admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-13T17:08:21.092672+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-13 17:08:24 +00:00
parent 785ff6e060
commit 9b71180b91
53 changed files with 3774 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
CVE-2013/CVE-2013-44xx/CVE-2013-4412.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2013-4412",
"sourceIdentifier": "secalert@redhat.com",
"published": "2019-11-04T13:15:10.357",
"lastModified": "2019-11-04T19:53:25.513",
"lastModified": "2023-12-13T15:03:56.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -77,16 +77,24 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "AND",
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:berlios:slim:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE914487-A5A3-4B2E-9B94-0A7BAFD53B15"
},
"criteria": "cpe:2.3:a:berlios:slim:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.6",
"matchCriteriaId": "3312E8CA-64E1-47AF-873D-3106AD072DEB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",

14
CVE-2022/CVE-2022-244xx/CVE-2022-24464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-24464",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-03-09T17:15:14.277",
"lastModified": "2023-06-29T02:15:13.200",
"vulnStatus": "Modified",
"lastModified": "2023-12-13T16:15:17.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -148,9 +148,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.0.7",
"matchCriteriaId": "EDB2528B-4E77-4BE6-A797-E293CE4CCD7F"
"matchCriteriaId": "6C72810F-D156-49CE-A325-7E6A63C9E4A3"
}
]
}
@ -185,7 +185,11 @@
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2022/CVE-2022-247xx/CVE-2022-24767.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24767",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-04-12T18:15:09.510",
"lastModified": "2023-08-02T19:28:28.173",
"lastModified": "2023-12-13T16:15:24.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -113,9 +113,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.0.8",
"matchCriteriaId": "CA9930A0-B05F-4B72-8C17-828B45F16F68"
"matchCriteriaId": "8F014358-A908-4B23-A071-4F8A1F307AD0"
},
{
"vulnerable": true,

45
CVE-2022/CVE-2022-410xx/CVE-2022-41032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41032",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-10-11T19:15:20.483",
"lastModified": "2023-11-07T03:52:41.763",
"vulnStatus": "Modified",
"lastModified": "2023-12-13T16:14:01.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -84,9 +104,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.0.15",
"matchCriteriaId": "13BF8686-9211-4FFE-A111-9A600F811FC4"
"matchCriteriaId": "1C25BC49-47B0-45EF-BB60-712AEAA1FC11"
},
{
"vulnerable": true,
@ -142,15 +162,24 @@
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032",

12
CVE-2022/CVE-2022-463xx/CVE-2022-46344.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-46344",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-12-14T21:15:13.600",
"lastModified": "2023-05-30T06:15:56.633",
"lastModified": "2023-12-13T15:15:07.413",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProperty tiene problemas de validaci\u00f3n de longitud, lo que genera lecturas de memoria fuera de los l\u00edmites y una posible divulgaci\u00f3n de informaci\u00f3n. Este problema puede provocar una elevaci\u00f3n de privilegios locales en sistemas donde el servidor X ejecuta c\u00f3digo privilegiado y remoto para sesiones de reenv\u00edo ssh X."
}
],
"metrics": {
@ -90,7 +94,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -111,7 +114,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -128,6 +130,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46344",
"source": "secalert@redhat.com",

69
CVE-2022/CVE-2022-486xx/CVE-2022-48614.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48614",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.410",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:59:51.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Especial:Preguntar en Semantic MediaWiki antes de 4.0.2 permite Reflected XSS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:semantic-mediawiki:semantic_mediawiki:*:*:*:*:*:mediawiki:*:*",
"versionEndExcluding": "4.0.2",
"matchCriteriaId": "DADF6CC5-2DF1-47D9-BC1B-33BAEDCF926F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SemanticMediaWiki/SemanticMediaWiki/issues/5262",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.semantic-mediawiki.org/wiki/Semantic_MediaWiki_4.0.2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

6
CVE-2023/CVE-2023-218xx/CVE-2023-21808.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-21808",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-02-14T21:15:11.730",
"lastModified": "2023-10-15T16:18:45.880",
"lastModified": "2023-12-13T16:14:42.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,8 +79,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38128784-EA80-4193-B58A-27FB1711EA54"
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3393F97F-05CD-4B04-A6E1-3D914652C4E5"
},
{
"vulnerable": true,

16
CVE-2023/CVE-2023-220xx/CVE-2023-22098.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-22098",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-10-17T22:15:14.813",
"lastModified": "2023-10-23T18:20:14.763",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T15:15:07.547",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.3
"impactScore": 6.0
}
]
},

6
CVE-2023/CVE-2023-282xx/CVE-2023-28296.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28296",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-04-11T21:15:27.407",
"lastModified": "2023-04-19T20:53:13.267",
"lastModified": "2023-12-13T16:14:24.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,9 +70,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.0.21",
"matchCriteriaId": "F5C10205-425C-4840-B015-6D55A1509918"
"matchCriteriaId": "06B7E408-A6EC-4556-A535-3F3340F314F7"
},
{
"vulnerable": true,

6
CVE-2023/CVE-2023-282xx/CVE-2023-28299.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28299",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-04-11T21:15:27.663",
"lastModified": "2023-04-19T20:30:41.217",
"lastModified": "2023-12-13T16:13:15.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,9 +90,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.0.21",
"matchCriteriaId": "F5C10205-425C-4840-B015-6D55A1509918"
"matchCriteriaId": "06B7E408-A6EC-4556-A535-3F3340F314F7"
},
{
"vulnerable": true,

230
CVE-2023/CVE-2023-329xx/CVE-2023-32968.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32968",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-12-08T16:15:15.943",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:04:28.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2514 build 20230906 and later\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2514 compilaci\u00f3n 20230906 y posteriores QTS 5.1.2.2533 compilaci\u00f3n 20230926 y posteriores QuTS hero h5.0.1.2515 compilaci\u00f3n 20230907 y posteriores QuTS hero h5.1.2.2534 compilaci\u00f3n 20230927 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,210 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*",
"matchCriteriaId": "A014C53A-6057-46C3-ABE9-A0ACA785425B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*",
"matchCriteriaId": "D57801C1-0E7C-482F-816E-A405DE4A86C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*",
"matchCriteriaId": "DE301B1C-4E3E-4AC4-80BB-D06BE16D0C64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*",
"matchCriteriaId": "582171F1-ADD6-4F68-8539-154E53A783A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*",
"matchCriteriaId": "B621B512-940C-4C16-A64F-3E577B9DE6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*",
"matchCriteriaId": "F05F874D-52CB-49A1-AF3B-A0503C33710C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*",
"matchCriteriaId": "86123F0E-3A48-45EB-B8C6-7A953E7719D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*",
"matchCriteriaId": "644159A6-4018-4BDB-863B-94F5725534EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*",
"matchCriteriaId": "EB42C492-9259-4A03-A65C-EACDD31E543A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*",
"matchCriteriaId": "1CECD991-E1F0-4B6B-8CA4-2EEFBA071622"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*",
"matchCriteriaId": "55711131-A764-4E5C-9FF9-19DD601F5081"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2376:build_20230421:*:*:*:*:*:*",
"matchCriteriaId": "45C6A343-D973-4A54-B547-7B90599F97AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2425:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "77F60935-8B27-4D1A-909F-70A8AAE7B346"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*",
"matchCriteriaId": "698DB6DC-9262-48A2-9232-DFC97C8BBB61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*",
"matchCriteriaId": "A728F1BE-B17B-4721-9C9E-97A666CAD07B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*",
"matchCriteriaId": "85EC894E-2C81-4A9D-9AC7-2ADF74ADE7E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*",
"matchCriteriaId": "8C4C9FDD-FD44-44E7-B552-40E94AC32A23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*",
"matchCriteriaId": "81BA2B4F-1665-4505-96FD-FCDEE7D77583"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*",
"matchCriteriaId": "3A28B922-56DF-434B-82B8-1BFC69ED5C70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2376:build_20230421:*:*:*:*:*:*",
"matchCriteriaId": "08349EE1-5D49-402F-9E3F-FFAC9D39FBCB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-07",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

230
CVE-2023/CVE-2023-329xx/CVE-2023-32975.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32975",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-12-08T16:15:16.153",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:14:16.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2514 build 20230906 and later\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2514 compilaci\u00f3n 20230906 y posteriores QTS 5.1.2.2533 compilaci\u00f3n 20230926 y posteriores QuTS hero h5.0.1.2515 compilaci\u00f3n 20230907 y posteriores QuTS hero h5.1.2.2534 compilaci\u00f3n 20230927 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,210 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*",
"matchCriteriaId": "A014C53A-6057-46C3-ABE9-A0ACA785425B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*",
"matchCriteriaId": "D57801C1-0E7C-482F-816E-A405DE4A86C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*",
"matchCriteriaId": "DE301B1C-4E3E-4AC4-80BB-D06BE16D0C64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*",
"matchCriteriaId": "582171F1-ADD6-4F68-8539-154E53A783A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*",
"matchCriteriaId": "B621B512-940C-4C16-A64F-3E577B9DE6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*",
"matchCriteriaId": "F05F874D-52CB-49A1-AF3B-A0503C33710C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*",
"matchCriteriaId": "86123F0E-3A48-45EB-B8C6-7A953E7719D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*",
"matchCriteriaId": "644159A6-4018-4BDB-863B-94F5725534EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*",
"matchCriteriaId": "EB42C492-9259-4A03-A65C-EACDD31E543A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*",
"matchCriteriaId": "1CECD991-E1F0-4B6B-8CA4-2EEFBA071622"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*",
"matchCriteriaId": "55711131-A764-4E5C-9FF9-19DD601F5081"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2376:build_20230421:*:*:*:*:*:*",
"matchCriteriaId": "45C6A343-D973-4A54-B547-7B90599F97AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2425:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "77F60935-8B27-4D1A-909F-70A8AAE7B346"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*",
"matchCriteriaId": "698DB6DC-9262-48A2-9232-DFC97C8BBB61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*",
"matchCriteriaId": "A728F1BE-B17B-4721-9C9E-97A666CAD07B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*",
"matchCriteriaId": "85EC894E-2C81-4A9D-9AC7-2ADF74ADE7E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*",
"matchCriteriaId": "8C4C9FDD-FD44-44E7-B552-40E94AC32A23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*",
"matchCriteriaId": "81BA2B4F-1665-4505-96FD-FCDEE7D77583"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*",
"matchCriteriaId": "3A28B922-56DF-434B-82B8-1BFC69ED5C70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2376:build_20230421:*:*:*:*:*:*",
"matchCriteriaId": "08349EE1-5D49-402F-9E3F-FFAC9D39FBCB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-07",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-331xx/CVE-2023-33127.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33127",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-07-11T18:15:14.213",
"lastModified": "2023-07-14T14:57:23.843",
"lastModified": "2023-12-13T16:12:28.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,9 +70,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.0.23",
"matchCriteriaId": "608BDDA8-7FCB-4739-B265-729560D5A7F3"
"matchCriteriaId": "46E1B01E-2B9A-4666-A680-DED9669FD62B"
},
{
"vulnerable": true,

6
CVE-2023/CVE-2023-331xx/CVE-2023-33170.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33170",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-07-11T18:15:15.660",
"lastModified": "2023-07-31T17:47:49.250",
"lastModified": "2023-12-13T16:14:12.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,9 +70,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.0.23",
"matchCriteriaId": "608BDDA8-7FCB-4739-B265-729560D5A7F3"
"matchCriteriaId": "46E1B01E-2B9A-4666-A680-DED9669FD62B"
},
{
"vulnerable": true,

262
CVE-2023/CVE-2023-437xx/CVE-2023-43742.json
View File

@ -2,19 +2,273 @@
"id": "CVE-2023-43742",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T01:15:07.200",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:41:01.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250 y MX30 con versiones de firmware anteriores a 17.0.10 parche 17161 y 16.04 parche 16109 permite a un atacante no autenticado obtener una sesi\u00f3n administrativa a trav\u00e9s de una falla del mecanismo de protecci\u00f3n en la funci\u00f3n de autenticaci\u00f3n. En funcionamiento normal, el cliente Windows Zultys MX Administrator se conecta al puerto 7505 e intenta la autenticaci\u00f3n, enviando el nombre de usuario y la contrase\u00f1a del administrador al servidor. Tras un error de autenticaci\u00f3n, el servidor env\u00eda un mensaje de error de inicio de sesi\u00f3n solicitando al cliente que se desconecte. Sin embargo, si el cliente ignora el mensaje de error e intenta continuar, el servidor no cierra la conexi\u00f3n a la fuerza y procesa todas las solicitudes posteriores del cliente como si la autenticaci\u00f3n hubiera sido exitosa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "09D39AC9-ACBA-4CF9-B9F0-D04F6B392905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "4D290A1E-9CF3-42C3-B099-9A0D5FFE2FDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E4DCA4-D3CB-46DC-B20F-205F18FE6FA4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "E2CE4D4C-0CB5-4AB9-936B-E275E4A6E1A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "9B040E08-BAF8-475B-BF5C-DC3D6D5FBBB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-se_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD550DD-C5C0-4ABC-9C29-016FC0587E97"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "3907F8B7-CB24-4BE4-8B8D-18F3D965EE7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "2257C4EE-4C6F-4EC2-A88D-6048FFE28EC2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E12E140-C7D8-4875-9AF7-4EF1A77D9CF1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "BCCC65F2-DAC8-4A47-A712-95D7E2579A3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "7657BBD9-09D8-4EEA-AC0B-5098C4369874"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-virtual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B765CFE-8D05-430C-9725-6FBC8C9D1484"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "9D49E46A-4BA6-4563-9786-D2BC5E05F1CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "B9572474-24A5-47C5-9A95-E8F4E0AB56C8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBBEC0-96AF-42D1-B27C-91E6F3E67F7D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "AF02FDBD-C0B9-4E6D-AEDD-3BB28D9EF059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "6EC94AF4-0D2B-4045-98DF-53E2014C139D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765B6E-39CE-4CD2-A20C-7DB96FDDEBF0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

267
CVE-2023/CVE-2023-437xx/CVE-2023-43743.json
View File

@ -2,23 +2,280 @@
"id": "CVE-2023-43743",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T01:15:07.270",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:38:28.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250 y MX30 con versiones de firmware anteriores a 17.0.10 parche 17161 y 16.04 parche 16109 permite a un atacante autenticado ejecutar consultas SQL arbitrarias en la base de datos backend a trav\u00e9s del par\u00e1metro de filtro en solicitudes al endpoint /newapi/ en la interfaz web de Zultys MX."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "09D39AC9-ACBA-4CF9-B9F0-D04F6B392905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "4D290A1E-9CF3-42C3-B099-9A0D5FFE2FDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E4DCA4-D3CB-46DC-B20F-205F18FE6FA4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "E2CE4D4C-0CB5-4AB9-936B-E275E4A6E1A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "9B040E08-BAF8-475B-BF5C-DC3D6D5FBBB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-se_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD550DD-C5C0-4ABC-9C29-016FC0587E97"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "3907F8B7-CB24-4BE4-8B8D-18F3D965EE7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "2257C4EE-4C6F-4EC2-A88D-6048FFE28EC2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E12E140-C7D8-4875-9AF7-4EF1A77D9CF1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "BCCC65F2-DAC8-4A47-A712-95D7E2579A3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "7657BBD9-09D8-4EEA-AC0B-5098C4369874"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-virtual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B765CFE-8D05-430C-9725-6FBC8C9D1484"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "9D49E46A-4BA6-4563-9786-D2BC5E05F1CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "B9572474-24A5-47C5-9A95-E8F4E0AB56C8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBBEC0-96AF-42D1-B27C-91E6F3E67F7D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "AF02FDBD-C0B9-4E6D-AEDD-3BB28D9EF059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "6EC94AF4-0D2B-4045-98DF-53E2014C139D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765B6E-39CE-4CD2-A20C-7DB96FDDEBF0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://mxvirtual.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

267
CVE-2023/CVE-2023-437xx/CVE-2023-43744.json
View File

@ -2,23 +2,280 @@
"id": "CVE-2023-43744",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T01:15:07.337",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:35:02.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a \"Patch Manager\" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250 y MX30 con versiones de firmware anteriores al parche 17.0.10 17161 y al parche 16.04 16109 permite a un administrador ejecutar comandos arbitrarios del sistema operativo. a trav\u00e9s de un par\u00e1metro de nombre de archivo en una funci\u00f3n de aplicaci\u00f3n de parche. El cliente Zultys MX Administrator tiene una secci\u00f3n \"Administrador de parches\" que permite a los administradores aplicar parches al dispositivo. El nombre de archivo proporcionado por el usuario para el archivo de parche se pasa a un script de shell sin validaci\u00f3n. Incluir caracteres de sustituci\u00f3n de comandos bash en el nombre de un archivo de parche da como resultado la ejecuci\u00f3n del comando proporcionado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "09D39AC9-ACBA-4CF9-B9F0-D04F6B392905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "4D290A1E-9CF3-42C3-B099-9A0D5FFE2FDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E4DCA4-D3CB-46DC-B20F-205F18FE6FA4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "E2CE4D4C-0CB5-4AB9-936B-E275E4A6E1A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "9B040E08-BAF8-475B-BF5C-DC3D6D5FBBB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-se_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD550DD-C5C0-4ABC-9C29-016FC0587E97"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "3907F8B7-CB24-4BE4-8B8D-18F3D965EE7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "2257C4EE-4C6F-4EC2-A88D-6048FFE28EC2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E12E140-C7D8-4875-9AF7-4EF1A77D9CF1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "BCCC65F2-DAC8-4A47-A712-95D7E2579A3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "7657BBD9-09D8-4EEA-AC0B-5098C4369874"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx-virtual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B765CFE-8D05-430C-9725-6FBC8C9D1484"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "9D49E46A-4BA6-4563-9786-D2BC5E05F1CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "B9572474-24A5-47C5-9A95-E8F4E0AB56C8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBBEC0-96AF-42D1-B27C-91E6F3E67F7D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.4",
"matchCriteriaId": "AF02FDBD-C0B9-4E6D-AEDD-3BB28D9EF059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.6",
"versionEndExcluding": "17.0.10",
"matchCriteriaId": "6EC94AF4-0D2B-4045-98DF-53E2014C139D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zultys:mx30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765B6E-39CE-4CD2-A20C-7DB96FDDEBF0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://mxvirtual.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

190
CVE-2023/CVE-2023-442xx/CVE-2023-44221.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-44221",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-12-05T21:15:07.150",
"lastModified": "2023-12-06T13:50:15.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:33:56.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales en la interfaz de administraci\u00f3n SMA100 SSL-VPN permite que un atacante remoto autenticado con privilegios administrativos inyecte comandos arbitrarios como un usuario \"nobody\", lo que podr\u00eda provocar una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,10 +60,155 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "4674E718-3642-4042-82DE-49B845CF2DC6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "5990A44B-DD34-4B32-B233-9062902EBE9A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "C82E099E-AAE1-4BD3-B0C0-38326201586C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "E422E9C1-597B-468F-A634-23C54C1F7C74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "B70F00FF-A14D-40F3-9381-817542DE6A7D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47548.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47548",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T13:15:07.500",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:24:28.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en SoftLab Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site. Este problema afecta a Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: desde n/a hasta 1.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softlabbd:integrate_google_drive:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.3",
"matchCriteriaId": "C9B6C822-237C-4B0F-8C09-9964DCECD945"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-475xx/CVE-2023-47565.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47565",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-12-08T16:15:16.367",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:27:50.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\n\nQVR Firmware 5.0.0\u00a0and later\n\n"
},
{
"lang": "es",
"value": "Se ha descubierto que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a los modelos QNAP VioStor NVR heredados que ejecutan el firmware QVR 4.x. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QVR Firmware 5.0.0 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qvr_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "5.0.0",
"matchCriteriaId": "4FCA8C58-1B8E-4340-9EFB-26751B112629"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-48",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-483xx/CVE-2023-48398.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48398",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:16.617",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:34:05.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-483xx/CVE-2023-48399.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48399",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:16.670",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:36:24.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En ProtocolMiscATCommandAdapter::Init() de protocolmiscadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48404.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48404",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:17.343",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:40:24.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En ProtocolMiscCarrierConfigSimInfoIndAdapter de protocolmiscadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48405.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48405",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:17.630",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:47:14.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "Existe una forma posible para que el mundo seguro escriba en la memoria NS debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48406.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48406",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:17.783",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:47:59.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "Existe una posible DoS permanente o una forma para que el m\u00f3dem inicie firmware no verificado debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48414.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48414",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.253",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:55:22.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En Pixel Camera Driver, existe un posible use after free debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48415.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48415",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.307",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:55:04.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En Init de protocolembmsadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48416.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48416",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.360",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:54:45.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En varias ubicaciones, existe una posible desreferencia nula debido a que falta una verificaci\u00f3n nula. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48420.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48420",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.513",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:54:25.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "Existe un posible use after free debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48421.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48421",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.560",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:53:57.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En gpu_pixel_handle_buffer_liveness_update_ioctl de private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48422.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48422",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.607",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:53:03.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En Init de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48423.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48423",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.657",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:52:00.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En dhcp4_SetPDNAddress de dhcp4_Main.c, hay una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49494.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49494",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T21:15:07.397",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:29:45.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 que DedeCMS v5.7.111 contiene una vulnerabilidad de cross-site scripting (XSS) reflectantes a trav\u00e9s del componente select_media_post_wangEditor.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:5.7.111:*:*:*:*:*:*:*",
"matchCriteriaId": "377F392A-A04B-4E7A-BBE8-F77CE65BDFCF"
}
]
}
]
}
],
"references": [
{
"url": "http://dedecms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Hebing123/cve/issues/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-499xx/CVE-2023-49955.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-49955",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T13:15:07.690",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:20:11.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is \"OCPP.Core is intended for use in a protected environment/network.\""
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Dalmann OCPP.Core anterior a 1.2.0 para OCPP (Protocolo de punto de carga abierto) para veh\u00edculos el\u00e9ctricos. No valida la longitud del campo chargePointVendor en un mensaje BootNotification, lo que puede provocar inestabilidad del servidor y denegaci\u00f3n de servicio al procesar entradas excesivamente grandes. NOTA: la perspectiva del proveedor es \"OCPP.Core est\u00e1 dise\u00f1ado para su uso en un entorno/red protegido\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "1570FC53-9573-4F61-A082-9E51BE80961D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dallmann-consulting/OCPP.Core/issues/32",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-499xx/CVE-2023-49956.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-49956",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T13:15:07.737",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:14:46.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Dalmann OCPP.Core anterior a 1.3.0 para OCPP (Protocolo de punto de carga abierto) para veh\u00edculos el\u00e9ctricos. Un mensaje StopTransaction con cualquier ID de transacci\u00f3n aleatorio finaliza las transacciones activas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "C39AD5F2-CEA9-4F62-B0BA-34A433016635"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dallmann-consulting/OCPP.Core/issues/34",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-499xx/CVE-2023-49957.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-49957",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T13:15:07.790",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:14:40.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor's perspective is \"Imagine you've got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?\""
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Dalmann OCPP.Core anterior a 1.3.0 para OCPP (Protocolo de punto de carga abierto) para veh\u00edculos el\u00e9ctricos. Permite m\u00faltiples transacciones con el mismo conectorId e idTag, contrario al estado ConcurrentTx esperado. Esto podr\u00eda dar lugar a errores cr\u00edticos de facturaci\u00f3n y gesti\u00f3n de transacciones. NOTA: la perspectiva del proveedor es \"\u00bfImagina que tienes dos autos en tu familia y quieres cargar ambos en paralelo en la misma cuenta/token? \u00bfPor qu\u00e9 deber\u00eda rechazarse?\""
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "C39AD5F2-CEA9-4F62-B0BA-34A433016635"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dallmann-consulting/OCPP.Core/issues/35",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-504xx/CVE-2023-50449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50449",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T18:15:07.103",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:02:58.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "JFinalCMS 5.0.0 podr\u00eda permitir a un atacante remoto leer archivos a trav\u00e9s de ../ Directory Traversal en el par\u00e1metro /common/down/file fileKey."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/heyewei/JFinalcms/issues/I7WGC6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-504xx/CVE-2023-50453.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50453",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-10T19:15:07.480",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:58:08.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,76 @@
"value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.2.0. Utiliza el endpoint p\u00fablico /api/v1/signshow para su pantalla de inicio de sesi\u00f3n. Este endpoint devuelve datos de configuraci\u00f3n interna de los atributos del objeto del usuario, como valores seleccionables, que no deber\u00edan ser visibles para el p\u00fablico."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zammad:zammad:6.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A246CC7D-8B52-43CC-A4F6-7E6C63D56740"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zammad:zammad:6.1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "226C3449-B353-4B93-AC0E-F9D6367FC962"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zammad:zammad:6.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "98188727-1BBE-4691-8968-5E7047F19793"
}
]
}
]
}
],
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2023-08",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-58xx/CVE-2023-5869.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5869",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.410",
"lastModified": "2023-12-13T10:15:10.600",
"lastModified": "2023-12-13T16:15:12.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -107,6 +107,14 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7772",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7778",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7783",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5869",
"source": "secalert@redhat.com"

190
CVE-2023/CVE-2023-59xx/CVE-2023-5970.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-5970",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-12-05T21:15:07.667",
"lastModified": "2023-12-06T13:50:15.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:32:02.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n incorrecta en el portal de oficina virtual SMA100 SSL-VPN permite que un atacante autenticado remoto cree un usuario de dominio externo id\u00e9ntico utilizando caracteres acentuados, lo que resulta en una omisi\u00f3n de MFA."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,10 +60,155 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "4674E718-3642-4042-82DE-49B845CF2DC6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "5990A44B-DD34-4B32-B233-9062902EBE9A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "C82E099E-AAE1-4BD3-B0C0-38326201586C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "E422E9C1-597B-468F-A634-23C54C1F7C74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2.1.9-57sv",
"matchCriteriaId": "B70F00FF-A14D-40F3-9381-817542DE6A7D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-63xx/CVE-2023-6377.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6377",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:30.030",
"lastModified": "2023-12-13T13:35:21.667",
"lastModified": "2023-12-13T15:15:07.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,6 +51,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6377",
"source": "secalert@redhat.com"

12
CVE-2023/CVE-2023-64xx/CVE-2023-6448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6448",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2023-12-05T18:15:12.643",
"lastModified": "2023-12-12T15:31:22.767",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T15:15:07.883",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-11",
"cisaActionDue": "2023-12-18",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -438,6 +438,10 @@
}
],
"references": [
{
"url": "https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
@ -445,6 +449,10 @@
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.unitronicsplc.com/cyber_security_vision-samba/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

6
CVE-2023/CVE-2023-64xx/CVE-2023-6478.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6478",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:31.213",
"lastModified": "2023-12-13T13:35:21.667",
"lastModified": "2023-12-13T15:15:07.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,6 +51,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6478",
"source": "secalert@redhat.com"

79
CVE-2023/CVE-2023-65xx/CVE-2023-6578.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6578",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T21:15:08.863",
"lastModified": "2023-12-08T14:23:14.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:48:30.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Software AG WebMethods 10.11.x/10.15.x y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo wm.server/connect/ es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. Para acceder a un archivo como /assets/, una ventana emergente puede solicitar un nombre de usuario y contrase\u00f1a. Con solo hacer clic en CANCELAR ser\u00e1 redirigido al directorio. Si visit\u00f3 /invoke/wm.server/connect, podr\u00e1 ver detalles como IP internas, puertos y versiones. En algunos casos, si se rechaza el acceso a /assets/, puede ingresar /assets/x como un valor incorrecto y luego regresar a /assets/ donde mostraremos los datos solicitados. Parece que el control de acceso insuficiente depende de los datos del encabezado de referencia. VDB-247158 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,14 +105,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softwareag:webmethods:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.11",
"versionEndIncluding": "10.11.4",
"matchCriteriaId": "AC610CE6-5942-4AB8-A91F-D50098BDBC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softwareag:webmethods:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.15",
"versionEndIncluding": "10.15.4",
"matchCriteriaId": "943EE677-BF5F-4376-AC45-4C7582076C18"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247158",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.247158",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2023/CVE-2023-66xx/CVE-2023-6609.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6609",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T15:15:08.683",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:08:59.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en osCommerce 4. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /b2b-supermarket/catalog/all-products. La manipulaci\u00f3n del argumento palabras clave con la entrada %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247245. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,14 +105,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D289144B-230C-46DA-B11D-9A1D3A1DFCE9"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247245",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247245",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-66xx/CVE-2023-6611.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6611",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T15:15:08.917",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T15:49:25.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tongda OA 2017 hasta 11.9. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo pda/pad/email/delete.php. La manipulaci\u00f3n del argumento EMAIL_ID conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. VDB-247246 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.9",
"matchCriteriaId": "2413FEEB-A1D3-4767-B73A-7029DCA8F767"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "A77F4CAB-A2ED-4AFF-B9C7-03C69B14AE9D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/13223355/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247246",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247246",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-66xx/CVE-2023-6646.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6646",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-09T22:15:07.560",
"lastModified": "2023-12-10T11:50:56.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T16:53:04.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica ha sido encontrada en linking 1.23.0. Una funci\u00f3n desconocida es afectada por esta funci\u00f3n. La manipulaci\u00f3n del argumento a conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 1.23.1 puede solucionar este problema. Se recomienda actualizar el componente afectado. VDB-247338 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor primeramente, y respondi\u00f3 de manera muy profesional e inmediatamente lanz\u00f3 una versi\u00f3n reparada del producto afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sissbruecker:linkding:1.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12AA18BD-DD81-4D41-98F6-557CDD65773B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sissbruecker/linkding/releases/tag/v1.23.1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://treasure-blarney-085.notion.site/linkding-XSS-12709fa5ec664c8ebf6a4a02141252a8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247338",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247338",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6758.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6758",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T15:15:08.080",
"lastModified": "2023-12-13T16:33:21.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "http://124.71.147.32:8082/IceCMS4.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247886",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247886",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6759.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6759",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T15:15:08.337",
"lastModified": "2023-12-13T16:33:21.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-837"
}
]
}
],
"references": [
{
"url": "http://39.106.130.187/Icecms.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247887",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247887",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6760.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6760",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T16:15:12.210",
"lastModified": "2023-12-13T16:33:21.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1018"
}
]
}
],
"references": [
{
"url": "http://39.106.130.187/yue/yue.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247888",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247888",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6761.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6761",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T16:15:12.473",
"lastModified": "2023-12-13T16:33:21.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "http://39.106.130.187/chui/1.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247889",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247889",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6762.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6762",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T16:15:12.710",
"lastModified": "2023-12-13T16:33:21.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-275"
}
]
}
],
"references": [
{
"url": "http://39.106.130.187/jwt/wen/1.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247890",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247890",
"source": "cna@vuldb.com"
}
]
}

90
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-13T15:00:49.818950+00:00
2023-12-13T17:08:21.092672+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-13T14:41:10.210000+00:00
2023-12-13T16:55:22.940000+00:00
```
### Last Data Feed Release
@ -29,69 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233009
233014
```
### CVEs added in the last Commit
Recently added CVEs: `34`
Recently added CVEs: `5`
* [CVE-2023-47326](CVE-2023/CVE-2023-473xx/CVE-2023-47326.json) (`2023-12-13T14:15:44.437`)
* [CVE-2023-47327](CVE-2023/CVE-2023-473xx/CVE-2023-47327.json) (`2023-12-13T14:15:44.487`)
* [CVE-2023-48625](CVE-2023/CVE-2023-486xx/CVE-2023-48625.json) (`2023-12-13T14:15:44.533`)
* [CVE-2023-48626](CVE-2023/CVE-2023-486xx/CVE-2023-48626.json) (`2023-12-13T14:15:44.737`)
* [CVE-2023-48627](CVE-2023/CVE-2023-486xx/CVE-2023-48627.json) (`2023-12-13T14:15:44.923`)
* [CVE-2023-48628](CVE-2023/CVE-2023-486xx/CVE-2023-48628.json) (`2023-12-13T14:15:45.120`)
* [CVE-2023-48629](CVE-2023/CVE-2023-486xx/CVE-2023-48629.json) (`2023-12-13T14:15:45.310`)
* [CVE-2023-48630](CVE-2023/CVE-2023-486xx/CVE-2023-48630.json) (`2023-12-13T14:15:45.513`)
* [CVE-2023-48632](CVE-2023/CVE-2023-486xx/CVE-2023-48632.json) (`2023-12-13T14:15:45.713`)
* [CVE-2023-48633](CVE-2023/CVE-2023-486xx/CVE-2023-48633.json) (`2023-12-13T14:15:45.907`)
* [CVE-2023-48634](CVE-2023/CVE-2023-486xx/CVE-2023-48634.json) (`2023-12-13T14:15:46.103`)
* [CVE-2023-48635](CVE-2023/CVE-2023-486xx/CVE-2023-48635.json) (`2023-12-13T14:15:46.297`)
* [CVE-2023-48636](CVE-2023/CVE-2023-486xx/CVE-2023-48636.json) (`2023-12-13T14:15:46.483`)
* [CVE-2023-48637](CVE-2023/CVE-2023-486xx/CVE-2023-48637.json) (`2023-12-13T14:15:46.673`)
* [CVE-2023-48638](CVE-2023/CVE-2023-486xx/CVE-2023-48638.json) (`2023-12-13T14:15:46.880`)
* [CVE-2023-48639](CVE-2023/CVE-2023-486xx/CVE-2023-48639.json) (`2023-12-13T14:15:47.073`)
* [CVE-2023-6756](CVE-2023/CVE-2023-67xx/CVE-2023-6756.json) (`2023-12-13T14:15:47.267`)
* [CVE-2023-6757](CVE-2023/CVE-2023-67xx/CVE-2023-6757.json) (`2023-12-13T14:15:47.500`)
* [CVE-2023-34194](CVE-2023/CVE-2023-341xx/CVE-2023-34194.json) (`2023-12-13T14:15:43.680`)
* [CVE-2023-47080](CVE-2023/CVE-2023-470xx/CVE-2023-47080.json) (`2023-12-13T14:15:43.763`)
* [CVE-2023-47081](CVE-2023/CVE-2023-470xx/CVE-2023-47081.json) (`2023-12-13T14:15:43.963`)
* [CVE-2023-47320](CVE-2023/CVE-2023-473xx/CVE-2023-47320.json) (`2023-12-13T14:15:44.153`)
* [CVE-2023-47321](CVE-2023/CVE-2023-473xx/CVE-2023-47321.json) (`2023-12-13T14:15:44.200`)
* [CVE-2023-47322](CVE-2023/CVE-2023-473xx/CVE-2023-47322.json) (`2023-12-13T14:15:44.247`)
* [CVE-2023-47323](CVE-2023/CVE-2023-473xx/CVE-2023-47323.json) (`2023-12-13T14:15:44.293`)
* [CVE-2023-6758](CVE-2023/CVE-2023-67xx/CVE-2023-6758.json) (`2023-12-13T15:15:08.080`)
* [CVE-2023-6759](CVE-2023/CVE-2023-67xx/CVE-2023-6759.json) (`2023-12-13T15:15:08.337`)
* [CVE-2023-6760](CVE-2023/CVE-2023-67xx/CVE-2023-6760.json) (`2023-12-13T16:15:12.210`)
* [CVE-2023-6761](CVE-2023/CVE-2023-67xx/CVE-2023-6761.json) (`2023-12-13T16:15:12.473`)
* [CVE-2023-6762](CVE-2023/CVE-2023-67xx/CVE-2023-6762.json) (`2023-12-13T16:15:12.710`)
### CVEs modified in the last Commit
Recently modified CVEs: `58`
Recently modified CVEs: `47`
* [CVE-2023-48782](CVE-2023/CVE-2023-487xx/CVE-2023-48782.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-48791](CVE-2023/CVE-2023-487xx/CVE-2023-48791.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-47536](CVE-2023/CVE-2023-475xx/CVE-2023-47536.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-44251](CVE-2023/CVE-2023-442xx/CVE-2023-44251.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-44252](CVE-2023/CVE-2023-442xx/CVE-2023-44252.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-6718](CVE-2023/CVE-2023-67xx/CVE-2023-6718.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-45800](CVE-2023/CVE-2023-458xx/CVE-2023-45800.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47574](CVE-2023/CVE-2023-475xx/CVE-2023-47574.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47575](CVE-2023/CVE-2023-475xx/CVE-2023-47575.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47576](CVE-2023/CVE-2023-475xx/CVE-2023-47576.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47578](CVE-2023/CVE-2023-475xx/CVE-2023-47578.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47579](CVE-2023/CVE-2023-475xx/CVE-2023-47579.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-45801](CVE-2023/CVE-2023-458xx/CVE-2023-45801.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-45725](CVE-2023/CVE-2023-457xx/CVE-2023-45725.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-31210](CVE-2023/CVE-2023-312xx/CVE-2023-31210.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-6534](CVE-2023/CVE-2023-65xx/CVE-2023-6534.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-6660](CVE-2023/CVE-2023-66xx/CVE-2023-6660.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-33412](CVE-2023/CVE-2023-334xx/CVE-2023-33412.json) (`2023-12-13T13:36:43.570`)
* [CVE-2023-33413](CVE-2023/CVE-2023-334xx/CVE-2023-33413.json) (`2023-12-13T13:41:51.183`)
* [CVE-2023-38435](CVE-2023/CVE-2023-384xx/CVE-2023-38435.json) (`2023-12-13T13:49:32.873`)
* [CVE-2023-49958](CVE-2023/CVE-2023-499xx/CVE-2023-49958.json) (`2023-12-13T13:53:04.123`)
* [CVE-2023-6580](CVE-2023/CVE-2023-65xx/CVE-2023-6580.json) (`2023-12-13T14:11:27.950`)
* [CVE-2023-6245](CVE-2023/CVE-2023-62xx/CVE-2023-6245.json) (`2023-12-13T14:41:10.210`)
* [CVE-2023-50453](CVE-2023/CVE-2023-504xx/CVE-2023-50453.json) (`2023-12-13T15:58:08.647`)
* [CVE-2023-50449](CVE-2023/CVE-2023-504xx/CVE-2023-50449.json) (`2023-12-13T16:02:58.210`)
* [CVE-2023-32968](CVE-2023/CVE-2023-329xx/CVE-2023-32968.json) (`2023-12-13T16:04:28.430`)
* [CVE-2023-33127](CVE-2023/CVE-2023-331xx/CVE-2023-33127.json) (`2023-12-13T16:12:28.670`)
* [CVE-2023-28299](CVE-2023/CVE-2023-282xx/CVE-2023-28299.json) (`2023-12-13T16:13:15.800`)
* [CVE-2023-33170](CVE-2023/CVE-2023-331xx/CVE-2023-33170.json) (`2023-12-13T16:14:12.353`)
* [CVE-2023-32975](CVE-2023/CVE-2023-329xx/CVE-2023-32975.json) (`2023-12-13T16:14:16.973`)
* [CVE-2023-28296](CVE-2023/CVE-2023-282xx/CVE-2023-28296.json) (`2023-12-13T16:14:24.210`)
* [CVE-2023-21808](CVE-2023/CVE-2023-218xx/CVE-2023-21808.json) (`2023-12-13T16:14:42.073`)
* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-13T16:15:12.060`)
* [CVE-2023-47565](CVE-2023/CVE-2023-475xx/CVE-2023-47565.json) (`2023-12-13T16:27:50.770`)
* [CVE-2023-49494](CVE-2023/CVE-2023-494xx/CVE-2023-49494.json) (`2023-12-13T16:29:45.553`)
* [CVE-2023-48398](CVE-2023/CVE-2023-483xx/CVE-2023-48398.json) (`2023-12-13T16:34:05.937`)
* [CVE-2023-48399](CVE-2023/CVE-2023-483xx/CVE-2023-48399.json) (`2023-12-13T16:36:24.557`)
* [CVE-2023-48404](CVE-2023/CVE-2023-484xx/CVE-2023-48404.json) (`2023-12-13T16:40:24.357`)
* [CVE-2023-48405](CVE-2023/CVE-2023-484xx/CVE-2023-48405.json) (`2023-12-13T16:47:14.437`)
* [CVE-2023-48406](CVE-2023/CVE-2023-484xx/CVE-2023-48406.json) (`2023-12-13T16:47:59.943`)
* [CVE-2023-48423](CVE-2023/CVE-2023-484xx/CVE-2023-48423.json) (`2023-12-13T16:52:00.397`)
* [CVE-2023-48422](CVE-2023/CVE-2023-484xx/CVE-2023-48422.json) (`2023-12-13T16:53:03.923`)
* [CVE-2023-6646](CVE-2023/CVE-2023-66xx/CVE-2023-6646.json) (`2023-12-13T16:53:04.853`)
* [CVE-2023-48421](CVE-2023/CVE-2023-484xx/CVE-2023-48421.json) (`2023-12-13T16:53:57.040`)
* [CVE-2023-48420](CVE-2023/CVE-2023-484xx/CVE-2023-48420.json) (`2023-12-13T16:54:25.547`)
* [CVE-2023-48416](CVE-2023/CVE-2023-484xx/CVE-2023-48416.json) (`2023-12-13T16:54:45.200`)
* [CVE-2023-48415](CVE-2023/CVE-2023-484xx/CVE-2023-48415.json) (`2023-12-13T16:55:04.633`)
* [CVE-2023-48414](CVE-2023/CVE-2023-484xx/CVE-2023-48414.json) (`2023-12-13T16:55:22.940`)
## Download and Usage