admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-04T23:00:25.044682+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-04 23:00:28 +00:00
parent 4ce4757445
commit 9b83f54b95
33 changed files with 1659 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-229xx/CVE-2022-22995.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-22995",
"sourceIdentifier": "psirt@wdc.com",
"published": "2022-03-25T23:15:08.410",
"lastModified": "2023-12-28T15:19:51.203",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-04T22:15:07.200",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -447,6 +447,10 @@
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html",
"source": "psirt@wdc.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/",
"source": "psirt@wdc.com",

63
CVE-2022/CVE-2022-363xx/CVE-2022-36399.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-36399",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T22:15:45.150",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:44:57.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en BoxyStudio Booked - Appointment Booking for WordPress | Calendars. Este problema afecta a Booked - Appointment Booking for WordPress | Calendars: desde n/a antes de 2.4.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:boxystudio:booked:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.4",
"matchCriteriaId": "4B929AE1-861D-4E7F-8A99-C2A8560FCD93"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/booked/wordpress-booked-plugin-2-4-unauth-appointment-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-226xx/CVE-2023-22677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22677",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.300",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:25:11.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:binarystash:wp_booklet:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.8",
"matchCriteriaId": "0CDEEDE3-DAA8-479F-BDC5-9E73EFAFEB6C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-booklet/wordpress-wp-booklet-plugin-2-1-8-remote-code-execution-rce?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-250xx/CVE-2023-25054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25054",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.523",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:22:47.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "10.6.6",
"matchCriteriaId": "7C749EEE-C929-40DF-80DB-7B345A6B023F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-312xx/CVE-2023-31292.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-31292",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T02:15:44.983",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:55:24.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via \"Back Button Refresh\" attack."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), que permite a atacantes locales obtener informaci\u00f3n confidencial y omitir la autenticaci\u00f3n mediante el ataque \"Back Button Refresh\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0051/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-312xx/CVE-2023-31298.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-31298",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T02:15:45.037",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:54:55.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del campo User ID al crear un nuevo usuario del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0060/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-313xx/CVE-2023-31301.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-31301",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T02:15:45.080",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:53:26.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting (XSS) almacenado en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del campo Username del formulario de inicio de sesi\u00f3n y el registro de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0059/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-320xx/CVE-2023-32095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32095",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.750",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:22:08.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:milandinic:rename_media_files:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.1",
"matchCriteriaId": "D5040876-886D-4EC3-8A02-E6114AC0146A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-406xx/CVE-2023-40606.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40606",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.977",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:21:52.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kanbanwp:kanban_boards_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.21",
"matchCriteriaId": "F4AD583D-6289-4960-B7B7-7F81542ABF16"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-457xx/CVE-2023-45751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45751",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.197",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:28:18.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:posimyth:nexter_extension:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "017C65B3-1231-470C-8290-75D6F9EC5324"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-466xx/CVE-2023-46623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46623",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.410",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:28:03.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvnteam:wp_extra:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.2",
"matchCriteriaId": "AB9484E2-1743-407C-B64A-0DE91E25681B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-478xx/CVE-2023-47840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47840",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.637",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:27:45.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qodeinteractive:qode_essential_addons:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.2",
"matchCriteriaId": "723DA2C2-A673-435A-A89B-AA9246D8B755"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-492xx/CVE-2023-49229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49229",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.100",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:44:26.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. Una verificaci\u00f3n de autorizaci\u00f3n faltante en el servicio web de administraci\u00f3n permite a los usuarios sin privilegios y de solo lectura obtener informaci\u00f3n confidencial sobre la configuraci\u00f3n del dispositivo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.4.0",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50838.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50838",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T20:16:07.193",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:45:27.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more.This issue affects NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more: from n/a through 8.5.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Basix NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more. Este problema afecta a NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more: desde n/a hasta 8.5.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.5.5",
"matchCriteriaId": "20A4F39E-FB99-4E1A-821C-FFE8A932093A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-ultimate-form-builder-8-5-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50839.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50839",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T20:16:07.407",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:45:13.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.8.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin. Este problema afecta a JS Help Desk \u2013 Best Help Desk & Support Plugin: de n/a hasta 2.8.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wiselyhub:js_help_desk:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.1",
"matchCriteriaId": "F13FAD95-B334-459D-BA6C-4B536B7E48DE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-8-1-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50840.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50840",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:14.383",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:50:46.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en wpdevelop, oplugins Booking Manager. Este problema afecta a Booking Manager: desde n/a hasta 2.1.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oplugins:booking_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.5",
"matchCriteriaId": "D7D737A3-1F68-461B-BD28-38843FF69678"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/booking-manager/wordpress-booking-manager-plugin-2-1-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50841.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50841",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:14.587",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:50:31.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Repute Infosystems BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin. Este problema afecta a BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin: desde n/a hasta 1.0.72."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.72",
"matchCriteriaId": "D6A2FCC9-4D89-40A3-9EE3-462E42DC4B0A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-72-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50842.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50842",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:14.833",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:50:12.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Matthew Fries MF Gig Calendar. Este problema afecta a MF Gig Calendar: desde n/a hasta 1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.1",
"matchCriteriaId": "9A95FA02-9E77-43CF-8A55-E9C907928ED7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50843.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50843",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:15.050",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:49:28.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a through 3.0.4.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") en Clockwork Clockwork SMS Notfications. Este problema afecta a Clockwork SMS Notfications: desde n/a hasta 3.0.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediaburst:clockwork_sms_notfications:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.4",
"matchCriteriaId": "85A3C4DA-F9C9-4C51-89A9-EEF52B936587"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mediaburst-email-to-sms/wordpress-clockwork-sms-notfications-plugin-3-0-4-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50844.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50844",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:15.263",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:49:15.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging \u2013 WP Mail Catcher.This issue affects Mail logging \u2013 WP Mail Catcher: from n/a through 2.1.3.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en James Ward Mail logging \u2013 WP Mail Catcher. Este problema afecta a Mail logging \u2013 WP Mail Catcher: desde n/a hasta 2.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jamesward:wp_mail_catcher:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.3",
"matchCriteriaId": "C9FA7F09-03FE-43C0-8012-2B69A042ACBC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-mail-catcher/wordpress-wp-mail-catcher-plugin-2-1-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50845.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50845",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:15.460",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:47:12.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en AyeCode - WordPress Business Directory Plugins GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory. Este problema afecta a GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory: de n/a hasta el 2.3.28."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ayecode:geodirectory:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.28",
"matchCriteriaId": "BBB33C5C-5562-4555-8A05-537666E5BCAD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/geodirectory/wordpress-geodirectory-plugin-2-3-28-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-508xx/CVE-2023-50846.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50846",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:15.657",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:46:56.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en RegistrationMagic RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login. Este problema afecta a RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login: desde n/a hasta 5.2.4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.2.4.5",
"matchCriteriaId": "12FEC4E9-AA63-4472-B97E-F9E49B8E6CE1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-4-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50847.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50847",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T19:15:15.843",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:46:42.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Collne Inc. Welcart e-Commerce. Este problema afecta a Welcart e-Commerce: desde n/a hasta 2.9.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.3",
"matchCriteriaId": "7433D50F-C909-48E9-BEF2-601387A1FE8F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-71xx/CVE-2023-7133.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7133",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T18:15:45.853",
"lastModified": "2023-12-28T19:05:29.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:51:36.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0m<script>alert(1)</script>p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en y_project RuoYi 4.7.8. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /login del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento rememberMe con la entrada falsen3f0mp86o0 conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249136."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ruoyi:ruoyi:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5136AA-E92F-4309-A67C-D159C7BD2186"
}
]
}
]
}
],
"references": [
{
"url": "https://1drv.ms/w/s!AgMfVZkPO1NWgSPnwk90DMQIUN_D?e=2Bauy4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249136",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249136",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

64
CVE-2023/CVE-2023-71xx/CVE-2023-7145.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7145",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T02:15:45.180",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:53:07.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en gopeak MasterLab hasta 3.3.10 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n sqlInject del archivo app/ctrl/Framework.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento pwd conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249148."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:masterlab:masterlab:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.3.10",
"matchCriteriaId": "650AE4B5-39D2-4607-8455-957955DF48AB"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/LEbo1ypfzfQh",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.249148",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249148",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2023/CVE-2023-71xx/CVE-2023-7146.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7146",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T02:15:45.387",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T21:52:53.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en gopeak MasterLab hasta 3.3.10 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n sqlInjectDelete del archivo app/ctrl/framework/Feature.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento tel\u00e9fono conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249149."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:masterlab:masterlab:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.3.10",
"matchCriteriaId": "650AE4B5-39D2-4607-8455-957955DF48AB"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/jRqEcVBTsZh4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.249149",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249149",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

44
CVE-2024/CVE-2024-02xx/CVE-2024-0241.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-0241",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:09.267",
"lastModified": "2024-01-04T21:15:09.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long \"id\" parameter.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-3px7-jm2p-6h2c",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c",
"source": "disclosure@vulncheck.com"
}
]
}

75
CVE-2024/CVE-2024-220xx/CVE-2024-22047.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2024-22047",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:09.720",
"lastModified": "2024-01-04T21:15:09.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-hjp3-5g2q-7jww",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/collectiveidea/audited/issues/601",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/collectiveidea/audited/pull/669",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/collectiveidea/audited/pull/671",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww",
"source": "disclosure@vulncheck.com"
}
]
}

48
CVE-2024/CVE-2024-220xx/CVE-2024-22048.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-22048",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:09.940",
"lastModified": "2024-01-04T21:15:09.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-x2xw-hw8g-6773",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/alphagov/tech-docs-gem/pull/323",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773",
"source": "disclosure@vulncheck.com"
}
]
}

48
CVE-2024/CVE-2024-220xx/CVE-2024-22049.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-22049",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:10.013",
"lastModified": "2024-01-04T21:15:10.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-472"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-5pq7-52mg-hr42",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42",
"source": "disclosure@vulncheck.com"
}
]
}

44
CVE-2024/CVE-2024-220xx/CVE-2024-22050.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-22050",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:10.100",
"lastModified": "2024-01-04T21:15:10.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3",
"source": "disclosure@vulncheck.com"
}
]
}

48
CVE-2024/CVE-2024-220xx/CVE-2024-22051.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-22051",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:10.173",
"lastModified": "2024-01-04T21:15:10.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-fmx4-26r3-wxpf",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf",
"source": "disclosure@vulncheck.com"
}
]
}

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-04T21:00:25.943994+00:00
2024-01-04T23:00:25.044682+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-04T20:25:53.587000+00:00
2024-01-04T22:15:07.200000+00:00
```
### Last Data Feed Release
@ -29,49 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234883
234889
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `6`
* [CVE-2023-51154](CVE-2023/CVE-2023-511xx/CVE-2023-51154.json) (`2024-01-04T19:15:08.850`)
* [CVE-2023-51812](CVE-2023/CVE-2023-518xx/CVE-2023-51812.json) (`2024-01-04T19:15:08.920`)
* [CVE-2023-5442](CVE-2023/CVE-2023-54xx/CVE-2023-5442.json) (`2024-01-04T19:15:08.970`)
* [CVE-2023-5619](CVE-2023/CVE-2023-56xx/CVE-2023-5619.json) (`2024-01-04T20:15:25.230`)
* [CVE-2024-21636](CVE-2024/CVE-2024-216xx/CVE-2024-21636.json) (`2024-01-04T20:15:25.300`)
* [CVE-2024-0241](CVE-2024/CVE-2024-02xx/CVE-2024-0241.json) (`2024-01-04T21:15:09.267`)
* [CVE-2024-22047](CVE-2024/CVE-2024-220xx/CVE-2024-22047.json) (`2024-01-04T21:15:09.720`)
* [CVE-2024-22048](CVE-2024/CVE-2024-220xx/CVE-2024-22048.json) (`2024-01-04T21:15:09.940`)
* [CVE-2024-22049](CVE-2024/CVE-2024-220xx/CVE-2024-22049.json) (`2024-01-04T21:15:10.013`)
* [CVE-2024-22050](CVE-2024/CVE-2024-220xx/CVE-2024-22050.json) (`2024-01-04T21:15:10.100`)
* [CVE-2024-22051](CVE-2024/CVE-2024-220xx/CVE-2024-22051.json) (`2024-01-04T21:15:10.173`)
### CVEs modified in the last Commit
Recently modified CVEs: `34`
Recently modified CVEs: `26`
* [CVE-2023-50848](CVE-2023/CVE-2023-508xx/CVE-2023-50848.json) (`2024-01-04T19:20:23.247`)
* [CVE-2023-50873](CVE-2023/CVE-2023-508xx/CVE-2023-50873.json) (`2024-01-04T19:20:51.227`)
* [CVE-2023-50860](CVE-2023/CVE-2023-508xx/CVE-2023-50860.json) (`2024-01-04T19:21:02.913`)
* [CVE-2023-50859](CVE-2023/CVE-2023-508xx/CVE-2023-50859.json) (`2024-01-04T19:21:18.457`)
* [CVE-2023-50857](CVE-2023/CVE-2023-508xx/CVE-2023-50857.json) (`2024-01-04T19:21:42.530`)
* [CVE-2023-50856](CVE-2023/CVE-2023-508xx/CVE-2023-50856.json) (`2024-01-04T19:21:58.083`)
* [CVE-2023-50836](CVE-2023/CVE-2023-508xx/CVE-2023-50836.json) (`2024-01-04T19:22:15.323`)
* [CVE-2023-36381](CVE-2023/CVE-2023-363xx/CVE-2023-36381.json) (`2024-01-04T19:22:53.737`)
* [CVE-2023-32795](CVE-2023/CVE-2023-327xx/CVE-2023-32795.json) (`2024-01-04T19:23:26.827`)
* [CVE-2023-52079](CVE-2023/CVE-2023-520xx/CVE-2023-52079.json) (`2024-01-04T19:24:22.547`)
* [CVE-2023-52082](CVE-2023/CVE-2023-520xx/CVE-2023-52082.json) (`2024-01-04T19:31:50.127`)
* [CVE-2023-32513](CVE-2023/CVE-2023-325xx/CVE-2023-32513.json) (`2024-01-04T19:32:31.050`)
* [CVE-2023-27447](CVE-2023/CVE-2023-274xx/CVE-2023-27447.json) (`2024-01-04T19:32:40.140`)
* [CVE-2023-7129](CVE-2023/CVE-2023-71xx/CVE-2023-7129.json) (`2024-01-04T19:39:40.933`)
* [CVE-2023-51501](CVE-2023/CVE-2023-515xx/CVE-2023-51501.json) (`2024-01-04T19:46:39.560`)
* [CVE-2023-7163](CVE-2023/CVE-2023-71xx/CVE-2023-7163.json) (`2024-01-04T19:56:45.747`)
* [CVE-2023-50874](CVE-2023/CVE-2023-508xx/CVE-2023-50874.json) (`2024-01-04T20:03:30.020`)
* [CVE-2023-4672](CVE-2023/CVE-2023-46xx/CVE-2023-4672.json) (`2024-01-04T20:09:31.050`)
* [CVE-2023-4671](CVE-2023/CVE-2023-46xx/CVE-2023-4671.json) (`2024-01-04T20:11:33.097`)
* [CVE-2023-45702](CVE-2023/CVE-2023-457xx/CVE-2023-45702.json) (`2024-01-04T20:14:34.343`)
* [CVE-2023-33952](CVE-2023/CVE-2023-339xx/CVE-2023-33952.json) (`2024-01-04T20:15:24.550`)
* [CVE-2023-50038](CVE-2023/CVE-2023-500xx/CVE-2023-50038.json) (`2024-01-04T20:18:57.593`)
* [CVE-2023-6918](CVE-2023/CVE-2023-69xx/CVE-2023-6918.json) (`2024-01-04T20:21:35.297`)
* [CVE-2023-45701](CVE-2023/CVE-2023-457xx/CVE-2023-45701.json) (`2024-01-04T20:25:30.933`)
* [CVE-2023-50692](CVE-2023/CVE-2023-506xx/CVE-2023-50692.json) (`2024-01-04T20:25:53.587`)
* [CVE-2022-22995](CVE-2022/CVE-2022-229xx/CVE-2022-22995.json) (`2024-01-04T22:15:07.200`)
* [CVE-2023-40606](CVE-2023/CVE-2023-406xx/CVE-2023-40606.json) (`2024-01-04T21:21:52.873`)
* [CVE-2023-32095](CVE-2023/CVE-2023-320xx/CVE-2023-32095.json) (`2024-01-04T21:22:08.900`)
* [CVE-2023-25054](CVE-2023/CVE-2023-250xx/CVE-2023-25054.json) (`2024-01-04T21:22:47.873`)
* [CVE-2023-22677](CVE-2023/CVE-2023-226xx/CVE-2023-22677.json) (`2024-01-04T21:25:11.053`)
* [CVE-2023-47840](CVE-2023/CVE-2023-478xx/CVE-2023-47840.json) (`2024-01-04T21:27:45.337`)
* [CVE-2023-46623](CVE-2023/CVE-2023-466xx/CVE-2023-46623.json) (`2024-01-04T21:28:03.787`)
* [CVE-2023-45751](CVE-2023/CVE-2023-457xx/CVE-2023-45751.json) (`2024-01-04T21:28:18.910`)
* [CVE-2023-49229](CVE-2023/CVE-2023-492xx/CVE-2023-49229.json) (`2024-01-04T21:44:26.423`)
* [CVE-2023-50839](CVE-2023/CVE-2023-508xx/CVE-2023-50839.json) (`2024-01-04T21:45:13.850`)
* [CVE-2023-50838](CVE-2023/CVE-2023-508xx/CVE-2023-50838.json) (`2024-01-04T21:45:27.430`)
* [CVE-2023-50847](CVE-2023/CVE-2023-508xx/CVE-2023-50847.json) (`2024-01-04T21:46:42.117`)
* [CVE-2023-50846](CVE-2023/CVE-2023-508xx/CVE-2023-50846.json) (`2024-01-04T21:46:56.987`)
* [CVE-2023-50845](CVE-2023/CVE-2023-508xx/CVE-2023-50845.json) (`2024-01-04T21:47:12.043`)
* [CVE-2023-50844](CVE-2023/CVE-2023-508xx/CVE-2023-50844.json) (`2024-01-04T21:49:15.737`)
* [CVE-2023-50843](CVE-2023/CVE-2023-508xx/CVE-2023-50843.json) (`2024-01-04T21:49:28.800`)
* [CVE-2023-50842](CVE-2023/CVE-2023-508xx/CVE-2023-50842.json) (`2024-01-04T21:50:12.597`)
* [CVE-2023-50841](CVE-2023/CVE-2023-508xx/CVE-2023-50841.json) (`2024-01-04T21:50:31.133`)
* [CVE-2023-50840](CVE-2023/CVE-2023-508xx/CVE-2023-50840.json) (`2024-01-04T21:50:46.303`)
* [CVE-2023-7133](CVE-2023/CVE-2023-71xx/CVE-2023-7133.json) (`2024-01-04T21:51:36.093`)
* [CVE-2023-7146](CVE-2023/CVE-2023-71xx/CVE-2023-7146.json) (`2024-01-04T21:52:53.167`)
* [CVE-2023-7145](CVE-2023/CVE-2023-71xx/CVE-2023-7145.json) (`2024-01-04T21:53:07.467`)
* [CVE-2023-31301](CVE-2023/CVE-2023-313xx/CVE-2023-31301.json) (`2024-01-04T21:53:26.990`)
* [CVE-2023-31298](CVE-2023/CVE-2023-312xx/CVE-2023-31298.json) (`2024-01-04T21:54:55.263`)
* [CVE-2023-31292](CVE-2023/CVE-2023-312xx/CVE-2023-31292.json) (`2024-01-04T21:55:24.063`)
## Download and Usage