admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-01T05:00:17.855015+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-01 05:00:21 +00:00
parent e8847785fe
commit 986a0228d0
15 changed files with 922 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
CVE-2023/CVE-2023-24xx/CVE-2023-2437.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2437",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.043",
"lastModified": "2023-11-22T18:15:08.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:47:12.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 5.1.1 incluida. Esto se debe a una verificaci\u00f3n insuficiente del usuario que se proporciona durante el inicio de sesi\u00f3n de Facebook a trav\u00e9s del complemento. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico. Un atacante puede aprovechar CVE-2023-2448 y CVE-2023-2446 para obtener la direcci\u00f3n de correo electr\u00f3nico del usuario y aprovechar esta vulnerabilidad con \u00e9xito."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "E30F7B1B-A4E6-4C8F-ACA8-0A9B16EED37B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-265xx/CVE-2023-26542.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26542",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T15:15:08.990",
"lastModified": "2023-11-22T17:32:02.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:48:01.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <=\u00a04.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Exeebit phpinfo() WP en versiones &lt;=4.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exeebit:phpinfo\\(\\)_wp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "2C3C4DB3-BB68-4088-840A-A65C8CE1388F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/phpinfo-wp/wordpress-phpinfo-wp-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-287xx/CVE-2023-28747.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28747",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:10.127",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:48:15.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <=\u00a03.0.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento codeboxr CBX Currency Converter en versiones &lt;=3.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeboxr:cbx_currency_converter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.3",
"matchCriteriaId": "4603AC63-26F7-4489-A3D2-69F2070B52F7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cbcurrencyconverter/wordpress-cbx-currency-converter-plugin-3-0-3-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45479",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T06:15:46.507",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:59:39.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,85 @@
"value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de lista en la funci\u00f3n sub_49E098."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_49E098_code.png",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/sub_49E098.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45480.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45480",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T06:15:46.620",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:59:17.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,85 @@
"value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro src en la funci\u00f3n sub_47D878."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_47d878_code.png",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/sub_47D878.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45481.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45481",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T06:15:46.660",
"lastModified": "2023-11-29T14:18:05.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:58:54.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,85 @@
"value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro firewallEn en la funci\u00f3n SetFirewallCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/SetFirewallCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/setFirewallCfg_code.png",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45482",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T06:15:46.710",
"lastModified": "2023-11-29T14:18:05.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:58:37.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,85 @@
"value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro urls en la funci\u00f3n get_parentControl_list_Info."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/get_parentControl_list_Info_code.png",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/get_parentControl_list_Info.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45483.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45483",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T06:15:46.760",
"lastModified": "2023-11-29T14:18:05.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:57:22.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,85 @@
"value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de tiempo en la funci\u00f3n compare_parentcontrol_time."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/compare_parentcontrol_time_code.png",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/compare_parentcontrol_time.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T06:15:46.810",
"lastModified": "2023-11-29T14:18:05.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:56:31.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,85 @@
"value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro shareSpeed en la funci\u00f3n fromSetWifiGuestBasic."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/fromSetWifiGuestBasic_code.png",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/l3m0nade/IOTvul/blob/master/fromSetWifiGusetBasic.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

79
CVE-2023/CVE-2023-473xx/CVE-2023-47380.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-47380",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T15:15:09.380",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:47:35.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Admidio v4.2.12 y versiones anteriores son vulnerables a Cross Site Scripting (XSS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:admidio:admidio:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D685A66E-4B5B-426A-9C87-2BBEE5625B75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Admidio/admidio/releases/tag/v4.2.13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.admidio.org/intern/adm_program/modules/announcements/announcements.php?ann_uuid=714ead2b-1718-4251-a9a3-f1b0df12d60e&headline=Blog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.getastra.com/blog/security-audit/reflected-xss-vulnerability-in-admidio/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-480xx/CVE-2023-48016.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48016",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T03:15:07.453",
"lastModified": "2023-12-01T03:15:07.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Serhatcck/cves/blob/main/CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md",
"source": "cve@mitre.org"
}
]
}

61
CVE-2023/CVE-2023-481xx/CVE-2023-48188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T23:15:07.613",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T04:00:46.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -38,10 +58,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:store-opart:op\\'art_devis:*:*:*:*:*:prestashop:*:*",
"versionStartIncluding": "4.5.18",
"versionEndIncluding": "4.6.12",
"matchCriteriaId": "F891B2D2-BCE6-4984-BD49-F8840F197CDE"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/23/opartdevis.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-490xx/CVE-2023-49044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49044",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T21:15:07.870",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T04:01:05.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Vulnerabilidad de desbordamiento de pila en Tenda AX1803 v.1.0.0.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro ssid en la funci\u00f3n form_fast_setting_wifi_set."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_wifi_set.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-62xx/CVE-2023-6264.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-6264",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-11-22T19:15:09.803",
"lastModified": "2023-11-22T19:46:41.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T03:51:45.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.\n\n\n"
},
{
"lang": "es",
"value": "La fuga de informaci\u00f3n en el encabezado Content-Security-Policy en Devolutions Server 2023.3.7.0 permite a un atacante no autenticado enumerar los endpoints de Devolutions Gateways configurados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.8.0",
"matchCriteriaId": "B3C86B9C-37F7-4C8C-BB2F-CE0C64DCE3B4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0020/",
"source": "security@devolutions.net"
"source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
}
]
}

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-01T03:00:20.277815+00:00
2023-12-01T05:00:17.855015+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-01T02:31:24.583000+00:00
2023-12-01T04:01:05.950000+00:00
```
### Last Data Feed Release
@ -29,48 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231927
231928
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `1`
* [CVE-2023-43089](CVE-2023/CVE-2023-430xx/CVE-2023-43089.json) (`2023-12-01T02:15:07.063`)
* [CVE-2023-43453](CVE-2023/CVE-2023-434xx/CVE-2023-43453.json) (`2023-12-01T02:15:07.267`)
* [CVE-2023-43454](CVE-2023/CVE-2023-434xx/CVE-2023-43454.json) (`2023-12-01T02:15:07.320`)
* [CVE-2023-43455](CVE-2023/CVE-2023-434xx/CVE-2023-43455.json) (`2023-12-01T02:15:07.367`)
* [CVE-2023-48016](CVE-2023/CVE-2023-480xx/CVE-2023-48016.json) (`2023-12-01T03:15:07.453`)
### CVEs modified in the last Commit
Recently modified CVEs: `36`
Recently modified CVEs: `13`
* [CVE-2023-46690](CVE-2023/CVE-2023-466xx/CVE-2023-46690.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-47207](CVE-2023/CVE-2023-472xx/CVE-2023-47207.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-48894](CVE-2023/CVE-2023-488xx/CVE-2023-48894.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-49735](CVE-2023/CVE-2023-497xx/CVE-2023-49735.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-5908](CVE-2023/CVE-2023-59xx/CVE-2023-5908.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-5909](CVE-2023/CVE-2023-59xx/CVE-2023-5909.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46326](CVE-2023/CVE-2023-463xx/CVE-2023-46326.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46383](CVE-2023/CVE-2023-463xx/CVE-2023-46383.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46384](CVE-2023/CVE-2023-463xx/CVE-2023-46384.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46385](CVE-2023/CVE-2023-463xx/CVE-2023-46385.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46386](CVE-2023/CVE-2023-463xx/CVE-2023-46386.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46387](CVE-2023/CVE-2023-463xx/CVE-2023-46387.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46388](CVE-2023/CVE-2023-463xx/CVE-2023-46388.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46389](CVE-2023/CVE-2023-463xx/CVE-2023-46389.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-46956](CVE-2023/CVE-2023-469xx/CVE-2023-46956.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-47279](CVE-2023/CVE-2023-472xx/CVE-2023-47279.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-47307](CVE-2023/CVE-2023-473xx/CVE-2023-47307.json) (`2023-12-01T02:28:42.607`)
* [CVE-2023-49046](CVE-2023/CVE-2023-490xx/CVE-2023-49046.json) (`2023-12-01T02:29:46.293`)
* [CVE-2023-49043](CVE-2023/CVE-2023-490xx/CVE-2023-49043.json) (`2023-12-01T02:29:56.040`)
* [CVE-2023-31275](CVE-2023/CVE-2023-312xx/CVE-2023-31275.json) (`2023-12-01T02:30:35.647`)
* [CVE-2023-6287](CVE-2023/CVE-2023-62xx/CVE-2023-6287.json) (`2023-12-01T02:30:49.880`)
* [CVE-2023-40610](CVE-2023/CVE-2023-406xx/CVE-2023-40610.json) (`2023-12-01T02:31:09.203`)
* [CVE-2023-6254](CVE-2023/CVE-2023-62xx/CVE-2023-6254.json) (`2023-12-01T02:31:24.583`)
* [CVE-2023-2437](CVE-2023/CVE-2023-24xx/CVE-2023-2437.json) (`2023-12-01T03:47:12.557`)
* [CVE-2023-47380](CVE-2023/CVE-2023-473xx/CVE-2023-47380.json) (`2023-12-01T03:47:35.237`)
* [CVE-2023-26542](CVE-2023/CVE-2023-265xx/CVE-2023-26542.json) (`2023-12-01T03:48:01.363`)
* [CVE-2023-28747](CVE-2023/CVE-2023-287xx/CVE-2023-28747.json) (`2023-12-01T03:48:15.443`)
* [CVE-2023-6264](CVE-2023/CVE-2023-62xx/CVE-2023-6264.json) (`2023-12-01T03:51:45.277`)
* [CVE-2023-45484](CVE-2023/CVE-2023-454xx/CVE-2023-45484.json) (`2023-12-01T03:56:31.783`)
* [CVE-2023-45483](CVE-2023/CVE-2023-454xx/CVE-2023-45483.json) (`2023-12-01T03:57:22.423`)
* [CVE-2023-45482](CVE-2023/CVE-2023-454xx/CVE-2023-45482.json) (`2023-12-01T03:58:37.397`)
* [CVE-2023-45481](CVE-2023/CVE-2023-454xx/CVE-2023-45481.json) (`2023-12-01T03:58:54.947`)
* [CVE-2023-45480](CVE-2023/CVE-2023-454xx/CVE-2023-45480.json) (`2023-12-01T03:59:17.300`)
* [CVE-2023-45479](CVE-2023/CVE-2023-454xx/CVE-2023-45479.json) (`2023-12-01T03:59:39.983`)
* [CVE-2023-48188](CVE-2023/CVE-2023-481xx/CVE-2023-48188.json) (`2023-12-01T04:00:46.523`)
* [CVE-2023-49044](CVE-2023/CVE-2023-490xx/CVE-2023-49044.json) (`2023-12-01T04:01:05.950`)
## Download and Usage