2023-27319](CVE-2023/CVE-2023-273xx/CVE-2023-27319.json) (`2024-01-03T02:24:18.600`) -* [CVE-2023-4255](CVE-2023/CVE-2023-42xx/CVE-2023-4255.json) (`2024-01-03T02:30:35.597`) -* [CVE-2023-43741](CVE-2023/CVE-2023-437xx/CVE-2023-43741.json) (`2024-01-03T02:33:51.573`) -* [CVE-2023-43116](CVE-2023/CVE-2023-431xx/CVE-2023-43116.json) (`2024-01-03T02:41:10.107`) -* [CVE-2023-4256](CVE-2023/CVE-2023-42xx/CVE-2023-4256.json) (`2024-01-03T02:51:33.450`) +* [CVE-2023-51661](CVE-2023/CVE-2023-516xx/CVE-2023-51661.json) (`2024-01-03T03:03:04.737`) +* [CVE-2023-45957](CVE-2023/CVE-2023-459xx/CVE-2023-45957.json) (`2024-01-03T03:06:41.180`) +* [CVE-2023-50712](CVE-2023/CVE-2023-507xx/CVE-2023-50712.json) (`2024-01-03T03:12:23.060`) +* [CVE-2023-49933](CVE-2023/CVE-2023-499xx/CVE-2023-49933.json) (`2024-01-03T03:15:09.697`) +* [CVE-2023-49934](CVE-2023/CVE-2023-499xx/CVE-2023-49934.json) (`2024-01-03T03:15:09.803`) +* [CVE-2023-49935](CVE-2023/CVE-2023-499xx/CVE-2023-49935.json) (`2024-01-03T03:15:09.867`) +* [CVE-2023-49936](CVE-2023/CVE-2023-499xx/CVE-2023-49936.json) (`2024-01-03T03:15:09.927`) +* [CVE-2023-49937](CVE-2023/CVE-2023-499xx/CVE-2023-49937.json) (`2024-01-03T03:15:09.990`) +* [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2024-01-03T03:15:10.053`) +* [CVE-2023-51035](CVE-2023/CVE-2023-510xx/CVE-2023-51035.json) (`2024-01-03T03:15:54.027`) +* [CVE-2023-51034](CVE-2023/CVE-2023-510xx/CVE-2023-51034.json) (`2024-01-03T03:17:07.367`) +* [CVE-2023-50725](CVE-2023/CVE-2023-507xx/CVE-2023-50725.json) (`2024-01-03T03:20:02.863`) +* [CVE-2023-50727](CVE-2023/CVE-2023-507xx/CVE-2023-50727.json) (`2024-01-03T03:25:51.337`) +* [CVE-2023-7155](CVE-2023/CVE-2023-71xx/CVE-2023-7155.json) (`2024-01-03T04:49:27.117`) +* [CVE-2023-7149](CVE-2023/CVE-2023-71xx/CVE-2023-7149.json) (`2024-01-03T04:49:35.240`) +* [CVE-2023-7143](CVE-2023/CVE-2023-71xx/CVE-2023-7143.json) (`2024-01-03T04:53:01.273`) +* [CVE-2023-7142](CVE-2023/CVE-2023-71xx/CVE-2023-7142.json) (`2024-01-03T04:53:10.423`) +* [CVE-2023-7141](CVE-2023/CVE-2023-71xx/CVE-2023-7141.json) (`2024-01-03T04:53:19.940`) +* [CVE-2023-7140](CVE-2023/CVE-2023-71xx/CVE-2023-7140.json) (`2024-01-03T04:53:29.893`) +* [CVE-2023-7139](CVE-2023/CVE-2023-71xx/CVE-2023-7139.json) (`2024-01-03T04:53:39.277`) +* [CVE-2023-7138](CVE-2023/CVE-2023-71xx/CVE-2023-7138.json) (`2024-01-03T04:53:48.110`) +* [CVE-2023-7137](CVE-2023/CVE-2023-71xx/CVE-2023-7137.json) (`2024-01-03T04:53:54.747`) +* [CVE-2023-7136](CVE-2023/CVE-2023-71xx/CVE-2023-7136.json) (`2024-01-03T04:54:01.213`) +* [CVE-2023-7135](CVE-2023/CVE-2023-71xx/CVE-2023-7135.json) (`2024-01-03T04:54:08.240`) +* [CVE-2023-7134](CVE-2023/CVE-2023-71xx/CVE-2023-7134.json) (`2024-01-03T04:54:46.117`) ## Download and Usage