admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-09T05:00:18.772833+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-09 05:00:22 +00:00
parent cc810638de
commit 9b789c109b
84 changed files with 5062 additions and 322 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-285xx/CVE-2023-28523.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-28523",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-09T03:15:06.920",
"lastModified": "2023-12-09T03:15:06.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7070188",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-285xx/CVE-2023-28526.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-28526",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-09T03:15:07.150",
"lastModified": "2023-12-09T03:15:07.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7070188",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-285xx/CVE-2023-28527.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-28527",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-09T03:15:07.357",
"lastModified": "2023-12-09T03:15:07.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7070188",
"source": "psirt@us.ibm.com"
}
]
}

12
CVE-2023/CVE-2023-429xx/CVE-2023-42916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42916",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.223",
"lastModified": "2023-12-06T16:28:18.557",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-09T04:15:06.827",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
"cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
@ -100,6 +100,14 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214031",
"source": "product-security@apple.com",

12
CVE-2023/CVE-2023-429xx/CVE-2023-42917.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42917",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.280",
"lastModified": "2023-12-06T16:27:43.533",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-09T04:15:06.993",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
"cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
@ -99,6 +99,14 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214031",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-458xx/CVE-2023-45866.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45866",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T06:15:45.690",
"lastModified": "2023-12-08T14:23:10.393",
"lastModified": "2023-12-09T04:15:07.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/",
"source": "cve@mitre.org"
}
]
}

65
CVE-2023/CVE-2023-463xx/CVE-2023-46353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T23:15:07.243",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:52:16.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "En el m\u00f3dulo \"Product Tag Icons Pro\" (ticones) anterior a 1.8.4 de MyPresta.eu para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El m\u00e9todo TiconProduct::getTiconByProductAndTicon() tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mypresta:product_tag_icons_pro:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.8.4",
"matchCriteriaId": "DEC69558-F5FD-4DB6-9476-93D45D92EE5D"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/28/ticons.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-463xx/CVE-2023-46354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T23:15:07.380",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:52:09.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "En el m\u00f3dulo \"Orders (CSV, Excel) Export PRO\" (ordersexport) < 5.2.0 de MyPrestaModules para PrestaShop, un invitado puede descargar informaci\u00f3n personal sin restricciones. Debido a la falta de control de permisos, un invitado puede acceder a las exportaciones desde el m\u00f3dulo, lo que puede provocar una filtraci\u00f3n de informaci\u00f3n personal de las tablas ps_customer/ps_address, como nombre/apellido/correo electr\u00f3nico/n\u00famero de tel\u00e9fono/direcci\u00f3n postal completa."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myprestamodules:orders_\\(csv\\,_excel\\)_export_pro:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "5.2.0",
"matchCriteriaId": "8478807B-B08C-4BEE-ADF0-72C7B6792D92"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-467xx/CVE-2023-46751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46751",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T20:15:07.163",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:52:20.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Se descubri\u00f3 un problema en la funci\u00f3n gdev_prn_open_printer_seekable() en Artifex Ghostscript hasta la versi\u00f3n 10.02.0 que permite a atacantes remotos bloquear la aplicaci\u00f3n mediante un puntero colgante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.02.0",
"matchCriteriaId": "52FADC1E-8BF0-4C3E-B231-E33965CE4469"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707264",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://ghostscript.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=dcdbc595c13c9d11d235702dff46bb74c80f7698",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

68
CVE-2023/CVE-2023-469xx/CVE-2023-46974.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-46974",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T14:15:08.093",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:51:31.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7967BFB-764B-49D3-839F-7FB2DE59A6EE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yte121/CVE-2023-46974/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/5oVfJHT_-Ys",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

47
CVE-2023/CVE-2023-477xx/CVE-2023-47722.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-47722",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-09T03:15:07.563",
"lastModified": "2023-12-09T03:15:07.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271912",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7087806",
"source": "psirt@us.ibm.com"
}
]
}

74
CVE-2023/CVE-2023-481xx/CVE-2023-48172.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48172",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.853",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:46:27.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a trav\u00e9s del nombre, descripci\u00f3n, t\u00edtulo o par\u00e1metro de direcci\u00f3n en index.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:shuttle_booking_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7955A800-9E90-47AD-8D2A-06CFEDD31369"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175800",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.phpjabbers.com/shuttle-booking-software/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

65
CVE-2023/CVE-2023-482xx/CVE-2023-48206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48206",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.557",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:46:38.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a trav\u00e9s del par\u00e1metro de p\u00e1gina en login.php o header.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7967BFB-764B-49D3-839F-7FB2DE59A6EE"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175803",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

64
CVE-2023/CVE-2023-482xx/CVE-2023-48208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48208",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.900",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:46:49.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a trav\u00e9s del par\u00e1metro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, t\u00edtulo o nombre de pa\u00eds en index.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "400C4218-066A-411F-8DCA-4088E461A203"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175805",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2023/CVE-2023-488xx/CVE-2023-48823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48823",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.090",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:47:04.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Un problema de inyecci\u00f3n de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a trav\u00e9s del par\u00e1metro de correo electr\u00f3nico durante el inicio de sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7967BFB-764B-49D3-839F-7FB2DE59A6EE"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176030",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2023/CVE-2023-488xx/CVE-2023-48824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48824",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.267",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:46:59.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "BoidCMS 2.0.1 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del par\u00e1metro t\u00edtulo, subt\u00edtulo, pie de p\u00e1gina o palabras clave en una acci\u00f3n p\u00e1gina=crear."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:boidcms:boidcms:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3B68B3-57CA-4CD8-9210-E8555FA71936"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176031",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2023/CVE-2023-488xx/CVE-2023-48825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48825",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.417",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:47:09.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Availability Booking Calendar 5.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de la clave API de SMS o el c\u00f3digo de pa\u00eds predeterminado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "400C4218-066A-411F-8DCA-4088E461A203"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176033",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48826.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48826",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.570",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:47:13.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Time Slots Booking Calendar 4.0 es vulnerable a la inyecci\u00f3n de CSV a trav\u00e9s del campo de ID \u00fanico de la Lista de reservas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176034",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/time-slots-booking-calendar/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48827.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48827",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.753",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:47:55.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Time Slots Booking Calendar 4.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176036",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/time-slots-booking-calendar/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48828.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.947",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:47:17.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Time Slots Booking Calendar 4.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176037",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/time-slots-booking-calendar/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48830.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48830",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.103",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:47:38.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Shuttle Booking Software 2.0 es vulnerable a la inyecci\u00f3n CSV en la secci\u00f3n Idiomas a trav\u00e9s de una exportaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:shuttle_booking_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7955A800-9E90-47AD-8D2A-06CFEDD31369"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176038",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/shuttle-booking-software/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.280",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:47:51.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAJaxSend en Availability Booking Calendar 5.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "400C4218-066A-411F-8DCA-4088E461A203"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176039",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48833",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.437",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:48:05.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAJaxSend en Time Slots Booking Calendar 4.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176042",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/time-slots-booking-calendar/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48834",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.580",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:48:01.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAjaxSend en Car Rental v3.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176043",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/car-rental-script/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48835",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.757",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:48:14.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Car Rental Script v3.0 es vulnerable a la inyecci\u00f3n CSV a trav\u00e9s de una acci\u00f3n Idioma > Etiquetas > Exportar."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176045",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/car-rental-script/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.910",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:46.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Car Rental Script 3.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) a trav\u00e9s del par\u00e1metro nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre del pa\u00eds o nombre del cliente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176046",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/car-rental-script/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48837.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.073",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:52.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Car Rental Script 3.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de una clave API de SMS o un c\u00f3digo de pa\u00eds predeterminado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176048",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/car-rental-script/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48838",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.240",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:46:20.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Appointment Scheduler 3.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de la clave API de SMS o el c\u00f3digo de pa\u00eds predeterminado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176054",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/appointment-scheduler/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

71
CVE-2023/CVE-2023-488xx/CVE-2023-48839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48839",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.397",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:56.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,18 +11,77 @@
},
{
"lang": "es",
"value": "Appointment Scheduler 3.0 es vulnerable a M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name."
"value": "Appointment Scheduler 3.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/176055",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/appointment-scheduler/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.547",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:46:03.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAjaxSend en Appointment Scheduler 3.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176056",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/appointment-scheduler/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-488xx/CVE-2023-48841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48841",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.717",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:46:16.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Appointment Scheduler 3.0 es vulnerable a la inyecci\u00f3n CSV a trav\u00e9s de una acci\u00f3n Idioma > Etiquetas > Exportar."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176058",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.phpjabbers.com/appointment-scheduler/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49372.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49372",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.773",
"lastModified": "2023-12-05T15:27:54.807",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:38.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/slide/save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AB1975-D9F1-4779-81CD-CF540D12B48D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20present%20at%20the%20new%20location%20of%20the%20rotation%20image.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49373.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49373",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.820",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:31.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/slide/delete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49374.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49374",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.867",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:28.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/slide/update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/li-yu320/cms/blob/main/There%20is%20CSRF%20in%20the%20rotation%20image%20editing%20section.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49375.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49375",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.913",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:18.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/friend_link/update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/There%20is%20CSRF%20in%20the%20modification%20of%20the%20friendship%20link.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49376.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49376",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.963",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:15.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/tag/delete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/Delete%20existing%20CSRF%20in%20label%20management.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49377.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.010",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:12.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/tag/update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/Modification%20of%20CSRF%20in%20Label%20Management.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49378.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.057",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:07.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/form/save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20creation%20location%20of%20the%20custom%20table.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49379.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49379",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.100",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:10.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/friend_link/save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20new%20location%20of%20the%20friendship%20link.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49380.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49380",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.150",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:49:44.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/friend_link/delete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20friendship%20link.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49381.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49381",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.207",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:49:48.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/div/update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20modification%20point%20of%20the%20custom%20table.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49382.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.253",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:49:53.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/div/delete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20the%20custom%20table.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49383.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49383",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.307",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:49:57.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/tag/save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/Added%20CSRF%20in%20Label%20Management.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49395.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49395",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.360",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:02.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20in%20the%20column%20management%20modification%20section.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49396.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49396",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.417",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:04.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20newly%20added%20section%20of%20column%20management.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49397.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49397",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.470",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:20.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/updateStatus."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20change%20of%20column%20management%20status.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-493xx/CVE-2023-49398.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49398",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.513",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:23.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/delete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20column%20management.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49402.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49402",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T17:15:07.227",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:00.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_localMsg/w30e_localMsg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49403.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49403",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T17:15:07.280",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:02.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setFixTools/w30e_setFixTools.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49404.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49404",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.173",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:49.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setAdvancedSetList/w30e_setAdvancedSetList.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49405.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49405",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.220",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:51.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_UploadCfg/w30e_UploadCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49406.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49406",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.267",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:58.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_telnet/w30e_telnet.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49408.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49408",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.310",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:07.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax3_firmware:16.03.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFD11D4-8E44-4156-9D8E-7094E36A2152"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01F4C4-FFFF-48DD-90DB-4DD29FE57479"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_setBlackRule/AX3-setBlackRule.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49409.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49409",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.353",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:43:48.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax3_firmware:16.03.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFD11D4-8E44-4156-9D8E-7094E36A2152"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01F4C4-FFFF-48DD-90DB-4DD29FE57479"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_telnet/AX3_telnet.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49410.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49410",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T17:15:07.323",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:05.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setIPv6Status/w30e_setIPv6Status.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49411.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49411",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.400",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:46.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_deleteMesh/w30e_deleteMesh.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49424.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49424",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T14:15:08.147",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:12.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetVirtualServerCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49425.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49425",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T15:15:10.237",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:17.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg ."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/setMacFilterCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49426.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49426",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T15:15:10.283",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:15.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetStaticRouteCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49428.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49428",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T15:15:10.330",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:21.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetOnlineDevName.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49429.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49429",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.203",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:26.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49430.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49430",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.260",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:28.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49431.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49431",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.303",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:30.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49432.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49432",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.353",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:32.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49433.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49433",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.400",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:35.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetVirtualServerCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49434.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49434",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.447",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:37.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49435.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49435",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.493",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:40.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 is vulnerable to command injection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49436.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49436",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.540",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:09.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-494xx/CVE-2023-49437.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49437",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T15:15:10.380",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:44:23.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetNetControlList-3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-494xx/CVE-2023-49446.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49446",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.560",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:26.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/nav/save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20newly%20added%20navigation%20management%20area.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-494xx/CVE-2023-49447.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49447",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.610",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:50:34.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/nav/update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20navigation%20management%20modification%20location.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-494xx/CVE-2023-49448.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49448",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.653",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:49:37.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de admin/nav/delete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20navigation%20management.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-499xx/CVE-2023-49967.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-49967",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T16:15:07.680",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:48:27.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-776"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typecho:typecho:1.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0BE056CC-41EF-4C70-9B90-6C654B543A40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typecho:typecho:1.2.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "8D8A792A-8F66-4086-A649-21091FB4FC39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typecho:typecho:1.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7EE225B6-637F-433B-9804-931B6928F405"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/typecho/typecho/issues/1648",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-499xx/CVE-2023-49999.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-49999",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T17:15:07.373",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:07.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setUmountUSBPartition/w30e_setUmountUSBPartition.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-500xx/CVE-2023-50000.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-50000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T17:15:07.420",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:09.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_resetMesh/w30e_resetMesh.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-500xx/CVE-2023-50001.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-50001",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T17:15:07.467",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:12.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_upgradeMeshOnline/w30e_upgradeMeshOnline.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-500xx/CVE-2023-50002.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-50002",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T17:15:07.510",
"lastModified": "2023-12-07T17:36:41.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:45:15.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_rebootMesh/w30e_rebootMesh.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-65xx/CVE-2023-6508.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6508",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-06T02:15:07.297",
"lastModified": "2023-12-08T03:15:07.427",
"lastModified": "2023-12-09T04:15:07.190",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/",
"source": "chrome-cve-admin@google.com"
}
]
}

6
CVE-2023/CVE-2023-65xx/CVE-2023-6509.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6509",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-06T02:15:07.343",
"lastModified": "2023-12-08T03:15:07.500",
"lastModified": "2023-12-09T04:15:07.283",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/",
"source": "chrome-cve-admin@google.com"
}
]
}

6
CVE-2023/CVE-2023-65xx/CVE-2023-6510.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6510",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-06T02:15:07.390",
"lastModified": "2023-12-08T03:15:07.573",
"lastModified": "2023-12-09T04:15:07.367",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/",
"source": "chrome-cve-admin@google.com"
}
]
}

6
CVE-2023/CVE-2023-65xx/CVE-2023-6511.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6511",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-06T02:15:07.480",
"lastModified": "2023-12-08T03:15:07.637",
"lastModified": "2023-12-09T04:15:07.423",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/",
"source": "chrome-cve-admin@google.com"
}
]
}

6
CVE-2023/CVE-2023-65xx/CVE-2023-6512.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6512",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-06T02:15:07.543",
"lastModified": "2023-12-08T03:15:07.697",
"lastModified": "2023-12-09T04:15:07.480",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/",
"source": "chrome-cve-admin@google.com"
}
]
}

65
CVE-2023/CVE-2023-65xx/CVE-2023-6568.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6568",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-07T05:15:09.347",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-09T04:51:50.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -39,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -50,14 +82,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.9.0",
"matchCriteriaId": "D7B09299-B859-4252-B907-2924010BD019"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-09T03:00:18.283535+00:00
2023-12-09T05:00:18.772833+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-09T02:15:06.747000+00:00
2023-12-09T04:52:20.627000+00:00
```
### Last Data Feed Release
@ -29,22 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232650
232654
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `4`
* [CVE-2020-25835](CVE-2020/CVE-2020-258xx/CVE-2020-25835.json) (`2023-12-09T02:15:06.260`)
* [CVE-2023-49797](CVE-2023/CVE-2023-497xx/CVE-2023-49797.json) (`2023-12-09T01:15:07.333`)
* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-09T02:15:06.747`)
* [CVE-2023-28523](CVE-2023/CVE-2023-285xx/CVE-2023-28523.json) (`2023-12-09T03:15:06.920`)
* [CVE-2023-28526](CVE-2023/CVE-2023-285xx/CVE-2023-28526.json) (`2023-12-09T03:15:07.150`)
* [CVE-2023-28527](CVE-2023/CVE-2023-285xx/CVE-2023-28527.json) (`2023-12-09T03:15:07.357`)
* [CVE-2023-47722](CVE-2023/CVE-2023-477xx/CVE-2023-47722.json) (`2023-12-09T03:15:07.563`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `79`
* [CVE-2023-49967](CVE-2023/CVE-2023-499xx/CVE-2023-49967.json) (`2023-12-09T04:48:27.967`)
* [CVE-2023-49448](CVE-2023/CVE-2023-494xx/CVE-2023-49448.json) (`2023-12-09T04:49:37.330`)
* [CVE-2023-49380](CVE-2023/CVE-2023-493xx/CVE-2023-49380.json) (`2023-12-09T04:49:44.210`)
* [CVE-2023-49381](CVE-2023/CVE-2023-493xx/CVE-2023-49381.json) (`2023-12-09T04:49:48.020`)
* [CVE-2023-49382](CVE-2023/CVE-2023-493xx/CVE-2023-49382.json) (`2023-12-09T04:49:53.207`)
* [CVE-2023-49383](CVE-2023/CVE-2023-493xx/CVE-2023-49383.json) (`2023-12-09T04:49:57.740`)
* [CVE-2023-49395](CVE-2023/CVE-2023-493xx/CVE-2023-49395.json) (`2023-12-09T04:50:02.103`)
* [CVE-2023-49396](CVE-2023/CVE-2023-493xx/CVE-2023-49396.json) (`2023-12-09T04:50:04.753`)
* [CVE-2023-49378](CVE-2023/CVE-2023-493xx/CVE-2023-49378.json) (`2023-12-09T04:50:07.423`)
* [CVE-2023-49379](CVE-2023/CVE-2023-493xx/CVE-2023-49379.json) (`2023-12-09T04:50:10.233`)
* [CVE-2023-49377](CVE-2023/CVE-2023-493xx/CVE-2023-49377.json) (`2023-12-09T04:50:12.687`)
* [CVE-2023-49376](CVE-2023/CVE-2023-493xx/CVE-2023-49376.json) (`2023-12-09T04:50:15.357`)
* [CVE-2023-49375](CVE-2023/CVE-2023-493xx/CVE-2023-49375.json) (`2023-12-09T04:50:18.220`)
* [CVE-2023-49397](CVE-2023/CVE-2023-493xx/CVE-2023-49397.json) (`2023-12-09T04:50:20.973`)
* [CVE-2023-49398](CVE-2023/CVE-2023-493xx/CVE-2023-49398.json) (`2023-12-09T04:50:23.617`)
* [CVE-2023-49446](CVE-2023/CVE-2023-494xx/CVE-2023-49446.json) (`2023-12-09T04:50:26.280`)
* [CVE-2023-49374](CVE-2023/CVE-2023-493xx/CVE-2023-49374.json) (`2023-12-09T04:50:28.640`)
* [CVE-2023-49373](CVE-2023/CVE-2023-493xx/CVE-2023-49373.json) (`2023-12-09T04:50:31.177`)
* [CVE-2023-49447](CVE-2023/CVE-2023-494xx/CVE-2023-49447.json) (`2023-12-09T04:50:34.917`)
* [CVE-2023-49372](CVE-2023/CVE-2023-493xx/CVE-2023-49372.json) (`2023-12-09T04:50:38.967`)
* [CVE-2023-46974](CVE-2023/CVE-2023-469xx/CVE-2023-46974.json) (`2023-12-09T04:51:31.277`)
* [CVE-2023-6568](CVE-2023/CVE-2023-65xx/CVE-2023-6568.json) (`2023-12-09T04:51:50.623`)
* [CVE-2023-46354](CVE-2023/CVE-2023-463xx/CVE-2023-46354.json) (`2023-12-09T04:52:09.277`)
* [CVE-2023-46353](CVE-2023/CVE-2023-463xx/CVE-2023-46353.json) (`2023-12-09T04:52:16.587`)
* [CVE-2023-46751](CVE-2023/CVE-2023-467xx/CVE-2023-46751.json) (`2023-12-09T04:52:20.627`)
## Download and Usage