From 9b789c109b38332bf01bdf33b6680d4886bf8518 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 9 Dec 2023 05:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-12-09T05:00:18.772833+00:00 --- CVE-2023/CVE-2023-285xx/CVE-2023-28523.json | 59 ++++++++++++++++ CVE-2023/CVE-2023-285xx/CVE-2023-28526.json | 59 ++++++++++++++++ CVE-2023/CVE-2023-285xx/CVE-2023-28527.json | 59 ++++++++++++++++ CVE-2023/CVE-2023-429xx/CVE-2023-42916.json | 12 +++- CVE-2023/CVE-2023-429xx/CVE-2023-42917.json | 12 +++- CVE-2023/CVE-2023-458xx/CVE-2023-45866.json | 6 +- CVE-2023/CVE-2023-463xx/CVE-2023-46353.json | 65 ++++++++++++++++-- CVE-2023/CVE-2023-463xx/CVE-2023-46354.json | 64 +++++++++++++++-- CVE-2023/CVE-2023-467xx/CVE-2023-46751.json | 74 ++++++++++++++++++-- CVE-2023/CVE-2023-469xx/CVE-2023-46974.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-477xx/CVE-2023-47722.json | 47 +++++++++++++ CVE-2023/CVE-2023-481xx/CVE-2023-48172.json | 74 ++++++++++++++++++-- CVE-2023/CVE-2023-482xx/CVE-2023-48206.json | 65 ++++++++++++++++-- CVE-2023/CVE-2023-482xx/CVE-2023-48208.json | 64 +++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48823.json | 65 ++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48824.json | 65 ++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48825.json | 65 ++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48826.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48827.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48828.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48830.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48831.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48833.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48834.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48835.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48836.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48837.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48838.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48839.json | 71 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48840.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-488xx/CVE-2023-48841.json | 70 +++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49372.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49373.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49374.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49375.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49376.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49377.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49378.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49379.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49380.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49381.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49382.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49383.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49395.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49396.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49397.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-493xx/CVE-2023-49398.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49402.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49403.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49404.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49405.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49406.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49408.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49409.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49410.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49411.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49424.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49425.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49426.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49428.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49429.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49430.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49431.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49432.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49433.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49434.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49435.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49436.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49437.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49446.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49447.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-494xx/CVE-2023-49448.json | 68 ++++++++++++++++-- CVE-2023/CVE-2023-499xx/CVE-2023-49967.json | 75 ++++++++++++++++++-- CVE-2023/CVE-2023-499xx/CVE-2023-49999.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-500xx/CVE-2023-50000.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-500xx/CVE-2023-50001.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-500xx/CVE-2023-50002.json | 76 +++++++++++++++++++-- CVE-2023/CVE-2023-65xx/CVE-2023-6508.json | 6 +- CVE-2023/CVE-2023-65xx/CVE-2023-6509.json | 6 +- CVE-2023/CVE-2023-65xx/CVE-2023-6510.json | 6 +- CVE-2023/CVE-2023-65xx/CVE-2023-6511.json | 6 +- CVE-2023/CVE-2023-65xx/CVE-2023-6512.json | 6 +- CVE-2023/CVE-2023-65xx/CVE-2023-6568.json | 65 ++++++++++++++++-- README.md | 42 +++++++++--- 84 files changed, 5062 insertions(+), 322 deletions(-) create mode 100644 CVE-2023/CVE-2023-285xx/CVE-2023-28523.json create mode 100644 CVE-2023/CVE-2023-285xx/CVE-2023-28526.json create mode 100644 CVE-2023/CVE-2023-285xx/CVE-2023-28527.json create mode 100644 CVE-2023/CVE-2023-477xx/CVE-2023-47722.json diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28523.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28523.json new file mode 100644 index 00000000000..5e7bad4feed --- /dev/null +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28523.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28523", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-09T03:15:06.920", + "lastModified": "2023-12-09T03:15:06.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7070188", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28526.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28526.json new file mode 100644 index 00000000000..4f924eb0846 --- /dev/null +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28526.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28526", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-09T03:15:07.150", + "lastModified": "2023-12-09T03:15:07.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7070188", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28527.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28527.json new file mode 100644 index 00000000000..0e9a4683c5b --- /dev/null +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28527.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28527", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-09T03:15:07.357", + "lastModified": "2023-12-09T03:15:07.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7070188", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json index aaba1c01771..950039e4d39 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42916", "sourceIdentifier": "product-security@apple.com", "published": "2023-11-30T23:15:07.223", - "lastModified": "2023-12-06T16:28:18.557", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-09T04:15:06.827", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-12-04", "cisaActionDue": "2023-12-25", "cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.", @@ -100,6 +100,14 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/", + "source": "product-security@apple.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214031", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json index b9a34207e54..18a5a91eb34 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42917", "sourceIdentifier": "product-security@apple.com", "published": "2023-11-30T23:15:07.280", - "lastModified": "2023-12-06T16:27:43.533", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-09T04:15:06.993", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-12-04", "cisaActionDue": "2023-12-25", "cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.", @@ -99,6 +99,14 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/", + "source": "product-security@apple.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214031", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json index 1d155e9c5ab..cd13c2a009c 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45866", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T06:15:45.690", - "lastModified": "2023-12-08T14:23:10.393", + "lastModified": "2023-12-09T04:15:07.103", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -27,6 +27,10 @@ { "url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866", "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46353.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46353.json index 21c176f23b7..528ea95de1b 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46353.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46353.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46353", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-06T23:15:07.243", - "lastModified": "2023-12-07T12:12:36.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:52:16.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "En el m\u00f3dulo \"Product Tag Icons Pro\" (ticones) anterior a 1.8.4 de MyPresta.eu para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El m\u00e9todo TiconProduct::getTiconByProductAndTicon() tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mypresta:product_tag_icons_pro:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "1.8.4", + "matchCriteriaId": "DEC69558-F5FD-4DB6-9476-93D45D92EE5D" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/11/28/ticons.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46354.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46354.json index fdd7819a880..b368b2e0f49 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46354.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46354.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46354", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-06T23:15:07.380", - "lastModified": "2023-12-07T12:12:36.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:52:09.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "En el m\u00f3dulo \"Orders (CSV, Excel) Export PRO\" (ordersexport) < 5.2.0 de MyPrestaModules para PrestaShop, un invitado puede descargar informaci\u00f3n personal sin restricciones. Debido a la falta de control de permisos, un invitado puede acceder a las exportaciones desde el m\u00f3dulo, lo que puede provocar una filtraci\u00f3n de informaci\u00f3n personal de las tablas ps_customer/ps_address, como nombre/apellido/correo electr\u00f3nico/n\u00famero de tel\u00e9fono/direcci\u00f3n postal completa." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myprestamodules:orders_\\(csv\\,_excel\\)_export_pro:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "5.2.0", + "matchCriteriaId": "8478807B-B08C-4BEE-ADF0-72C7B6792D92" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46751.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46751.json index 6c2ce0cf78b..fcb81c12741 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46751.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46751.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46751", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-06T20:15:07.163", - "lastModified": "2023-12-07T12:12:36.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:52:20.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Se descubri\u00f3 un problema en la funci\u00f3n gdev_prn_open_printer_seekable() en Artifex Ghostscript hasta la versi\u00f3n 10.02.0 que permite a atacantes remotos bloquear la aplicaci\u00f3n mediante un puntero colgante." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", + "versionEndIncluding": "10.02.0", + "matchCriteriaId": "52FADC1E-8BF0-4C3E-B231-E33965CE4469" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=707264", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://ghostscript.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=dcdbc595c13c9d11d235702dff46bb74c80f7698", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46974.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46974.json index 22e9b5c9772..606c4fa8665 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46974.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46974.json @@ -2,23 +2,81 @@ "id": "CVE-2023-46974", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T14:15:08.093", - "lastModified": "2023-12-07T16:09:27.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:51:31.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:courier_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A7967BFB-764B-49D3-839F-7FB2DE59A6EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/yte121/CVE-2023-46974/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://youtu.be/5oVfJHT_-Ys", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47722.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47722.json new file mode 100644 index 00000000000..86817022e3f --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47722.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-47722", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-09T03:15:07.563", + "lastModified": "2023-12-09T03:15:07.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271912", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7087806", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48172.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48172.json index 7920fb57f60..70f54218f61 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48172.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48172.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48172", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T06:15:54.853", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:46:27.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a trav\u00e9s del nombre, descripci\u00f3n, t\u00edtulo o par\u00e1metro de direcci\u00f3n en index.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:shuttle_booking_software:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7955A800-9E90-47AD-8D2A-06CFEDD31369" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/175800", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.phpjabbers.com/shuttle-booking-software/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48206.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48206.json index c61694a147e..496622b4605 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48206.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48206.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48206", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:09.557", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:46:38.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a trav\u00e9s del par\u00e1metro de p\u00e1gina en login.php o header.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:courier_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A7967BFB-764B-49D3-839F-7FB2DE59A6EE" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/175803", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48208.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48208.json index b9a2b2ef71e..9e37fb457be 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48208.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48208", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:09.900", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:46:49.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a trav\u00e9s del par\u00e1metro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, t\u00edtulo o nombre de pa\u00eds en index.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "400C4218-066A-411F-8DCA-4088E461A203" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/175805", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48823.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48823.json index 1d512fa5eef..9f63c3d4e3d 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48823.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48823.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48823", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:10.090", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:47:04.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Un problema de inyecci\u00f3n de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a trav\u00e9s del par\u00e1metro de correo electr\u00f3nico durante el inicio de sesi\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:courier_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A7967BFB-764B-49D3-839F-7FB2DE59A6EE" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176030", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48824.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48824.json index 1cd6edcdcb5..c263c743e1f 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48824.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48824.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48824", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:10.267", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:46:59.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "BoidCMS 2.0.1 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del par\u00e1metro t\u00edtulo, subt\u00edtulo, pie de p\u00e1gina o palabras clave en una acci\u00f3n p\u00e1gina=crear." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:boidcms:boidcms:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3B68B3-57CA-4CD8-9210-E8555FA71936" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176031", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48825.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48825.json index e3f87747127..7ea3485a827 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48825.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48825.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48825", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:10.417", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:47:09.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Availability Booking Calendar 5.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de la clave API de SMS o el c\u00f3digo de pa\u00eds predeterminado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "400C4218-066A-411F-8DCA-4088E461A203" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176033", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48826.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48826.json index ac60a0978eb..680cf775e39 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48826.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48826.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48826", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:10.570", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:47:13.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Time Slots Booking Calendar 4.0 es vulnerable a la inyecci\u00f3n de CSV a trav\u00e9s del campo de ID \u00fanico de la Lista de reservas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176034", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/time-slots-booking-calendar/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48827.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48827.json index f5e9462cfae..5b3c80ca80a 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48827.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48827.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48827", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:10.753", - "lastModified": "2023-12-07T12:12:27.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:47:55.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Time Slots Booking Calendar 4.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176036", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/time-slots-booking-calendar/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48828.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48828.json index ec9f1e3f5cd..7ee827a2d18 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48828.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48828.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48828", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:10.947", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:47:17.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Time Slots Booking Calendar 4.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176037", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/time-slots-booking-calendar/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48830.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48830.json index 47a6ada79ec..b9e2a5e8e6e 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48830.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48830.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48830", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:11.103", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:47:38.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Shuttle Booking Software 2.0 es vulnerable a la inyecci\u00f3n CSV en la secci\u00f3n Idiomas a trav\u00e9s de una exportaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:shuttle_booking_software:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7955A800-9E90-47AD-8D2A-06CFEDD31369" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176038", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/shuttle-booking-software/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48831.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48831.json index 38b5de6ae74..8fc9e55fa53 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48831.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48831.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48831", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:11.280", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:47:51.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "La falta de limitaci\u00f3n de velocidad en pjActionAJaxSend en Availability Booking Calendar 5.0 permite a los atacantes provocar el agotamiento de los recursos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "400C4218-066A-411F-8DCA-4088E461A203" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176039", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48833.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48833.json index d9dfb7d1a18..ada3ffe6c89 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48833.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48833.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48833", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:11.437", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:48:05.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "La falta de limitaci\u00f3n de velocidad en pjActionAJaxSend en Time Slots Booking Calendar 4.0 permite a los atacantes provocar el agotamiento de los recursos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "382B8139-1C90-4610-913B-42306C214671" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176042", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/time-slots-booking-calendar/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48834.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48834.json index 70f718a4631..df1a7b49c7d 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48834.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48834.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48834", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:11.580", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:48:01.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "La falta de limitaci\u00f3n de velocidad en pjActionAjaxSend en Car Rental v3.0 permite a los atacantes provocar el agotamiento de los recursos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176043", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/car-rental-script/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48835.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48835.json index 66bb61b9d41..9815cb4ea01 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48835.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48835.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48835", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:11.757", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:48:14.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Car Rental Script v3.0 es vulnerable a la inyecci\u00f3n CSV a trav\u00e9s de una acci\u00f3n Idioma > Etiquetas > Exportar." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176045", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/car-rental-script/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48836.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48836.json index dc453d51dbe..ee1dc8aa9e6 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48836.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48836.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48836", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:11.910", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:46.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Car Rental Script 3.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) a trav\u00e9s del par\u00e1metro nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre del pa\u00eds o nombre del cliente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176046", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/car-rental-script/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48837.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48837.json index 8ee05c02a1a..37af365613f 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48837.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48837.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48837", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:12.073", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:52.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Car Rental Script 3.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de una clave API de SMS o un c\u00f3digo de pa\u00eds predeterminado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "173FFBD2-F697-413E-9BE5-074942EDA70B" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176048", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/car-rental-script/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48838.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48838.json index 1c874ebbce8..d136ad4e91f 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48838.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48838.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48838", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:12.240", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:46:20.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Appointment Scheduler 3.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de la clave API de SMS o el c\u00f3digo de pa\u00eds predeterminado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176054", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/appointment-scheduler/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48839.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48839.json index 56a0d6993dc..49e33eb6a28 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48839.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48839.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48839", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:12.397", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:56.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,18 +11,77 @@ }, { "lang": "es", - "value": "Appointment Scheduler 3.0 es vulnerable a M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name." + "value": "Appointment Scheduler 3.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://packetstormsecurity.com/files/176055", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/appointment-scheduler/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48840.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48840.json index 788d9a26c16..9ad161ab7e5 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48840.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48840.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48840", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:12.547", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:46:03.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "La falta de limitaci\u00f3n de velocidad en pjActionAjaxSend en Appointment Scheduler 3.0 permite a los atacantes provocar el agotamiento de los recursos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176056", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/appointment-scheduler/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48841.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48841.json index 74bb3c08c7a..e00ac6524ec 100644 --- a/CVE-2023/CVE-2023-488xx/CVE-2023-48841.json +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48841.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48841", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T07:15:12.717", - "lastModified": "2023-12-07T12:12:22.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:46:16.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Appointment Scheduler 3.0 es vulnerable a la inyecci\u00f3n CSV a trav\u00e9s de una acci\u00f3n Idioma > Etiquetas > Exportar." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176058", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.phpjabbers.com/appointment-scheduler/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49372.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49372.json index fc5901bdb91..15c3b174ca1 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49372.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49372.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49372", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:07.773", - "lastModified": "2023-12-05T15:27:54.807", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:38.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/slide/save." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F6AB1975-D9F1-4779-81CD-CF540D12B48D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20present%20at%20the%20new%20location%20of%20the%20rotation%20image.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49373.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49373.json index 593a6d933d0..1b45e0a3c2c 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49373.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49373.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49373", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:07.820", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:31.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/slide/delete." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49374.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49374.json index 3fa9404d9a7..15f6e66ce6e 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49374.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49374.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49374", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:07.867", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:28.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/slide/update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/li-yu320/cms/blob/main/There%20is%20CSRF%20in%20the%20rotation%20image%20editing%20section.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49375.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49375.json index 2af78ec60e2..957eecdb1b6 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49375.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49375.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49375", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:07.913", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:18.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/friend_link/update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/There%20is%20CSRF%20in%20the%20modification%20of%20the%20friendship%20link.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49376.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49376.json index a114c502964..a0d39ec51d7 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49376.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49376.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49376", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:07.963", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:15.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/tag/delete." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/Delete%20existing%20CSRF%20in%20label%20management.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49377.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49377.json index 0b0cb63f3eb..34a6689e25f 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49377.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49377.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49377", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.010", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:12.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/tag/update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/Modification%20of%20CSRF%20in%20Label%20Management.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49378.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49378.json index 17ebbf0c3c1..b04710ea32e 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49378.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49378.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49378", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.057", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:07.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/form/save." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20creation%20location%20of%20the%20custom%20table.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49379.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49379.json index feb2bed0591..d8d745541d1 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49379.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49379.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49379", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.100", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:10.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/friend_link/save." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20new%20location%20of%20the%20friendship%20link.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49380.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49380.json index 9e9d7a405e9..eabe1338cc3 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49380.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49380.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49380", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.150", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:49:44.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/friend_link/delete." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20friendship%20link.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49381.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49381.json index f0f14cbc32e..b5def5f2bc4 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49381.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49381.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49381", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.207", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:49:48.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/div/update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20modification%20point%20of%20the%20custom%20table.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49382.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49382.json index 76e4886f0df..ec563c22f42 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49382.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49382.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49382", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.253", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:49:53.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/div/delete." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20the%20custom%20table.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49383.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49383.json index 63bd2ebba69..220d0af450b 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49383.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49383.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49383", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.307", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:49:57.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/tag/save." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/cms/blob/main/Added%20CSRF%20in%20Label%20Management.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49395.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49395.json index 3b04788d784..5e60b4fa4ef 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49395.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49395.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49395", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.360", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:02.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20in%20the%20column%20management%20modification%20section.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49396.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49396.json index 12d273c2bd7..6db89b01c33 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49396.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49396.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49396", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.417", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:04.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/save." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20newly%20added%20section%20of%20column%20management.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49397.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49397.json index a0624dc956f..5935f193899 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49397.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49397.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49397", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.470", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:20.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/updateStatus." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20change%20of%20column%20management%20status.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49398.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49398.json index 157de756f9f..ffbf99a9a37 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49398.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49398.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49398", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.513", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:23.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/category/delete." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20column%20management.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49402.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49402.json index eaedd01293b..cd92946c8e1 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49402.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49402.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49402", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T17:15:07.227", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:00.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_localMsg/w30e_localMsg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49403.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49403.json index 442f655d462..2a37d9264c2 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49403.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49403.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49403", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T17:15:07.280", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:02.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setFixTools/w30e_setFixTools.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49404.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49404.json index d1e154dfd2a..4bb5c242927 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49404.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49404.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49404", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T18:15:08.173", - "lastModified": "2023-12-07T18:30:52.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:49.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setAdvancedSetList/w30e_setAdvancedSetList.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49405.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49405.json index c3b05fb60ae..123a0a5d81f 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49405.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49405.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49405", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T18:15:08.220", - "lastModified": "2023-12-07T18:30:52.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:51.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_UploadCfg/w30e_UploadCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49406.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49406.json index cabf27b00dd..c00e56f1f05 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49406.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49406.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49406", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T18:15:08.267", - "lastModified": "2023-12-07T18:30:52.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:58.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_telnet/w30e_telnet.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49408.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49408.json index e111450e52e..249418a9410 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49408.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49408.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49408", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T18:15:08.310", - "lastModified": "2023-12-07T18:30:52.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:07.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax3_firmware:16.03.12.11:*:*:*:*:*:*:*", + "matchCriteriaId": "9FFD11D4-8E44-4156-9D8E-7094E36A2152" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A01F4C4-FFFF-48DD-90DB-4DD29FE57479" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_setBlackRule/AX3-setBlackRule.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49409.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49409.json index 744f1e022ec..c466e7a6b24 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49409.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49409.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49409", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T18:15:08.353", - "lastModified": "2023-12-07T18:30:52.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:43:48.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax3_firmware:16.03.12.11:*:*:*:*:*:*:*", + "matchCriteriaId": "9FFD11D4-8E44-4156-9D8E-7094E36A2152" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A01F4C4-FFFF-48DD-90DB-4DD29FE57479" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_telnet/AX3_telnet.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49410.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49410.json index 7055aabfeb9..724831eecef 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49410.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49410.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49410", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T17:15:07.323", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:05.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setIPv6Status/w30e_setIPv6Status.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49411.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49411.json index c8e1ca2f0c6..98aa43e7cd6 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49411.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49411.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49411", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T18:15:08.400", - "lastModified": "2023-12-07T18:30:52.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:46.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_deleteMesh/w30e_deleteMesh.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49424.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49424.json index c89702814ff..f7e7cd8670a 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49424.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49424.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49424", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T14:15:08.147", - "lastModified": "2023-12-07T16:09:27.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:12.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetVirtualServerCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49425.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49425.json index f4155dd4a29..a55a0ba2521 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49425.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49425.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49425", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T15:15:10.237", - "lastModified": "2023-12-07T16:09:27.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:17.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg ." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/setMacFilterCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49426.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49426.json index be852618c9a..c0152751ebe 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49426.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49426.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49426", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T15:15:10.283", - "lastModified": "2023-12-07T16:09:27.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:15.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetStaticRouteCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49428.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49428.json index f8cba17a678..df0ee147d65 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49428.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49428.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49428", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T15:15:10.330", - "lastModified": "2023-12-07T16:09:27.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:21.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetOnlineDevName.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49429.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49429.json index 4e13bffca6c..e0393f8e0fb 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49429.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49429.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49429", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.203", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:26.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49430.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49430.json index aa4885b6676..464cae61084 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49430.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49430.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49430", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.260", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:28.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49431.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49431.json index d82baadeac4..ca9378dc62d 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49431.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49431.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49431", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.303", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:30.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49432.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49432.json index 527774859e7..ddb619b2118 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49432.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49432.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49432", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.353", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:32.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49433.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49433.json index 8d2253b9a8b..41747715bc3 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49433.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49433.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49433", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.400", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:35.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetVirtualServerCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49434.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49434.json index a1380be1ef7..acaf830073b 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49434.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49434.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49434", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.447", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:37.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49435.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49435.json index 67253073520..bfaa55c5851 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49435.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49435.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49435", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.493", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:40.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 is vulnerable to command injection." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49436.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49436.json index 5c61802b9e7..d9acf490df0 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49436.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49436.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49436", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.540", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:09.720", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49437.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49437.json index 4904e6f50e3..6f50f059a54 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49437.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49437.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49437", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T15:15:10.380", - "lastModified": "2023-12-07T16:09:27.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:44:23.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*", + "matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetNetControlList-3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49446.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49446.json index e030e979637..d847874ee1c 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49446.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49446.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49446", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.560", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:26.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/nav/save." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ysuzhangbin/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20newly%20added%20navigation%20management%20area.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49447.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49447.json index 8134d41c0b5..155ef6b54b7 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49447.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49447.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49447", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.610", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:50:34.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/nav/update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20navigation%20management%20modification%20location.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49448.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49448.json index a5339f5b659..5a2a4ec9a2c 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49448.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49448.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49448", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T15:15:08.653", - "lastModified": "2023-12-05T15:27:51.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:49:37.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que JFinalCMS v5.0.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de admin/nav/delete." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20navigation%20management.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49967.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49967.json index 07d26ee1b22..5bad2998544 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49967.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49967.json @@ -2,19 +2,86 @@ "id": "CVE-2023-49967", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T16:15:07.680", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:48:27.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-776" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typecho:typecho:1.2.1:-:*:*:*:*:*:*", + "matchCriteriaId": "0BE056CC-41EF-4C70-9B90-6C654B543A40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typecho:typecho:1.2.1:rc:*:*:*:*:*:*", + "matchCriteriaId": "8D8A792A-8F66-4086-A649-21091FB4FC39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typecho:typecho:1.2.1:rc2:*:*:*:*:*:*", + "matchCriteriaId": "7EE225B6-637F-433B-9804-931B6928F405" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/typecho/typecho/issues/1648", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49999.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49999.json index 7e5bee949c2..9d5b2222ee7 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49999.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49999.json @@ -2,19 +2,87 @@ "id": "CVE-2023-49999", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T17:15:07.373", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:07.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_setUmountUSBPartition/w30e_setUmountUSBPartition.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50000.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50000.json index 5f7e333cedc..22bad1e1e13 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50000.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50000.json @@ -2,19 +2,87 @@ "id": "CVE-2023-50000", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T17:15:07.420", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:09.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_resetMesh/w30e_resetMesh.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50001.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50001.json index c85ed16a5d2..304a8d6b031 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50001.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50001.json @@ -2,19 +2,87 @@ "id": "CVE-2023-50001", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T17:15:07.467", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:12.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_upgradeMeshOnline/w30e_upgradeMeshOnline.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50002.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50002.json index b903f43f90a..04b4f2fec6e 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50002.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50002.json @@ -2,19 +2,87 @@ "id": "CVE-2023-50002", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T17:15:07.510", - "lastModified": "2023-12-07T17:36:41.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:45:15.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:w30e_firmware:16.01.0.12\\(4843\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6B656886-847F-4F68-8DD3-B91B19FCFC28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:w30e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02FBE634-0D3F-4439-B4A6-F427C82967C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_rebootMesh/w30e_rebootMesh.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json index 6340de11f65..b6c40a96cda 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6508", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.297", - "lastModified": "2023-12-08T03:15:07.427", + "lastModified": "2023-12-09T04:15:07.190", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -27,6 +27,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json index 97ab859784f..39c01500195 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6509", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.343", - "lastModified": "2023-12-08T03:15:07.500", + "lastModified": "2023-12-09T04:15:07.283", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -27,6 +27,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json index 3a8610ccb52..b764898b97c 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6510", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.390", - "lastModified": "2023-12-08T03:15:07.573", + "lastModified": "2023-12-09T04:15:07.367", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -27,6 +27,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json index 4af8b003b24..5fa4cd66883 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6511", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.480", - "lastModified": "2023-12-08T03:15:07.637", + "lastModified": "2023-12-09T04:15:07.423", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -27,6 +27,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json index 6fdc37d9a5c..5de1b98b243 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6512", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.543", - "lastModified": "2023-12-08T03:15:07.697", + "lastModified": "2023-12-09T04:15:07.480", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -27,6 +27,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json index c6c3f63fd5b..1425e1dc15b 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6568", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-07T05:15:09.347", - "lastModified": "2023-12-07T12:12:36.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-09T04:51:50.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -39,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@huntr.dev", "type": "Secondary", @@ -50,14 +82,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.9.0", + "matchCriteriaId": "D7B09299-B859-4252-B907-2924010BD019" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 45969100996..c37df0a2aaf 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-09T03:00:18.283535+00:00 +2023-12-09T05:00:18.772833+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-09T02:15:06.747000+00:00 +2023-12-09T04:52:20.627000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232650 +232654 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `4` -* [CVE-2020-25835](CVE-2020/CVE-2020-258xx/CVE-2020-25835.json) (`2023-12-09T02:15:06.260`) -* [CVE-2023-49797](CVE-2023/CVE-2023-497xx/CVE-2023-49797.json) (`2023-12-09T01:15:07.333`) -* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-09T02:15:06.747`) +* [CVE-2023-28523](CVE-2023/CVE-2023-285xx/CVE-2023-28523.json) (`2023-12-09T03:15:06.920`) +* [CVE-2023-28526](CVE-2023/CVE-2023-285xx/CVE-2023-28526.json) (`2023-12-09T03:15:07.150`) +* [CVE-2023-28527](CVE-2023/CVE-2023-285xx/CVE-2023-28527.json) (`2023-12-09T03:15:07.357`) +* [CVE-2023-47722](CVE-2023/CVE-2023-477xx/CVE-2023-47722.json) (`2023-12-09T03:15:07.563`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `79` +* [CVE-2023-49967](CVE-2023/CVE-2023-499xx/CVE-2023-49967.json) (`2023-12-09T04:48:27.967`) +* [CVE-2023-49448](CVE-2023/CVE-2023-494xx/CVE-2023-49448.json) (`2023-12-09T04:49:37.330`) +* [CVE-2023-49380](CVE-2023/CVE-2023-493xx/CVE-2023-49380.json) (`2023-12-09T04:49:44.210`) +* [CVE-2023-49381](CVE-2023/CVE-2023-493xx/CVE-2023-49381.json) (`2023-12-09T04:49:48.020`) +* [CVE-2023-49382](CVE-2023/CVE-2023-493xx/CVE-2023-49382.json) (`2023-12-09T04:49:53.207`) +* [CVE-2023-49383](CVE-2023/CVE-2023-493xx/CVE-2023-49383.json) (`2023-12-09T04:49:57.740`) +* [CVE-2023-49395](CVE-2023/CVE-2023-493xx/CVE-2023-49395.json) (`2023-12-09T04:50:02.103`) +* [CVE-2023-49396](CVE-2023/CVE-2023-493xx/CVE-2023-49396.json) (`2023-12-09T04:50:04.753`) +* [CVE-2023-49378](CVE-2023/CVE-2023-493xx/CVE-2023-49378.json) (`2023-12-09T04:50:07.423`) +* [CVE-2023-49379](CVE-2023/CVE-2023-493xx/CVE-2023-49379.json) (`2023-12-09T04:50:10.233`) +* [CVE-2023-49377](CVE-2023/CVE-2023-493xx/CVE-2023-49377.json) (`2023-12-09T04:50:12.687`) +* [CVE-2023-49376](CVE-2023/CVE-2023-493xx/CVE-2023-49376.json) (`2023-12-09T04:50:15.357`) +* [CVE-2023-49375](CVE-2023/CVE-2023-493xx/CVE-2023-49375.json) (`2023-12-09T04:50:18.220`) +* [CVE-2023-49397](CVE-2023/CVE-2023-493xx/CVE-2023-49397.json) (`2023-12-09T04:50:20.973`) +* [CVE-2023-49398](CVE-2023/CVE-2023-493xx/CVE-2023-49398.json) (`2023-12-09T04:50:23.617`) +* [CVE-2023-49446](CVE-2023/CVE-2023-494xx/CVE-2023-49446.json) (`2023-12-09T04:50:26.280`) +* [CVE-2023-49374](CVE-2023/CVE-2023-493xx/CVE-2023-49374.json) (`2023-12-09T04:50:28.640`) +* [CVE-2023-49373](CVE-2023/CVE-2023-493xx/CVE-2023-49373.json) (`2023-12-09T04:50:31.177`) +* [CVE-2023-49447](CVE-2023/CVE-2023-494xx/CVE-2023-49447.json) (`2023-12-09T04:50:34.917`) +* [CVE-2023-49372](CVE-2023/CVE-2023-493xx/CVE-2023-49372.json) (`2023-12-09T04:50:38.967`) +* [CVE-2023-46974](CVE-2023/CVE-2023-469xx/CVE-2023-46974.json) (`2023-12-09T04:51:31.277`) +* [CVE-2023-6568](CVE-2023/CVE-2023-65xx/CVE-2023-6568.json) (`2023-12-09T04:51:50.623`) +* [CVE-2023-46354](CVE-2023/CVE-2023-463xx/CVE-2023-46354.json) (`2023-12-09T04:52:09.277`) +* [CVE-2023-46353](CVE-2023/CVE-2023-463xx/CVE-2023-46353.json) (`2023-12-09T04:52:16.587`) +* [CVE-2023-46751](CVE-2023/CVE-2023-467xx/CVE-2023-46751.json) (`2023-12-09T04:52:20.627`) ## Download and Usage