diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json index a8291d1ed2e..a2603d54799 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json @@ -2,16 +2,40 @@ "id": "CVE-2023-2437", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.043", - "lastModified": "2023-11-22T18:15:08.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:47:12.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability." + }, + { + "lang": "es", + "value": "El complemento UserPro para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 5.1.1 incluida. Esto se debe a una verificaci\u00f3n insuficiente del usuario que se proporciona durante el inicio de sesi\u00f3n de Facebook a trav\u00e9s del complemento. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico. Un atacante puede aprovechar CVE-2023-2448 y CVE-2023-2446 para obtener la direcci\u00f3n de correo electr\u00f3nico del usuario y aprovechar esta vulnerabilidad con \u00e9xito." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,59 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.1.1", + "matchCriteriaId": "E30F7B1B-A4E6-4C8F-ACA8-0A9B16EED37B" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json index c8129fb8448..0ff29214fcd 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json @@ -2,16 +2,40 @@ "id": "CVE-2023-26542", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T15:15:08.990", - "lastModified": "2023-11-22T17:32:02.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:48:01.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <=\u00a04.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Exeebit phpinfo() WP en versiones <=4.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:exeebit:phpinfo\\(\\)_wp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0", + "matchCriteriaId": "2C3C4DB3-BB68-4088-840A-A65C8CE1388F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/phpinfo-wp/wordpress-phpinfo-wp-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28747.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28747.json index fc64d921956..53718b01581 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28747.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28747.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28747", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:10.127", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:48:15.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <=\u00a03.0.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento codeboxr CBX Currency Converter en versiones <=3.0.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeboxr:cbx_currency_converter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.0.3", + "matchCriteriaId": "4603AC63-26F7-4489-A3D2-69F2070B52F7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cbcurrencyconverter/wordpress-cbx-currency-converter-plugin-3-0-3-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45479.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45479.json index 21b98de64b3..e570db6e1e3 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45479.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45479.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45479", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T06:15:46.507", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:59:39.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,85 @@ "value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de lista en la funci\u00f3n sub_49E098." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_49E098_code.png", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/l3m0nade/IOTvul/blob/master/sub_49E098.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45480.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45480.json index 1f19c100eb2..4030e7ad4be 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45480.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45480.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45480", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T06:15:46.620", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:59:17.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,85 @@ "value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro src en la funci\u00f3n sub_47D878." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_47d878_code.png", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/l3m0nade/IOTvul/blob/master/sub_47D878.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45481.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45481.json index 5407b28ec17..822c661e21b 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45481.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45481.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45481", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T06:15:46.660", - "lastModified": "2023-11-29T14:18:05.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:58:54.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,85 @@ "value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro firewallEn en la funci\u00f3n SetFirewallCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/l3m0nade/IOTvul/blob/master/SetFirewallCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/setFirewallCfg_code.png", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45482.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45482.json index ffb886639ff..bc2749ef1a4 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45482.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45482.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45482", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T06:15:46.710", - "lastModified": "2023-11-29T14:18:05.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:58:37.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,85 @@ "value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro urls en la funci\u00f3n get_parentControl_list_Info." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/get_parentControl_list_Info_code.png", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/l3m0nade/IOTvul/blob/master/get_parentControl_list_Info.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45483.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45483.json index 60274439830..8c1a8314fd0 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45483.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45483.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45483", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T06:15:46.760", - "lastModified": "2023-11-29T14:18:05.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:57:22.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,85 @@ "value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de tiempo en la funci\u00f3n compare_parentcontrol_time." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/compare_parentcontrol_time_code.png", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/l3m0nade/IOTvul/blob/master/compare_parentcontrol_time.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45484.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45484.json index cfcaefae4e8..3a0e7f9bef7 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45484.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45484.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45484", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T06:15:46.810", - "lastModified": "2023-11-29T14:18:05.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:56:31.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,85 @@ "value": "Se descubri\u00f3 que la versi\u00f3n Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro shareSpeed en la funci\u00f3n fromSetWifiGuestBasic." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/l3m0nade/IOTvul/blob/master/assets/fromSetWifiGuestBasic_code.png", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/l3m0nade/IOTvul/blob/master/fromSetWifiGusetBasic.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json index 08672a38b08..38cf03ea2b5 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json @@ -2,27 +2,94 @@ "id": "CVE-2023-47380", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T15:15:09.380", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:47:35.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS)." + }, + { + "lang": "es", + "value": "Admidio v4.2.12 y versiones anteriores son vulnerables a Cross Site Scripting (XSS)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:admidio:admidio:4.2.12:*:*:*:*:*:*:*", + "matchCriteriaId": "D685A66E-4B5B-426A-9C87-2BBEE5625B75" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Admidio/admidio/releases/tag/v4.2.13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.admidio.org/intern/adm_program/modules/announcements/announcements.php?ann_uuid=714ead2b-1718-4251-a9a3-f1b0df12d60e&headline=Blog", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.getastra.com/blog/security-audit/reflected-xss-vulnerability-in-admidio/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48016.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48016.json new file mode 100644 index 00000000000..0ab18d421aa --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48016.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48016", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-01T03:15:07.453", + "lastModified": "2023-12-01T03:15:07.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Serhatcck/cves/blob/main/CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48188.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48188.json index febaddd1758..2bf457712f4 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48188.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48188.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48188", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-27T23:15:07.613", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T04:00:46.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -38,10 +58,45 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:store-opart:op\\'art_devis:*:*:*:*:*:prestashop:*:*", + "versionStartIncluding": "4.5.18", + "versionEndIncluding": "4.6.12", + "matchCriteriaId": "F891B2D2-BCE6-4984-BD49-F8840F197CDE" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/11/23/opartdevis.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49044.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49044.json index 421db4a5424..ddd026af048 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49044.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49044.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49044", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-27T21:15:07.870", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T04:01:05.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,79 @@ "value": "Vulnerabilidad de desbordamiento de pila en Tenda AX1803 v.1.0.0.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro ssid en la funci\u00f3n form_fast_setting_wifi_set." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*", + "matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_wifi_set.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6264.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6264.json index f703229edc9..760bc61f538 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6264.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6264.json @@ -2,19 +2,79 @@ "id": "CVE-2023-6264", "sourceIdentifier": "security@devolutions.net", "published": "2023-11-22T19:15:09.803", - "lastModified": "2023-11-22T19:46:41.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-01T03:51:45.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.\n\n\n" + }, + { + "lang": "es", + "value": "La fuga de informaci\u00f3n en el encabezado Content-Security-Policy en Devolutions Server 2023.3.7.0 permite a un atacante no autenticado enumerar los endpoints de Devolutions Gateways configurados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.3.8.0", + "matchCriteriaId": "B3C86B9C-37F7-4C8C-BB2F-CE0C64DCE3B4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0020/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index e34308658a5..9d9a3e878c9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-01T03:00:20.277815+00:00 +2023-12-01T05:00:17.855015+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-01T02:31:24.583000+00:00 +2023-12-01T04:01:05.950000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231927 +231928 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `1` -* [CVE-2023-43089](CVE-2023/CVE-2023-430xx/CVE-2023-43089.json) (`2023-12-01T02:15:07.063`) -* [CVE-2023-43453](CVE-2023/CVE-2023-434xx/CVE-2023-43453.json) (`2023-12-01T02:15:07.267`) -* [CVE-2023-43454](CVE-2023/CVE-2023-434xx/CVE-2023-43454.json) (`2023-12-01T02:15:07.320`) -* [CVE-2023-43455](CVE-2023/CVE-2023-434xx/CVE-2023-43455.json) (`2023-12-01T02:15:07.367`) +* [CVE-2023-48016](CVE-2023/CVE-2023-480xx/CVE-2023-48016.json) (`2023-12-01T03:15:07.453`) ### CVEs modified in the last Commit -Recently modified CVEs: `36` +Recently modified CVEs: `13` -* [CVE-2023-46690](CVE-2023/CVE-2023-466xx/CVE-2023-46690.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-47207](CVE-2023/CVE-2023-472xx/CVE-2023-47207.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-48894](CVE-2023/CVE-2023-488xx/CVE-2023-48894.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-49735](CVE-2023/CVE-2023-497xx/CVE-2023-49735.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-5908](CVE-2023/CVE-2023-59xx/CVE-2023-5908.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-5909](CVE-2023/CVE-2023-59xx/CVE-2023-5909.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46326](CVE-2023/CVE-2023-463xx/CVE-2023-46326.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46383](CVE-2023/CVE-2023-463xx/CVE-2023-46383.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46384](CVE-2023/CVE-2023-463xx/CVE-2023-46384.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46385](CVE-2023/CVE-2023-463xx/CVE-2023-46385.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46386](CVE-2023/CVE-2023-463xx/CVE-2023-46386.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46387](CVE-2023/CVE-2023-463xx/CVE-2023-46387.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46388](CVE-2023/CVE-2023-463xx/CVE-2023-46388.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46389](CVE-2023/CVE-2023-463xx/CVE-2023-46389.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-46956](CVE-2023/CVE-2023-469xx/CVE-2023-46956.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-47279](CVE-2023/CVE-2023-472xx/CVE-2023-47279.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-47307](CVE-2023/CVE-2023-473xx/CVE-2023-47307.json) (`2023-12-01T02:28:42.607`) -* [CVE-2023-49046](CVE-2023/CVE-2023-490xx/CVE-2023-49046.json) (`2023-12-01T02:29:46.293`) -* [CVE-2023-49043](CVE-2023/CVE-2023-490xx/CVE-2023-49043.json) (`2023-12-01T02:29:56.040`) -* [CVE-2023-31275](CVE-2023/CVE-2023-312xx/CVE-2023-31275.json) (`2023-12-01T02:30:35.647`) -* [CVE-2023-6287](CVE-2023/CVE-2023-62xx/CVE-2023-6287.json) (`2023-12-01T02:30:49.880`) -* [CVE-2023-40610](CVE-2023/CVE-2023-406xx/CVE-2023-40610.json) (`2023-12-01T02:31:09.203`) -* [CVE-2023-6254](CVE-2023/CVE-2023-62xx/CVE-2023-6254.json) (`2023-12-01T02:31:24.583`) +* [CVE-2023-2437](CVE-2023/CVE-2023-24xx/CVE-2023-2437.json) (`2023-12-01T03:47:12.557`) +* [CVE-2023-47380](CVE-2023/CVE-2023-473xx/CVE-2023-47380.json) (`2023-12-01T03:47:35.237`) +* [CVE-2023-26542](CVE-2023/CVE-2023-265xx/CVE-2023-26542.json) (`2023-12-01T03:48:01.363`) +* [CVE-2023-28747](CVE-2023/CVE-2023-287xx/CVE-2023-28747.json) (`2023-12-01T03:48:15.443`) +* [CVE-2023-6264](CVE-2023/CVE-2023-62xx/CVE-2023-6264.json) (`2023-12-01T03:51:45.277`) +* [CVE-2023-45484](CVE-2023/CVE-2023-454xx/CVE-2023-45484.json) (`2023-12-01T03:56:31.783`) +* [CVE-2023-45483](CVE-2023/CVE-2023-454xx/CVE-2023-45483.json) (`2023-12-01T03:57:22.423`) +* [CVE-2023-45482](CVE-2023/CVE-2023-454xx/CVE-2023-45482.json) (`2023-12-01T03:58:37.397`) +* [CVE-2023-45481](CVE-2023/CVE-2023-454xx/CVE-2023-45481.json) (`2023-12-01T03:58:54.947`) +* [CVE-2023-45480](CVE-2023/CVE-2023-454xx/CVE-2023-45480.json) (`2023-12-01T03:59:17.300`) +* [CVE-2023-45479](CVE-2023/CVE-2023-454xx/CVE-2023-45479.json) (`2023-12-01T03:59:39.983`) +* [CVE-2023-48188](CVE-2023/CVE-2023-481xx/CVE-2023-48188.json) (`2023-12-01T04:00:46.523`) +* [CVE-2023-49044](CVE-2023/CVE-2023-490xx/CVE-2023-49044.json) (`2023-12-01T04:01:05.950`) ## Download and Usage