From 96a261783a670f4e90125d277ce41617967dabf3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 16 Nov 2023 21:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-16T21:00:18.085287+00:00 --- CVE-2023/CVE-2023-281xx/CVE-2023-28173.json | 61 +++++++++- CVE-2023/CVE-2023-286xx/CVE-2023-28621.json | 59 ++++++++++ CVE-2023/CVE-2023-299xx/CVE-2023-29975.json | 63 +++++++++- CVE-2023/CVE-2023-327xx/CVE-2023-32796.json | 55 +++++++++ CVE-2023/CVE-2023-329xx/CVE-2023-32957.json | 55 +++++++++ CVE-2023/CVE-2023-343xx/CVE-2023-34375.json | 55 +++++++++ CVE-2023/CVE-2023-360xx/CVE-2023-36008.json | 43 +++++++ CVE-2023/CVE-2023-360xx/CVE-2023-36026.json | 43 +++++++ CVE-2023/CVE-2023-360xx/CVE-2023-36027.json | 70 ++++++++++- CVE-2023/CVE-2023-364xx/CVE-2023-36423.json | 14 ++- CVE-2023/CVE-2023-397xx/CVE-2023-39796.json | 73 +++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39926.json | 55 +++++++++ CVE-2023/CVE-2023-43xx/CVE-2023-4379.json | 70 ++++++++++- CVE-2023/CVE-2023-451xx/CVE-2023-45167.json | 72 +++++++++++- CVE-2023/CVE-2023-458xx/CVE-2023-45816.json | 77 +++++++++++- CVE-2023/CVE-2023-461xx/CVE-2023-46130.json | 77 +++++++++++- CVE-2023/CVE-2023-467xx/CVE-2023-46729.json | 58 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47119.json | 87 +++++++++++++- CVE-2023/CVE-2023-472xx/CVE-2023-47239.json | 55 +++++++++ CVE-2023/CVE-2023-472xx/CVE-2023-47240.json | 55 +++++++++ CVE-2023/CVE-2023-472xx/CVE-2023-47242.json | 55 +++++++++ CVE-2023/CVE-2023-472xx/CVE-2023-47245.json | 55 +++++++++ CVE-2023/CVE-2023-475xx/CVE-2023-47508.json | 55 +++++++++ CVE-2023/CVE-2023-475xx/CVE-2023-47509.json | 55 +++++++++ CVE-2023/CVE-2023-475xx/CVE-2023-47511.json | 55 +++++++++ CVE-2023/CVE-2023-475xx/CVE-2023-47512.json | 55 +++++++++ CVE-2023/CVE-2023-475xx/CVE-2023-47514.json | 4 +- CVE-2023/CVE-2023-480xx/CVE-2023-48052.json | 4 +- CVE-2023/CVE-2023-480xx/CVE-2023-48053.json | 4 +- CVE-2023/CVE-2023-480xx/CVE-2023-48054.json | 4 +- CVE-2023/CVE-2023-480xx/CVE-2023-48055.json | 4 +- CVE-2023/CVE-2023-480xx/CVE-2023-48056.json | 4 +- CVE-2023/CVE-2023-481xx/CVE-2023-48134.json | 20 ++++ CVE-2023/CVE-2023-55xx/CVE-2023-5540.json | 122 +++++++++++++++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5542.json | 93 ++++++++++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5545.json | 121 ++++++++++++++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5548.json | 122 +++++++++++++++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5549.json | 122 +++++++++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5954.json | 93 ++++++++++++++- CVE-2023/CVE-2023-61xx/CVE-2023-6176.json | 4 +- README.md | 94 ++++++++------- 41 files changed, 2202 insertions(+), 140 deletions(-) create mode 100644 CVE-2023/CVE-2023-286xx/CVE-2023-28621.json create mode 100644 CVE-2023/CVE-2023-327xx/CVE-2023-32796.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32957.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34375.json create mode 100644 CVE-2023/CVE-2023-360xx/CVE-2023-36008.json create mode 100644 CVE-2023/CVE-2023-360xx/CVE-2023-36026.json create mode 100644 CVE-2023/CVE-2023-399xx/CVE-2023-39926.json create mode 100644 CVE-2023/CVE-2023-472xx/CVE-2023-47239.json create mode 100644 CVE-2023/CVE-2023-472xx/CVE-2023-47240.json create mode 100644 CVE-2023/CVE-2023-472xx/CVE-2023-47242.json create mode 100644 CVE-2023/CVE-2023-472xx/CVE-2023-47245.json create mode 100644 CVE-2023/CVE-2023-475xx/CVE-2023-47508.json create mode 100644 CVE-2023/CVE-2023-475xx/CVE-2023-47509.json create mode 100644 CVE-2023/CVE-2023-475xx/CVE-2023-47511.json create mode 100644 CVE-2023/CVE-2023-475xx/CVE-2023-47512.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48134.json diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28173.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28173.json index 1dc1aec1e53..a177eefd397 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28173.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28173.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28173", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-12T23:15:09.813", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:26:02.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <=\u00a02.1.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Amit Agarwal Google XML Sitemap for Images en versiones <= 2.1.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitalinspiration:google_xml_sitemap_for_images:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.3", + "matchCriteriaId": "FA56AEB3-980F-4644-A732-F61D18243474" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/google-image-sitemap/wordpress-google-xml-sitemap-for-images-plugin-2-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28621.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28621.json new file mode 100644 index 00000000000..89889b71be9 --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28621.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28621", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T20:15:27.317", + "lastModified": "2023-11-16T20:15:27.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/raise-mag/wordpress-raise-mag-theme-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/wishful-blog/wordpress-wishful-blog-theme-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29975.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29975.json index d8c0580e05b..d3f5c4b45d8 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29975.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29975.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29975", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-09T22:15:10.583", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:32:37.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Un problema descubierto en Pfsense CE versi\u00f3n 2.6.0 permite a los atacantes cambiar la contrase\u00f1a de cualquier usuario sin verificaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pfsense:pfsense:2.6.0:*:*:*:community:*:*:*", + "matchCriteriaId": "7F69B7B3-805F-4604-9710-80F11F5E4142" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.esecforte.com/cve-2023-29975-unverified-password-changed/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32796.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32796.json new file mode 100644 index 00000000000..705ab0bbf64 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32796.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32796", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T20:15:27.523", + "lastModified": "2023-11-16T20:15:27.523", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <=\u00a02.3.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-product-enquiry/wordpress-woocommerce-product-enquiry-plugin-2-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32957.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32957.json new file mode 100644 index 00000000000..d3be43f9c71 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32957.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32957", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T20:15:27.733", + "lastModified": "2023-11-16T20:15:27.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <=\u00a01.3.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/dazzlersoft-teams/wordpress-team-members-showcase-plugin-1-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34375.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34375.json new file mode 100644 index 00000000000..c15236f1bff --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34375.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34375", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T20:15:27.923", + "lastModified": "2023-11-16T20:15:27.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <=\u00a01.2.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/seo-by-10web/wordpress-seo-by-10web-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36008.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36008.json new file mode 100644 index 00000000000..73e6ab16979 --- /dev/null +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36008.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36008", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-11-16T20:15:28.143", + "lastModified": "2023-11-16T20:15:28.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36008", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36026.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36026.json new file mode 100644 index 00000000000..1c3377c4c47 --- /dev/null +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36026.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36026", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-11-16T20:15:28.383", + "lastModified": "2023-11-16T20:15:28.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36026", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36027.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36027.json index ad939b54ab9..855c76c1821 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36027.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36027.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36027", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-10T20:15:07.263", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T20:02:02.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -34,10 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:extended_stable:*:*:*", + "versionEndExcluding": "118.0.2088.102", + "matchCriteriaId": "06209F61-ECBC-4FF8-B561-C932DA3DB2C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0.2151.58", + "matchCriteriaId": "19B758D7-F31B-4FF7-AA43-D58BD270D5F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36027", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36423.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36423.json index 6f46088a0b3..86f9350bb0d 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36423.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36423.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36423", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:45.540", - "lastModified": "2023-11-14T18:51:33.217", + "lastModified": "2023-11-16T20:15:28.990", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Microsoft Remote Registry Service Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servicio de registro remoto de Microsoft." } ], "metrics": { @@ -17,19 +21,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 7.2, + "baseScore": 8.8, "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.2, + "exploitabilityScore": 2.8, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39796.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39796.json index 54619a19175..a13d0a55de0 100644 --- a/CVE-2023/CVE-2023-397xx/CVE-2023-39796.json +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39796.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39796", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-10T06:15:30.410", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:20:34.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,80 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo miniform en WBCE CMS v.1.6.0 permite a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro DB_RECORD_TABLE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6B81FDDE-F423-40D6-A71D-0F78C9735487" + } + ] + } + ] + } + ], "references": [ { "url": "https://forum.wbce.org/viewtopic.php?pid=42046#p42046", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://pastebin.com/PBw5AvGp", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39926.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39926.json new file mode 100644 index 00000000000..4562a8c198c --- /dev/null +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39926.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39926", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T20:15:29.297", + "lastModified": "2023-11-16T20:15:29.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <=\u00a02.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/coming-soon-maintenance-mode-from-acurax/wordpress-under-construction-maintenance-mode-from-acurax-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4379.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4379.json index b6aa3cda510..44bb27375d6 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4379.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4379.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4379", "sourceIdentifier": "cve@gitlab.com", "published": "2023-11-09T21:15:24.930", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:24:36.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,10 +80,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.3.0", + "versionEndExcluding": "16.2.8", + "matchCriteriaId": "863E98A5-7F1C-4CFA-A209-19E66F04A718" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.3.0", + "versionEndExcluding": "16.3.5", + "matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415496", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45167.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45167.json index dccf8778685..4b2452ee7a5 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45167.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45167.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45167", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-11-10T04:15:07.070", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:15:25.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -50,18 +80,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "37B9B26F-4749-4086-9477-655F6635CAC6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78" + } + ] + } + ] + } + ], "references": [ { "url": "https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267965", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7068084", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45816.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45816.json index e82db9acdaa..9de1d0d6679 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45816.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45816.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45816", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-10T15:15:08.667", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:38:00.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds." + }, + { + "lang": "es", + "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama \"stable\" y la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", existe un caso extremo en el que se env\u00eda un recordatorio de marcador y se genera una notificaci\u00f3n de no le\u00eddos. pero la seguridad subyacente de los marcadores (por ejemplo, publicaci\u00f3n, tema, mensaje de chat) ha cambiado, por lo que el usuario ya no puede acceder al recurso subyacente. A partir de la versi\u00f3n 3.1.3 de la rama \"stable\" y la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", los recordatorios de marcadores ya no se env\u00edan si el usuario no tiene acceso al marcador subyacente, y adem\u00e1s las notificaciones de marcadores no le\u00eddos siempre se filtran por acceso. No se conocen workarounds." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", + "versionEndExcluding": "3.1.3", + "matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", + "versionEndExcluding": "3.2.0", + "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", + "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", + "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46130.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46130.json index 854f8bc99c8..e1e39095a33 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46130.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46130.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46130", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-10T15:15:08.870", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:55:01.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. " + }, + { + "lang": "es", + "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama \"stable\" y la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\", algunos componentes del tema permit\u00edan a los usuarios agregar archivos svg con atributos de \"height\" ilimitados, y esto puede afectar la disponibilidad de respuestas posteriores en un tema. La mayor\u00eda de las instancias de Discourse no se ven afectadas, solo las instancias con el componente de tema svgbob o sirena est\u00e1n dentro del alcance. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". Como workaround, deshabilite o elimine los componentes relevantes del tema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", + "versionEndExcluding": "3.1.3", + "matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", + "versionEndExcluding": "3.2.0", + "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", + "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", + "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46729.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46729.json index 780fc2a1459..a1df7968dcb 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46729.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46729.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46729", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-10T01:15:07.430", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T20:08:55.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sentry:sentry_software_development_kit:*:*:*:*:*:next.js:*:*", + "versionStartIncluding": "7.26.0", + "versionEndExcluding": "7.77.0", + "matchCriteriaId": "F234F1A9-2B66-4031-BDDA-53ACEF501A07" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/getsentry/sentry-javascript/pull/9415", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47119.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47119.json index 5865601b38f..7dc34459631 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47119.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47119.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47119", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-10T15:15:09.077", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:59:21.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds." + }, + { + "lang": "es", + "value": "Discourse es una plataforma de c\u00f3digo abierto para el debate comunitario. Antes de la versi\u00f3n 3.1.3 de la rama `stable` y la versi\u00f3n 3.2.0.beta3 de las ramas `beta` y `tests-passed`, algunos enlaces pueden inyectar etiquetas HTML arbitrarias cuando se procesan a trav\u00e9s de nuestro motor Onebox. El problema se solucion\u00f3 en la versi\u00f3n 3.1.3 de la rama \"stable\" y en la versi\u00f3n 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +80,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", + "versionEndExcluding": "3.1.3", + "matchCriteriaId": "8E31336C-750D-4039-A89F-FF602B59098C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", + "versionEndExcluding": "3.2.0", + "matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", + "matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", + "matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47239.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47239.json new file mode 100644 index 00000000000..49af690ab59 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47239.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47239", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:07.710", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Paterson Easy PayPal Shopping Cart plugin <=\u00a01.1.10 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-paypal-shopping-cart/wordpress-easy-paypal-shopping-cart-plugin-1-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47240.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47240.json new file mode 100644 index 00000000000..88438610018 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47240.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47240", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:07.913", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap plugin <=\u00a01.1.11 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cbxgooglemap/wordpress-cbx-map-for-google-map-openstreetmap-plugin-1-1-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47242.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47242.json new file mode 100644 index 00000000000..03b59319a57 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47242.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47242", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:08.127", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <=\u00a07.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/avcp/wordpress-anac-xml-bandi-di-gara-plugin-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47245.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47245.json new file mode 100644 index 00000000000..c399c021b64 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47245.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47245", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:08.323", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Viewer plugin <=\u00a01.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/anac-xml-viewer/wordpress-anac-xml-viewer-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47508.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47508.json new file mode 100644 index 00000000000..0de5bda73df --- /dev/null +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47508.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47508", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:08.510", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <=\u00a03.6.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/masterslider/wordpress-master-slider-pro-plugin-3-6-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47509.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47509.json new file mode 100644 index 00000000000..d2228c14294 --- /dev/null +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47509.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47509", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:08.697", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <=\u00a01.1.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-edit-templates/wordpress-edit-woocommerce-templates-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47511.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47511.json new file mode 100644 index 00000000000..e3d14977678 --- /dev/null +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47511.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47511", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:08.880", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO WP Pinyin Slugs plugin <=\u00a02.3.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/so-pinyin-slugs/wordpress-pinyin-slugs-plugin-2-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47512.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47512.json new file mode 100644 index 00000000000..ce6683bb370 --- /dev/null +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47512.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47512", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-16T19:15:09.070", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <=\u00a03.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/gm-woocommerce-quote-popup/wordpress-product-enquiry-for-woocommerce-plugin-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json index 807b3bab385..7884788e57a 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47514", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-16T18:15:07.060", - "lastModified": "2023-11-16T18:15:07.060", - "vulnStatus": "Received", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48052.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48052.json index 2da5c07df45..8136228e1a0 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48052.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48052.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48052", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T18:15:07.250", - "lastModified": "2023-11-16T18:15:07.250", - "vulnStatus": "Received", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48053.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48053.json index 508c8c71dca..0e519029035 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48053.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48053.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48053", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T18:15:07.297", - "lastModified": "2023-11-16T18:15:07.297", - "vulnStatus": "Received", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48054.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48054.json index ebe29faf4b7..576e0b580a1 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48054.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48054.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48054", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T18:15:07.343", - "lastModified": "2023-11-16T18:15:07.343", - "vulnStatus": "Received", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json index eca580e1e53..97bb0952a62 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48055", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T18:15:07.390", - "lastModified": "2023-11-16T18:15:07.390", - "vulnStatus": "Received", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json index b15cead7af2..bfe9275ea6f 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48056", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T18:15:07.440", - "lastModified": "2023-11-16T18:15:07.440", - "vulnStatus": "Received", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48134.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48134.json new file mode 100644 index 00000000000..2a5bc728c13 --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48134.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48134", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-16T19:15:09.263", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/syz913/CVE-reports/blob/main/nagayama_copabowl.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5540.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5540.json index 9650ebe8fd5..3ebda4c82f6 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5540.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5540.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5540", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2023-11-09T20:15:09.103", - "lastModified": "2023-11-09T20:51:06.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:00:37.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers." + }, + { + "lang": "es", + "value": "Se identific\u00f3 un riesgo de ejecuci\u00f3n remota de c\u00f3digo en la actividad IMSCP. Por defecto, esto s\u00f3lo estaba disponible para profesores y directivos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -46,18 +80,96 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.24", + "matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.11.0", + "versionEndExcluding": "3.11.17", + "matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.11", + "matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.6", + "matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.3", + "matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243432", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://moodle.org/mod/forum/discuss.php?d=451581", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5542.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5542.json index 7baae5dada9..ddff3b22428 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5542.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5542.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5542", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2023-11-09T20:15:09.480", - "lastModified": "2023-11-09T20:51:06.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:02:12.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Students in \"Only see own membership\" groups could see other students in the group, which should be hidden." + }, + { + "lang": "es", + "value": "Los estudiantes en los grupos \"Ver solo su propia membres\u00eda\" podr\u00edan ver a otros estudiantes en el grupo, que deber\u00edan estar ocultos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -46,18 +80,67 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:4.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "BE300B14-965E-4FF2-AA2F-F709800CFCFE" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243441", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://moodle.org/mod/forum/discuss.php?d=451583", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5545.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5545.json index 290dd8e5637..2c82a658095 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5545.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5545.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5545", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2023-11-09T20:15:09.850", - "lastModified": "2023-11-09T20:51:06.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:05:39.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "H5P metadata automatically populated the author with the user's username, which could be sensitive information." + }, + { + "lang": "es", + "value": "Los metadatos de H5P completaron autom\u00e1ticamente al autor con el nombre de usuario del usuario, que podr\u00eda ser informaci\u00f3n confidencial." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -46,18 +80,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.24", + "matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.11.0", + "versionEndExcluding": "3.11.17", + "matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.11", + "matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.6", + "matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.3", + "matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243444", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://moodle.org/mod/forum/discuss.php?d=451586", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5548.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5548.json index d38e71eca1f..f724f977efe 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5548.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5548.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5548", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2023-11-09T20:15:10.390", - "lastModified": "2023-11-09T20:51:06.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:07:47.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection." + }, + { + "lang": "es", + "value": "Se requirieron limitaciones m\u00e1s estrictas en el n\u00famero de revisiones en los endpoints de servicio de archivos para mejorar la protecci\u00f3n contra el envenenamiento de la cach\u00e9." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -46,18 +80,96 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.24", + "matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.11.0", + "versionEndExcluding": "3.11.17", + "matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.11", + "matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.6", + "matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.3", + "matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243449", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://moodle.org/mod/forum/discuss.php?d=451589", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5549.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5549.json index 6bb9a8f53bd..685369c3883 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5549.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5549.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5549", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2023-11-09T20:15:10.683", - "lastModified": "2023-11-09T20:51:06.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:12:34.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage." + }, + { + "lang": "es", + "value": "Las comprobaciones insuficientes de la capacidad del servicio web hicieron posible mover categor\u00edas que un usuario ten\u00eda permiso para administrar a una categor\u00eda principal que no ten\u00eda la capacidad de administrar." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "patrick@puiterwijk.org", "type": "Secondary", @@ -46,18 +80,96 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.24", + "matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.11.0", + "versionEndExcluding": "3.11.17", + "matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.11", + "matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.6", + "matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.3", + "matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243451", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://moodle.org/mod/forum/discuss.php?d=451590", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5954.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5954.json index b42ef581b5f..c73263620e1 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5954.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5954.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5954", "sourceIdentifier": "security@hashicorp.com", "published": "2023-11-09T21:15:25.143", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-16T19:26:56.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -50,10 +80,67 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", + "versionStartIncluding": "1.13.7", + "versionEndExcluding": "1.13.10", + "matchCriteriaId": "8265AC92-59E4-4229-87E8-ABAF9E3DAAF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "1.13.7", + "versionEndExcluding": "1.13.10", + "matchCriteriaId": "9FD3EF12-C2C0-4529-B0AB-08B8F238531D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", + "versionStartIncluding": "1.14.3", + "versionEndExcluding": "1.14.6", + "matchCriteriaId": "38120A49-ED14-4C8C-9A0A-BA040D48C4E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "1.14.3", + "versionEndExcluding": "1.14.6", + "matchCriteriaId": "ABC1488F-D1BA-4C98-98E0-DAFE9BE205A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", + "versionStartIncluding": "1.15.0", + "versionEndExcluding": "1.15.2", + "matchCriteriaId": "1C9C9A12-4062-4968-BE87-1B07A789A7D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "1.15.0", + "versionEndExcluding": "1.15.2", + "matchCriteriaId": "2D3F2482-2783-49B2-888B-AC99FEE976EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926", - "source": "security@hashicorp.com" + "source": "security@hashicorp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6176.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6176.json index 60785d24054..4c0c2a2c0f4 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6176.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6176.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6176", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-16T18:15:07.483", - "lastModified": "2023-11-16T18:15:07.483", - "vulnStatus": "Received", + "lastModified": "2023-11-16T20:03:36.283", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 6393db523f1..bc168d3176f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-16T19:00:18.595128+00:00 +2023-11-16T21:00:18.085287+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-16T18:50:42.010000+00:00 +2023-11-16T20:15:29.297000+00:00 ``` ### Last Data Feed Release @@ -29,63 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -230968 +230984 ``` ### CVEs added in the last Commit -Recently added CVEs: `19` +Recently added CVEs: `16` -* [CVE-2023-47055](CVE-2023/CVE-2023-470xx/CVE-2023-47055.json) (`2023-11-16T17:15:07.267`) -* [CVE-2023-47056](CVE-2023/CVE-2023-470xx/CVE-2023-47056.json) (`2023-11-16T17:15:07.510`) -* [CVE-2023-47057](CVE-2023/CVE-2023-470xx/CVE-2023-47057.json) (`2023-11-16T17:15:07.700`) -* [CVE-2023-47058](CVE-2023/CVE-2023-470xx/CVE-2023-47058.json) (`2023-11-16T17:15:07.890`) -* [CVE-2023-47059](CVE-2023/CVE-2023-470xx/CVE-2023-47059.json) (`2023-11-16T17:15:08.080`) -* [CVE-2023-47060](CVE-2023/CVE-2023-470xx/CVE-2023-47060.json) (`2023-11-16T17:15:08.270`) -* [CVE-2023-6013](CVE-2023/CVE-2023-60xx/CVE-2023-6013.json) (`2023-11-16T17:15:08.460`) -* [CVE-2023-6017](CVE-2023/CVE-2023-60xx/CVE-2023-6017.json) (`2023-11-16T17:15:08.643`) -* [CVE-2023-6019](CVE-2023/CVE-2023-60xx/CVE-2023-6019.json) (`2023-11-16T17:15:08.830`) -* [CVE-2023-6021](CVE-2023/CVE-2023-60xx/CVE-2023-6021.json) (`2023-11-16T17:15:09.020`) -* [CVE-2023-6022](CVE-2023/CVE-2023-60xx/CVE-2023-6022.json) (`2023-11-16T17:15:09.200`) -* [CVE-2023-6038](CVE-2023/CVE-2023-60xx/CVE-2023-6038.json) (`2023-11-16T17:15:09.373`) -* [CVE-2023-47514](CVE-2023/CVE-2023-475xx/CVE-2023-47514.json) (`2023-11-16T18:15:07.060`) -* [CVE-2023-48052](CVE-2023/CVE-2023-480xx/CVE-2023-48052.json) (`2023-11-16T18:15:07.250`) -* [CVE-2023-48053](CVE-2023/CVE-2023-480xx/CVE-2023-48053.json) (`2023-11-16T18:15:07.297`) -* [CVE-2023-48054](CVE-2023/CVE-2023-480xx/CVE-2023-48054.json) (`2023-11-16T18:15:07.343`) -* [CVE-2023-48055](CVE-2023/CVE-2023-480xx/CVE-2023-48055.json) (`2023-11-16T18:15:07.390`) -* [CVE-2023-48056](CVE-2023/CVE-2023-480xx/CVE-2023-48056.json) (`2023-11-16T18:15:07.440`) -* [CVE-2023-6176](CVE-2023/CVE-2023-61xx/CVE-2023-6176.json) (`2023-11-16T18:15:07.483`) +* [CVE-2023-47239](CVE-2023/CVE-2023-472xx/CVE-2023-47239.json) (`2023-11-16T19:15:07.710`) +* [CVE-2023-47240](CVE-2023/CVE-2023-472xx/CVE-2023-47240.json) (`2023-11-16T19:15:07.913`) +* [CVE-2023-47242](CVE-2023/CVE-2023-472xx/CVE-2023-47242.json) (`2023-11-16T19:15:08.127`) +* [CVE-2023-47245](CVE-2023/CVE-2023-472xx/CVE-2023-47245.json) (`2023-11-16T19:15:08.323`) +* [CVE-2023-47508](CVE-2023/CVE-2023-475xx/CVE-2023-47508.json) (`2023-11-16T19:15:08.510`) +* [CVE-2023-47509](CVE-2023/CVE-2023-475xx/CVE-2023-47509.json) (`2023-11-16T19:15:08.697`) +* [CVE-2023-47511](CVE-2023/CVE-2023-475xx/CVE-2023-47511.json) (`2023-11-16T19:15:08.880`) +* [CVE-2023-47512](CVE-2023/CVE-2023-475xx/CVE-2023-47512.json) (`2023-11-16T19:15:09.070`) +* [CVE-2023-48134](CVE-2023/CVE-2023-481xx/CVE-2023-48134.json) (`2023-11-16T19:15:09.263`) +* [CVE-2023-28621](CVE-2023/CVE-2023-286xx/CVE-2023-28621.json) (`2023-11-16T20:15:27.317`) +* [CVE-2023-32796](CVE-2023/CVE-2023-327xx/CVE-2023-32796.json) (`2023-11-16T20:15:27.523`) +* [CVE-2023-32957](CVE-2023/CVE-2023-329xx/CVE-2023-32957.json) (`2023-11-16T20:15:27.733`) +* [CVE-2023-34375](CVE-2023/CVE-2023-343xx/CVE-2023-34375.json) (`2023-11-16T20:15:27.923`) +* [CVE-2023-36008](CVE-2023/CVE-2023-360xx/CVE-2023-36008.json) (`2023-11-16T20:15:28.143`) +* [CVE-2023-36026](CVE-2023/CVE-2023-360xx/CVE-2023-36026.json) (`2023-11-16T20:15:28.383`) +* [CVE-2023-39926](CVE-2023/CVE-2023-399xx/CVE-2023-39926.json) (`2023-11-16T20:15:29.297`) ### CVEs modified in the last Commit -Recently modified CVEs: `96` +Recently modified CVEs: `24` -* [CVE-2023-31077](CVE-2023/CVE-2023-310xx/CVE-2023-31077.json) (`2023-11-16T17:54:55.783`) -* [CVE-2023-41284](CVE-2023/CVE-2023-412xx/CVE-2023-41284.json) (`2023-11-16T17:56:51.333`) -* [CVE-2023-39295](CVE-2023/CVE-2023-392xx/CVE-2023-39295.json) (`2023-11-16T17:57:01.447`) -* [CVE-2023-6075](CVE-2023/CVE-2023-60xx/CVE-2023-6075.json) (`2023-11-16T17:57:21.953`) -* [CVE-2023-47164](CVE-2023/CVE-2023-471xx/CVE-2023-47164.json) (`2023-11-16T17:57:24.673`) -* [CVE-2023-6074](CVE-2023/CVE-2023-60xx/CVE-2023-6074.json) (`2023-11-16T17:57:42.757`) -* [CVE-2023-6039](CVE-2023/CVE-2023-60xx/CVE-2023-6039.json) (`2023-11-16T17:59:48.420`) -* [CVE-2023-5078](CVE-2023/CVE-2023-50xx/CVE-2023-5078.json) (`2023-11-16T18:01:15.060`) -* [CVE-2023-5075](CVE-2023/CVE-2023-50xx/CVE-2023-5075.json) (`2023-11-16T18:01:47.087`) -* [CVE-2023-4891](CVE-2023/CVE-2023-48xx/CVE-2023-4891.json) (`2023-11-16T18:01:59.767`) -* [CVE-2023-6052](CVE-2023/CVE-2023-60xx/CVE-2023-6052.json) (`2023-11-16T18:04:08.497`) -* [CVE-2023-6053](CVE-2023/CVE-2023-60xx/CVE-2023-6053.json) (`2023-11-16T18:04:27.793`) -* [CVE-2023-45078](CVE-2023/CVE-2023-450xx/CVE-2023-45078.json) (`2023-11-16T18:04:56.023`) -* [CVE-2023-45077](CVE-2023/CVE-2023-450xx/CVE-2023-45077.json) (`2023-11-16T18:05:16.667`) -* [CVE-2023-41285](CVE-2023/CVE-2023-412xx/CVE-2023-41285.json) (`2023-11-16T18:09:49.707`) -* [CVE-2023-35877](CVE-2023/CVE-2023-358xx/CVE-2023-35877.json) (`2023-11-16T18:14:43.550`) -* [CVE-2023-47127](CVE-2023/CVE-2023-471xx/CVE-2023-47127.json) (`2023-11-16T18:15:06.943`) -* [CVE-2023-46201](CVE-2023/CVE-2023-462xx/CVE-2023-46201.json) (`2023-11-16T18:15:29.130`) -* [CVE-2023-47652](CVE-2023/CVE-2023-476xx/CVE-2023-47652.json) (`2023-11-16T18:15:46.740`) -* [CVE-2023-47516](CVE-2023/CVE-2023-475xx/CVE-2023-47516.json) (`2023-11-16T18:16:05.383`) -* [CVE-2023-46634](CVE-2023/CVE-2023-466xx/CVE-2023-46634.json) (`2023-11-16T18:16:13.293`) -* [CVE-2023-47163](CVE-2023/CVE-2023-471xx/CVE-2023-47163.json) (`2023-11-16T18:16:27.767`) -* [CVE-2023-5539](CVE-2023/CVE-2023-55xx/CVE-2023-5539.json) (`2023-11-16T18:17:35.113`) -* [CVE-2023-32966](CVE-2023/CVE-2023-329xx/CVE-2023-32966.json) (`2023-11-16T18:19:15.237`) -* [CVE-2023-45140](CVE-2023/CVE-2023-451xx/CVE-2023-45140.json) (`2023-11-16T18:50:42.010`) +* [CVE-2023-5540](CVE-2023/CVE-2023-55xx/CVE-2023-5540.json) (`2023-11-16T19:00:37.257`) +* [CVE-2023-5542](CVE-2023/CVE-2023-55xx/CVE-2023-5542.json) (`2023-11-16T19:02:12.333`) +* [CVE-2023-5545](CVE-2023/CVE-2023-55xx/CVE-2023-5545.json) (`2023-11-16T19:05:39.550`) +* [CVE-2023-5548](CVE-2023/CVE-2023-55xx/CVE-2023-5548.json) (`2023-11-16T19:07:47.660`) +* [CVE-2023-5549](CVE-2023/CVE-2023-55xx/CVE-2023-5549.json) (`2023-11-16T19:12:34.263`) +* [CVE-2023-45167](CVE-2023/CVE-2023-451xx/CVE-2023-45167.json) (`2023-11-16T19:15:25.573`) +* [CVE-2023-39796](CVE-2023/CVE-2023-397xx/CVE-2023-39796.json) (`2023-11-16T19:20:34.407`) +* [CVE-2023-4379](CVE-2023/CVE-2023-43xx/CVE-2023-4379.json) (`2023-11-16T19:24:36.240`) +* [CVE-2023-28173](CVE-2023/CVE-2023-281xx/CVE-2023-28173.json) (`2023-11-16T19:26:02.970`) +* [CVE-2023-5954](CVE-2023/CVE-2023-59xx/CVE-2023-5954.json) (`2023-11-16T19:26:56.470`) +* [CVE-2023-29975](CVE-2023/CVE-2023-299xx/CVE-2023-29975.json) (`2023-11-16T19:32:37.487`) +* [CVE-2023-45816](CVE-2023/CVE-2023-458xx/CVE-2023-45816.json) (`2023-11-16T19:38:00.193`) +* [CVE-2023-46130](CVE-2023/CVE-2023-461xx/CVE-2023-46130.json) (`2023-11-16T19:55:01.420`) +* [CVE-2023-47119](CVE-2023/CVE-2023-471xx/CVE-2023-47119.json) (`2023-11-16T19:59:21.690`) +* [CVE-2023-36027](CVE-2023/CVE-2023-360xx/CVE-2023-36027.json) (`2023-11-16T20:02:02.867`) +* [CVE-2023-47514](CVE-2023/CVE-2023-475xx/CVE-2023-47514.json) (`2023-11-16T20:03:36.283`) +* [CVE-2023-48052](CVE-2023/CVE-2023-480xx/CVE-2023-48052.json) (`2023-11-16T20:03:36.283`) +* [CVE-2023-48053](CVE-2023/CVE-2023-480xx/CVE-2023-48053.json) (`2023-11-16T20:03:36.283`) +* [CVE-2023-48054](CVE-2023/CVE-2023-480xx/CVE-2023-48054.json) (`2023-11-16T20:03:36.283`) +* [CVE-2023-48055](CVE-2023/CVE-2023-480xx/CVE-2023-48055.json) (`2023-11-16T20:03:36.283`) +* [CVE-2023-48056](CVE-2023/CVE-2023-480xx/CVE-2023-48056.json) (`2023-11-16T20:03:36.283`) +* [CVE-2023-6176](CVE-2023/CVE-2023-61xx/CVE-2023-6176.json) (`2023-11-16T20:03:36.283`) +* [CVE-2023-46729](CVE-2023/CVE-2023-467xx/CVE-2023-46729.json) (`2023-11-16T20:08:55.947`) +* [CVE-2023-36423](CVE-2023/CVE-2023-364xx/CVE-2023-36423.json) (`2023-11-16T20:15:28.990`) ## Download and Usage