admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-12T21:00:17.924701+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-12 21:00:21 +00:00
parent cd0c0a8d35
commit 9b02ff4b83
48 changed files with 2971 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2020/CVE-2020-162xx/CVE-2020-16212.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-16212",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2020-09-11T14:15:11.377",
"lastModified": "2020-09-15T17:53:05.760",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T19:15:07.597",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges."
"value": "In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges."
},
{
"lang": "es",
@ -120,6 +120,10 @@
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.philips.com/productsecurity",
"source": "ics-cert@hq.dhs.gov"
}
]
}

340
CVE-2023/CVE-2023-233xx/CVE-2023-23372.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-23372",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-12-08T16:15:15.720",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:50:04.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de Cross-Site Scripting (XSS) afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2425 compilaci\u00f3n 20230609 y posteriores QTS 5.1.0.2444 compilaci\u00f3n 20230629 y posteriores QTS 4.5.4.2467 compilaci\u00f3n 20230718 y posteriores QuTS hero h5.1.0.2424 compilaci\u00f3n 20230609 y posteriores QuTS hero h5. 0.1.2515 compilaci\u00f3n 20230907 y posteriores QuTS hero h4.5.4.2476 compilaci\u00f3n 20230728 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +80,310 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*",
"matchCriteriaId": "A014C53A-6057-46C3-ABE9-A0ACA785425B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*",
"matchCriteriaId": "D57801C1-0E7C-482F-816E-A405DE4A86C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*",
"matchCriteriaId": "DE301B1C-4E3E-4AC4-80BB-D06BE16D0C64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*",
"matchCriteriaId": "582171F1-ADD6-4F68-8539-154E53A783A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*",
"matchCriteriaId": "B621B512-940C-4C16-A64F-3E577B9DE6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*",
"matchCriteriaId": "F05F874D-52CB-49A1-AF3B-A0503C33710C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*",
"matchCriteriaId": "86123F0E-3A48-45EB-B8C6-7A953E7719D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*",
"matchCriteriaId": "644159A6-4018-4BDB-863B-94F5725534EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*",
"matchCriteriaId": "EB42C492-9259-4A03-A65C-EACDD31E543A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*",
"matchCriteriaId": "1CECD991-E1F0-4B6B-8CA4-2EEFBA071622"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*",
"matchCriteriaId": "55711131-A764-4E5C-9FF9-19DD601F5081"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2376:build_20230421:*:*:*:*:*:*",
"matchCriteriaId": "45C6A343-D973-4A54-B547-7B90599F97AD"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:*",
"matchCriteriaId": "9AA3560E-1778-4278-AD5A-6EB3A63A39A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:*",
"matchCriteriaId": "39E9AF51-0254-472F-B31F-6ADF1848CBD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:*",
"matchCriteriaId": "FBB29CD6-B6BC-4C3E-AD44-8D822D10093C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:*",
"matchCriteriaId": "A7B98F82-9246-496F-8B15-6F320F8E921F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:*",
"matchCriteriaId": "AE7D1FD6-7D8D-4884-AE7B-5C0BC4E39F69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:*",
"matchCriteriaId": "1692CA79-1C6D-4BF8-B49E-3539FCE3E165"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:*",
"matchCriteriaId": "C15A236A-4C43-4489-B6F3-EBC9AD786F77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:*",
"matchCriteriaId": "ECE79BCD-8F86-46B1-A3C1-AC503DE1876F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:*",
"matchCriteriaId": "8303B319-7EA7-42BC-9246-6EBF81DE4545"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:*",
"matchCriteriaId": "5E0F4CCC-F4A5-407D-BA2E-2BBCBA6B731A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:4.5.4.2374:build_20230416:*:*:*:*:*:*",
"matchCriteriaId": "4D3AE695-CEEB-4A0C-A751-9172781B776B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*",
"matchCriteriaId": "698DB6DC-9262-48A2-9232-DFC97C8BBB61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*",
"matchCriteriaId": "A728F1BE-B17B-4721-9C9E-97A666CAD07B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*",
"matchCriteriaId": "85EC894E-2C81-4A9D-9AC7-2ADF74ADE7E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*",
"matchCriteriaId": "8C4C9FDD-FD44-44E7-B552-40E94AC32A23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*",
"matchCriteriaId": "81BA2B4F-1665-4505-96FD-FCDEE7D77583"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*",
"matchCriteriaId": "3A28B922-56DF-434B-82B8-1BFC69ED5C70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2376:build_20230421:*:*:*:*:*:*",
"matchCriteriaId": "08349EE1-5D49-402F-9E3F-FFAC9D39FBCB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1771:build_20210825:*:*:*:*:*:*",
"matchCriteriaId": "33191D83-16FB-4BEF-B258-3F04D4D8EC34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1800:build_20210923:*:*:*:*:*:*",
"matchCriteriaId": "05EDD381-FF86-4B19-9A9C-F51BED7CEEED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1813:build_20211006:*:*:*:*:*:*",
"matchCriteriaId": "C597C878-A1CC-4DBA-A96D-5D8913FE54B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1848:build_20211109:*:*:*:*:*:*",
"matchCriteriaId": "A1C66970-8744-4BA1-88EB-2A03F6173327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1892:build_20211223:*:*:*:*:*:*",
"matchCriteriaId": "027242F0-EA9B-494B-A235-046C8BF530F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1951:build_20220218:*:*:*:*:*:*",
"matchCriteriaId": "CFB8B2FE-F13C-4CBB-9137-774DB0117194"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1971:build_20220310:*:*:*:*:*:*",
"matchCriteriaId": "77997210-DB56-40A8-88E3-3615E7DB9006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.1991:build_20220330:*:*:*:*:*:*",
"matchCriteriaId": "E441AE07-7D88-4D81-ADCC-0E3AE235C72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.2052:build_20220530:*:*:*:*:*:*",
"matchCriteriaId": "68F95726-3CBB-44DD-8247-D766F5A0EA32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.2138:build_20220824:*:*:*:*:*:*",
"matchCriteriaId": "F901CE2F-AFB9-4616-AB32-481FDD59FD09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.2217:build_20221111:*:*:*:*:*:*",
"matchCriteriaId": "FA3E6F9F-1EDC-4E87-B9A3-6031320D2049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.2272:build_20230105:*:*:*:*:*:*",
"matchCriteriaId": "FBFB4927-6E24-4B96-A26B-7F08E34EACA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.2374:build_20230417:*:*:*:*:*:*",
"matchCriteriaId": "A294F4D1-A15A-4F57-BA54-6612D816B4C3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-40",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-322xx/CVE-2023-32268.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32268",
"sourceIdentifier": "security@opentext.com",
"published": "2023-12-06T14:15:07.347",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:02:19.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nExposure of Proxy Administrator Credentials\n\nAn authenticated administrator equivalent Filr user can access the credentials of proxy administrators.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de las credenciales de administrador proxy un usuario de Filr equivalente a un administrador autenticado puede acceder a las credenciales de los administradores proxy."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2.1",
"matchCriteriaId": "A7335361-D90F-4A63-AF4F-1D401C1BFB86"
}
]
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000020081?language=en_US",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-340xx/CVE-2023-34064.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34064",
"sourceIdentifier": "security@vmware.com",
"published": "2023-12-12T20:15:06.967",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Workspace ONE Launcher contains a Privilege Escalation Vulnerability.\u00a0A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0027.html",
"source": "security@vmware.com"
}
]
}

73
CVE-2023/CVE-2023-344xx/CVE-2023-34439.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-34439",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-06T09:15:07.950",
"lastModified": "2023-12-06T13:50:00.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:40:41.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser."
},
{
"lang": "es",
"value": "Pleasanter 1.3.47.0 y anteriores contienen una vulnerabilidad de cross-site scripting almacenada. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pleasanter:pleasanter:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.48.0",
"matchCriteriaId": "08DB05E6-B930-47A8-AEEC-7F4E60A1CD3B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN96209256/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-356xx/CVE-2023-35618.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35618",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-07T21:15:07.450",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:55:06.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.2210.61",
"matchCriteriaId": "7F3A842F-A2C5-40B0-9C88-9F1D2E8C4370"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-368xx/CVE-2023-36880.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36880",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-07T21:15:07.640",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:55:40.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.2210.61",
"matchCriteriaId": "7F3A842F-A2C5-40B0-9C88-9F1D2E8C4370"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36880",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-381xx/CVE-2023-38174.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38174",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-07T21:15:07.840",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:27:49.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.2210.61",
"matchCriteriaId": "7F3A842F-A2C5-40B0-9C88-9F1D2E8C4370"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38174",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-403xx/CVE-2023-40301.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-40301",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.647",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:14:27.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability."
},
{
"lang": "es",
"value": "NETSCOUT nGeniusPULSE 3.8 tiene una vulnerabilidad de inyecci\u00f3n de comandos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniuspulse:3.8.0-0.2349.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6D702D-3E57-4E5A-9DEA-299566922543"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-403xx/CVE-2023-40302.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-40302",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.693",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:12:44.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability"
},
{
"lang": "es",
"value": "NETSCOUT nGeniusPULSE 3.8 tiene una vulnerabilidad de permisos de archivos d\u00e9biles"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netscout:ngeniuspulse:3.8.0-0.2349.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E604476-68A9-44EA-B54A-6B3F2F95DAA4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-411xx/CVE-2023-41168.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41168",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.740",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:16:29.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4)."
},
{
"lang": "es",
"value": "NetScout nGeniusONE 6.3.4 build 2298 permite una vulnerabilidad de Cross-Site Scripting Almacenada (problema 1 de 4)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:build2298:*:*:*:*:*:*",
"matchCriteriaId": "5E324F69-A8E5-47DF-AEEF-FCC789220B59"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-411xx/CVE-2023-41169.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41169",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.793",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:17:32.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4)."
},
{
"lang": "es",
"value": "NetScout nGeniusONE 6.3.4 build 2298 permite una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada (problema 2 de 4)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:build2298:*:*:*:*:*:*",
"matchCriteriaId": "5E324F69-A8E5-47DF-AEEF-FCC789220B59"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-411xx/CVE-2023-41170.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41170",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.837",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:20:55.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability."
},
{
"lang": "es",
"value": "NetScout nGeniusONE 6.3.4 build 2298 permite una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:build2298:*:*:*:*:*:*",
"matchCriteriaId": "5E324F69-A8E5-47DF-AEEF-FCC789220B59"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-411xx/CVE-2023-41171.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41171",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.887",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:22:13.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4)."
},
{
"lang": "es",
"value": "NetScout nGeniusONE 6.3.4 build 2298 permite una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada (problema 3 de 4)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:build2298:*:*:*:*:*:*",
"matchCriteriaId": "5E324F69-A8E5-47DF-AEEF-FCC789220B59"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-413xx/CVE-2023-41337.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41337",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:07.477",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent.\n\nThe attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening.\n\nOnce a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server.\n\nAn H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities.\n\nA patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/h2o/commit/35760540337a47e5150da0f4a66a609fad2ef0ab",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-5v5r-rghf-rm6q",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-423xx/CVE-2023-42325.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42325",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T04:15:07.753",
"lastModified": "2023-11-16T23:44:17.713",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T20:15:07.697",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,6 +75,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-423xx/CVE-2023-42326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42326",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T05:15:08.587",
"lastModified": "2023-11-17T19:36:50.410",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T20:15:07.807",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-423xx/CVE-2023-42327.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42327",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T04:15:07.800",
"lastModified": "2023-11-16T23:44:09.503",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T20:15:07.867",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,6 +75,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-458xx/CVE-2023-45866.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45866",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T06:15:45.690",
"lastModified": "2023-12-11T19:15:08.703",
"lastModified": "2023-12-12T19:15:07.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -40,6 +40,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/",
"source": "cve@mitre.org"
},
{
"url": "https://support.apple.com/kb/HT214035",
"source": "cve@mitre.org"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "cve@mitre.org"

77
CVE-2023/CVE-2023-468xx/CVE-2023-46871.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2023-46871",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.030",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:19:53.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service."
},
{
"lang": "es",
"value": "La versi\u00f3n 2.3-DEV-rev602-ged8424300-master de GPAC en MP4Box contiene una p\u00e9rdida de memoria en NewSFDouble scenegraph/vrml_tools.c:300. Esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.3-dev-rev602-ged8424300-master",
"matchCriteriaId": "373C4F43-207C-47CB-B454-BD90A52F0ECF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ReturnHere/d0899bb03b8f5e8fae118f2b76888486",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2658",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48403.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48403",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:17.120",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:51:22.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En sms_DecodeCodedTpMsg de sms_PduCodec.c, existe una posible lectura fuera de los l\u00edmites debido a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n si el atacante es capaz de observar el comportamiento del cambio condicional posterior sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48407.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48407",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:17.910",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:54:28.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "Es posible que el DCK no se elimine despu\u00e9s del restablecimiento de f\u00e1brica debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-489xx/CVE-2023-48958.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-48958",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.130",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:21:11.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589."
},
{
"lang": "es",
"value": "gpac 2.3-DEV-rev617-g671976fcc-master contiene p\u00e9rdidas de memoria en gf_mpd_resolve_url media_tools/mpd.c:4589."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev617-g671976fcc-master:*:*:*:*:*:*:*",
"matchCriteriaId": "F540C691-D615-4A9B-8DD6-69B8488E3BA1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/dr0v/1204f7a5f1e1497e7bca066638acfbf5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2689",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-490xx/CVE-2023-49089.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49089",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T19:15:07.840",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-492xx/CVE-2023-49273.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49273",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T19:15:08.087",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-492xx/CVE-2023-49274.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49274",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:07.993",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-492xx/CVE-2023-49278.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49278",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:08.190",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-492xx/CVE-2023-49279.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49279",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:08.390",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-499xx/CVE-2023-49922.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49922",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-12T19:15:08.307",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180",
"source": "bressers@elastic.co"
}
]
}

59
CVE-2023/CVE-2023-502xx/CVE-2023-50247.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50247",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:08.580",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/h2o/commit/d67e81d03be12a9d53dc8271af6530f40164cd35",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2ch5-p59c-7mv6",
"source": "security-advisories@github.com"
}
]
}

128
CVE-2023/CVE-2023-63xx/CVE-2023-6333.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6333",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-07T18:15:08.493",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:39:57.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThe affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Los productos ControlByWeb Relay afectados por una vulnerabilidad de cross-site scripting almacenada, que podr\u00eda permitir a un atacante inyectar scripts arbitrarios en el endpoint de una interfaz web que podr\u00eda ejecutar c\u00f3digo javascript malicioso durante la sesi\u00f3n de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,98 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:controlbyweb:x-332-24i_firmware:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC815BC-78FA-4AD7-800F-3A131A718CB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:controlbyweb:x-332-24i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "576F2DBB-75EF-4F5B-8EBA-B1BEC48D15C8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:controlbyweb:x-301-i_firmware:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5EDFE6-D2D2-47D0-8896-81C632DE09C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:controlbyweb:x-301-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C058A1B5-48CF-4BAD-B162-19A9AF9BDDE5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:controlbyweb:x-301-24i_firmware:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA095DB-CF4D-4DA1-9AA1-8BDF91889D23"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:controlbyweb:x-301-24i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5306B6-D085-4D65-9A26-7A313FF9AA58"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

86
CVE-2023/CVE-2023-64xx/CVE-2023-6458.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6458",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-06T09:15:08.907",
"lastModified": "2023-12-06T13:50:00.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:11:36.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost webapp fails to validate\u00a0route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME>\u00a0allowing an attacker to perform a client-side path traversal.\n\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web Mattermost no puede validar los par\u00e1metros de ruta en//channels/, lo que permite a un atacante realizar un path traversal del lado del cliente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +84,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.8.14",
"matchCriteriaId": "6DC0F1AE-87E5-483B-BD2A-945BE99CD487"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.1.5",
"matchCriteriaId": "82659141-9C39-492A-9DF2-B2E293E151BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.3",
"matchCriteriaId": "050ACB86-28ED-4BEB-832C-3BA6FCC15D22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.2",
"matchCriteriaId": "031CA1A1-C6B0-4096-830D-150CDC3BA8F3"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-64xx/CVE-2023-6459.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6459",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-06T09:15:09.140",
"lastModified": "2023-12-06T13:50:00.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:23:29.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost is grouping calls in\u00a0the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.\n\n"
},
{
"lang": "es",
"value": "Mattermost agrupa llamadas en el endpoint /metrics por identificaci\u00f3n e informar esa identificaci\u00f3n en la respuesta. Dado que esta identificaci\u00f3n es la ID del canal, el endpoint p\u00fablico /metrics revela los ID de los canales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.8.14",
"matchCriteriaId": "6DC0F1AE-87E5-483B-BD2A-945BE99CD487"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.1.5",
"matchCriteriaId": "82659141-9C39-492A-9DF2-B2E293E151BE"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-65xx/CVE-2023-6576.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6576",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T21:15:08.387",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:41:54.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Baichuo S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Beijing Baichuo S210 hasta 20231123 y ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /Tool/uploadfile.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento file_upload conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247156. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-11-21",
"matchCriteriaId": "8070D7A1-5632-48AA-804C-E9D3D17B4D31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:byzoro:smart_s210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEFD8CA-AA67-4F4F-BF94-96ADEDF2AE44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/willchen0011/cve/blob/main/upload.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247156",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247156",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-65xx/CVE-2023-6577.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6577",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T21:15:08.620",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:37:53.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Beijing Baichuo PatrolFlow 2530Pro hasta 20231126 y ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /log/mailsendview.php. La manipulaci\u00f3n del archivo de argumentos con la entrada /boot/phpConfig/tb_admin.txt conduce a un path traversal. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247157. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:byzoro:patrolflow-am-2530pro_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-11-26",
"matchCriteriaId": "579AB56E-6230-4EBD-9E80-CA85E7DDD59B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:byzoro:patrolflow-am-2530pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40EDF085-C9FE-4102-9080-DA11ADD5E8A3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kpz-wm/cve/blob/main/Any_file_read.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247157",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247157",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-65xx/CVE-2023-6579.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6579",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T22:15:08.300",
"lastModified": "2023-12-08T17:15:07.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:19:12.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica ha sido encontrada en osCommerce 4. Una funci\u00f3n desconocida del archivo /b2b-supermarket/shopping-cart del componente POST Parameter Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento estimate[country_id] conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El identificador de esta vulnerabilidad es VDB-247160. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D289144B-230C-46DA-B11D-9A1D3A1DFCE9"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176124/osCommerce-4-SQL-Injection.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.247160",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247160",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-65xx/CVE-2023-6581.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6581",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T22:15:08.770",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T19:24:10.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en D-Link DAR-7000 hasta 20231126 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /user/inc/workidajax.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-247162 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,59 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-11-26",
"matchCriteriaId": "10380955-352D-47D0-B036-727951DB4B5E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_sql_workidajax.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247162",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247162",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-66xx/CVE-2023-6606.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6606",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-08T17:15:07.733",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:18:17.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en smbCalcSize en fs/smb/client/netmisc.c en el kernel de Linux. Este problema podr\u00eda permitir que un atacante local bloquee el sistema o filtre informaci\u00f3n interna del kernel."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6606",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

92
CVE-2023/CVE-2023-66xx/CVE-2023-6610.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6610",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-08T17:15:07.933",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:17:58.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en smb2_dump_detail en fs/smb/client/smb2ops.c en el kernel de Linux. Este problema podr\u00eda permitir que un atacante local bloquee el sistema o filtre informaci\u00f3n interna del kernel."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6610",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

60
CVE-2023/CVE-2023-66xx/CVE-2023-6613.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6613",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T16:15:19.610",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:03:31.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Typecho 1.2.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/options-theme.php del componente Logo Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247248. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typecho:typecho:1.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0BE056CC-41EF-4C70-9B90-6C654B543A40"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Stored%20XSS/en-us.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.247248",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.247248",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-66xx/CVE-2023-6614.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6614",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T16:15:20.223",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:02:52.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Typecho 1.2.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/manage-pages.php del componente Page Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a backdoor. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247249. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typecho:typecho:1.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0BE056CC-41EF-4C70-9B90-6C654B543A40"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-IDOR/en-us.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.247249",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.247249",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-66xx/CVE-2023-6615.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6615",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.143",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:07:33.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Typecho 1.2.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/manage-users.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-247250 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typecho:typecho:1.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0BE056CC-41EF-4C70-9B90-6C654B543A40"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Information%20leakage/en-us.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.247250",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.247250",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-66xx/CVE-2023-6616.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6616",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.367",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:06:58.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Simple Student Attendance System 1.0 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo index.php. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247253."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247253",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247253",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.yuque.com/u39339523/el4dxs/sxa6f9gywg6vfbur",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-66xx/CVE-2023-6617.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6617",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.600",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:06:30.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Simple Student Attendance System 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo Assistance.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento class_id conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-247254 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247254",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247254",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://www.yuque.com/u39339523/el4dxs/gcsvdc5oohx6v38c",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-66xx/CVE-2023-6618.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6618",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.827",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:06:17.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Simple Student Attendance System 1.0. Ha sido declarada problem\u00e1tica. Una funci\u00f3n desconocida del archivo index.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a la inclusi\u00f3n del archivo. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-247255."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247255",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247255",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-66xx/CVE-2023-6619.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6619",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T18:15:06.930",
"lastModified": "2023-12-08T20:18:15.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T20:04:28.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Simple Student Attendance System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /modals/class_form.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247256."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/class_form.php_SQL-injection.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247256",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247256",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-66xx/CVE-2023-6687.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6687",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-12T19:15:08.510",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180",
"source": "bressers@elastic.co"
}
]
}

95
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-12T19:00:21.077491+00:00
2023-12-12T21:00:17.924701+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-12T18:58:44.580000+00:00
2023-12-12T20:41:54.757000+00:00
```
### Last Data Feed Release
@ -29,69 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232907
232917
```
### CVEs added in the last Commit
Recently added CVEs: `58`
Recently added CVEs: `10`
* [CVE-2023-36012](CVE-2023/CVE-2023-360xx/CVE-2023-36012.json) (`2023-12-12T18:15:21.970`)
* [CVE-2023-36019](CVE-2023/CVE-2023-360xx/CVE-2023-36019.json) (`2023-12-12T18:15:22.157`)
* [CVE-2023-36020](CVE-2023/CVE-2023-360xx/CVE-2023-36020.json) (`2023-12-12T18:15:22.333`)
* [CVE-2023-36391](CVE-2023/CVE-2023-363xx/CVE-2023-36391.json) (`2023-12-12T18:15:22.510`)
* [CVE-2023-36696](CVE-2023/CVE-2023-366xx/CVE-2023-36696.json) (`2023-12-12T18:15:22.690`)
* [CVE-2023-43364](CVE-2023/CVE-2023-433xx/CVE-2023-43364.json) (`2023-12-12T18:15:22.887`)
* [CVE-2023-48313](CVE-2023/CVE-2023-483xx/CVE-2023-48313.json) (`2023-12-12T18:15:22.933`)
* [CVE-2023-49923](CVE-2023/CVE-2023-499xx/CVE-2023-49923.json) (`2023-12-12T18:15:23.153`)
* [CVE-2023-20275](CVE-2023/CVE-2023-202xx/CVE-2023-20275.json) (`2023-12-12T18:15:16.520`)
* [CVE-2023-21740](CVE-2023/CVE-2023-217xx/CVE-2023-21740.json) (`2023-12-12T18:15:16.720`)
* [CVE-2023-35619](CVE-2023/CVE-2023-356xx/CVE-2023-35619.json) (`2023-12-12T18:15:16.913`)
* [CVE-2023-35621](CVE-2023/CVE-2023-356xx/CVE-2023-35621.json) (`2023-12-12T18:15:17.090`)
* [CVE-2023-35622](CVE-2023/CVE-2023-356xx/CVE-2023-35622.json) (`2023-12-12T18:15:17.260`)
* [CVE-2023-35624](CVE-2023/CVE-2023-356xx/CVE-2023-35624.json) (`2023-12-12T18:15:17.440`)
* [CVE-2023-35625](CVE-2023/CVE-2023-356xx/CVE-2023-35625.json) (`2023-12-12T18:15:17.620`)
* [CVE-2023-35628](CVE-2023/CVE-2023-356xx/CVE-2023-35628.json) (`2023-12-12T18:15:17.807`)
* [CVE-2023-35629](CVE-2023/CVE-2023-356xx/CVE-2023-35629.json) (`2023-12-12T18:15:17.990`)
* [CVE-2023-35630](CVE-2023/CVE-2023-356xx/CVE-2023-35630.json) (`2023-12-12T18:15:18.183`)
* [CVE-2023-35631](CVE-2023/CVE-2023-356xx/CVE-2023-35631.json) (`2023-12-12T18:15:18.360`)
* [CVE-2023-35632](CVE-2023/CVE-2023-356xx/CVE-2023-35632.json) (`2023-12-12T18:15:18.547`)
* [CVE-2023-35633](CVE-2023/CVE-2023-356xx/CVE-2023-35633.json) (`2023-12-12T18:15:18.760`)
* [CVE-2023-35634](CVE-2023/CVE-2023-356xx/CVE-2023-35634.json) (`2023-12-12T18:15:18.937`)
* [CVE-2023-35635](CVE-2023/CVE-2023-356xx/CVE-2023-35635.json) (`2023-12-12T18:15:19.107`)
* [CVE-2023-35636](CVE-2023/CVE-2023-356xx/CVE-2023-35636.json) (`2023-12-12T18:15:19.277`)
* [CVE-2023-35638](CVE-2023/CVE-2023-356xx/CVE-2023-35638.json) (`2023-12-12T18:15:19.460`)
* [CVE-2023-49089](CVE-2023/CVE-2023-490xx/CVE-2023-49089.json) (`2023-12-12T19:15:07.840`)
* [CVE-2023-49273](CVE-2023/CVE-2023-492xx/CVE-2023-49273.json) (`2023-12-12T19:15:08.087`)
* [CVE-2023-49922](CVE-2023/CVE-2023-499xx/CVE-2023-49922.json) (`2023-12-12T19:15:08.307`)
* [CVE-2023-6687](CVE-2023/CVE-2023-66xx/CVE-2023-6687.json) (`2023-12-12T19:15:08.510`)
* [CVE-2023-34064](CVE-2023/CVE-2023-340xx/CVE-2023-34064.json) (`2023-12-12T20:15:06.967`)
* [CVE-2023-41337](CVE-2023/CVE-2023-413xx/CVE-2023-41337.json) (`2023-12-12T20:15:07.477`)
* [CVE-2023-49274](CVE-2023/CVE-2023-492xx/CVE-2023-49274.json) (`2023-12-12T20:15:07.993`)
* [CVE-2023-49278](CVE-2023/CVE-2023-492xx/CVE-2023-49278.json) (`2023-12-12T20:15:08.190`)
* [CVE-2023-49279](CVE-2023/CVE-2023-492xx/CVE-2023-49279.json) (`2023-12-12T20:15:08.390`)
* [CVE-2023-50247](CVE-2023/CVE-2023-502xx/CVE-2023-50247.json) (`2023-12-12T20:15:08.580`)
### CVEs modified in the last Commit
Recently modified CVEs: `90`
Recently modified CVEs: `37`
* [CVE-2023-49007](CVE-2023/CVE-2023-490xx/CVE-2023-49007.json) (`2023-12-12T17:13:30.867`)
* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-12T17:15:08.400`)
* [CVE-2023-6538](CVE-2023/CVE-2023-65xx/CVE-2023-6538.json) (`2023-12-12T17:15:08.493`)
* [CVE-2023-6607](CVE-2023/CVE-2023-66xx/CVE-2023-6607.json) (`2023-12-12T17:15:41.850`)
* [CVE-2023-49487](CVE-2023/CVE-2023-494xx/CVE-2023-49487.json) (`2023-12-12T17:19:08.283`)
* [CVE-2023-49247](CVE-2023/CVE-2023-492xx/CVE-2023-49247.json) (`2023-12-12T17:19:24.277`)
* [CVE-2023-49486](CVE-2023/CVE-2023-494xx/CVE-2023-49486.json) (`2023-12-12T17:19:42.290`)
* [CVE-2023-49485](CVE-2023/CVE-2023-494xx/CVE-2023-49485.json) (`2023-12-12T17:19:56.587`)
* [CVE-2023-6146](CVE-2023/CVE-2023-61xx/CVE-2023-6146.json) (`2023-12-12T17:20:59.940`)
* [CVE-2023-6599](CVE-2023/CVE-2023-65xx/CVE-2023-6599.json) (`2023-12-12T17:22:17.503`)
* [CVE-2023-39167](CVE-2023/CVE-2023-391xx/CVE-2023-39167.json) (`2023-12-12T17:43:09.240`)
* [CVE-2023-39172](CVE-2023/CVE-2023-391xx/CVE-2023-39172.json) (`2023-12-12T17:49:44.890`)
* [CVE-2023-39169](CVE-2023/CVE-2023-391xx/CVE-2023-39169.json) (`2023-12-12T17:57:54.800`)
* [CVE-2023-39171](CVE-2023/CVE-2023-391xx/CVE-2023-39171.json) (`2023-12-12T17:59:53.220`)
* [CVE-2023-47440](CVE-2023/CVE-2023-474xx/CVE-2023-47440.json) (`2023-12-12T18:06:36.190`)
* [CVE-2023-41905](CVE-2023/CVE-2023-419xx/CVE-2023-41905.json) (`2023-12-12T18:10:29.040`)
* [CVE-2023-41172](CVE-2023/CVE-2023-411xx/CVE-2023-41172.json) (`2023-12-12T18:11:23.157`)
* [CVE-2023-6275](CVE-2023/CVE-2023-62xx/CVE-2023-6275.json) (`2023-12-12T18:15:23.363`)
* [CVE-2023-39909](CVE-2023/CVE-2023-399xx/CVE-2023-39909.json) (`2023-12-12T18:20:27.780`)
* [CVE-2023-49492](CVE-2023/CVE-2023-494xx/CVE-2023-49492.json) (`2023-12-12T18:21:17.307`)
* [CVE-2023-49493](CVE-2023/CVE-2023-494xx/CVE-2023-49493.json) (`2023-12-12T18:23:26.673`)
* [CVE-2023-6273](CVE-2023/CVE-2023-62xx/CVE-2023-6273.json) (`2023-12-12T18:36:55.433`)
* [CVE-2023-6588](CVE-2023/CVE-2023-65xx/CVE-2023-6588.json) (`2023-12-12T18:50:19.453`)
* [CVE-2023-33411](CVE-2023/CVE-2023-334xx/CVE-2023-33411.json) (`2023-12-12T18:53:04.930`)
* [CVE-2023-40300](CVE-2023/CVE-2023-403xx/CVE-2023-40300.json) (`2023-12-12T18:55:01.573`)
* [CVE-2023-38174](CVE-2023/CVE-2023-381xx/CVE-2023-38174.json) (`2023-12-12T19:27:49.987`)
* [CVE-2023-23372](CVE-2023/CVE-2023-233xx/CVE-2023-23372.json) (`2023-12-12T19:50:04.313`)
* [CVE-2023-48403](CVE-2023/CVE-2023-484xx/CVE-2023-48403.json) (`2023-12-12T19:51:22.450`)
* [CVE-2023-48407](CVE-2023/CVE-2023-484xx/CVE-2023-48407.json) (`2023-12-12T19:54:28.383`)
* [CVE-2023-35618](CVE-2023/CVE-2023-356xx/CVE-2023-35618.json) (`2023-12-12T19:55:06.407`)
* [CVE-2023-36880](CVE-2023/CVE-2023-368xx/CVE-2023-36880.json) (`2023-12-12T19:55:40.393`)
* [CVE-2023-6614](CVE-2023/CVE-2023-66xx/CVE-2023-6614.json) (`2023-12-12T20:02:52.180`)
* [CVE-2023-6613](CVE-2023/CVE-2023-66xx/CVE-2023-6613.json) (`2023-12-12T20:03:31.290`)
* [CVE-2023-6619](CVE-2023/CVE-2023-66xx/CVE-2023-6619.json) (`2023-12-12T20:04:28.453`)
* [CVE-2023-6618](CVE-2023/CVE-2023-66xx/CVE-2023-6618.json) (`2023-12-12T20:06:17.253`)
* [CVE-2023-6617](CVE-2023/CVE-2023-66xx/CVE-2023-6617.json) (`2023-12-12T20:06:30.670`)
* [CVE-2023-6616](CVE-2023/CVE-2023-66xx/CVE-2023-6616.json) (`2023-12-12T20:06:58.937`)
* [CVE-2023-6615](CVE-2023/CVE-2023-66xx/CVE-2023-6615.json) (`2023-12-12T20:07:33.927`)
* [CVE-2023-42325](CVE-2023/CVE-2023-423xx/CVE-2023-42325.json) (`2023-12-12T20:15:07.697`)
* [CVE-2023-42326](CVE-2023/CVE-2023-423xx/CVE-2023-42326.json) (`2023-12-12T20:15:07.807`)
* [CVE-2023-42327](CVE-2023/CVE-2023-423xx/CVE-2023-42327.json) (`2023-12-12T20:15:07.867`)
* [CVE-2023-6610](CVE-2023/CVE-2023-66xx/CVE-2023-6610.json) (`2023-12-12T20:17:58.023`)
* [CVE-2023-6606](CVE-2023/CVE-2023-66xx/CVE-2023-6606.json) (`2023-12-12T20:18:17.807`)
* [CVE-2023-6579](CVE-2023/CVE-2023-65xx/CVE-2023-6579.json) (`2023-12-12T20:19:12.933`)
* [CVE-2023-46871](CVE-2023/CVE-2023-468xx/CVE-2023-46871.json) (`2023-12-12T20:19:53.150`)
* [CVE-2023-48958](CVE-2023/CVE-2023-489xx/CVE-2023-48958.json) (`2023-12-12T20:21:11.650`)
* [CVE-2023-6577](CVE-2023/CVE-2023-65xx/CVE-2023-6577.json) (`2023-12-12T20:37:53.397`)
* [CVE-2023-6333](CVE-2023/CVE-2023-63xx/CVE-2023-6333.json) (`2023-12-12T20:39:57.697`)
* [CVE-2023-34439](CVE-2023/CVE-2023-344xx/CVE-2023-34439.json) (`2023-12-12T20:40:41.693`)
* [CVE-2023-6576](CVE-2023/CVE-2023-65xx/CVE-2023-6576.json) (`2023-12-12T20:41:54.757`)
## Download and Usage