admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-27T23:00:24.684700+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-27 23:00:28 +00:00
parent d33cc63f74
commit 9e5bc692f2
58 changed files with 2693 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2021/CVE-2021-216xx/CVE-2021-21655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21655",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:08.147",
"lastModified": "2023-10-25T18:16:49.970",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:00:26.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

21
CVE-2021/CVE-2021-216xx/CVE-2021-21675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21675",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:09.317",
"lastModified": "2023-10-25T18:16:51.337",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:03:24.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
@ -92,7 +104,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

36
CVE-2022/CVE-2022-21xx/CVE-2022-2127.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2127",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.183",
"lastModified": "2023-11-14T21:15:08.820",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:05:25.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -157,16 +157,37 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:6667",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7139",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2127",
@ -195,7 +216,7 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
"Mailing List"
]
},
{
@ -207,7 +228,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5477",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-2127.html",

9
CVE-2022/CVE-2022-467xx/CVE-2022-46725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46725",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.420",
"lastModified": "2023-11-15T21:15:07.697",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:04:02.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -73,7 +73,10 @@
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",

29
CVE-2022/CVE-2022-485xx/CVE-2022-48554.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48554",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.757",
"lastModified": "2023-11-16T16:15:29.060",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:04:16.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -62,6 +62,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
@ -75,11 +90,17 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0002/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5489",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-349xx/CVE-2023-34966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34966",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.333",
"lastModified": "2023-11-14T21:15:09.313",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:06:19.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -113,6 +113,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@ -141,16 +146,42 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:6667",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7139",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34966",
@ -176,15 +207,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0010/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5477",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34966",

54
CVE-2023/CVE-2023-349xx/CVE-2023-34967.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34967",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.410",
"lastModified": "2023-11-14T21:15:09.420",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:06:24.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -113,6 +113,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@ -141,16 +146,42 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:6667",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7139",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34967",
@ -175,15 +206,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0010/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5477",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34967.html",

4
CVE-2023/CVE-2023-400xx/CVE-2023-40038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40038",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T20:15:19.230",
"lastModified": "2023-12-27T20:15:19.230",
"vulnStatus": "Received",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

44
CVE-2023/CVE-2023-40xx/CVE-2023-4042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4042",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-23T13:15:07.847",
"lastModified": "2023-11-14T21:15:13.897",
"vulnStatus": "Modified",
"lastModified": "2023-12-27T22:04:29.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -99,10 +99,45 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "55CF7208-4D36-4C35-92BC-F6EA2C8DEDE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "F791F846-7762-40E0-9056-032FD10F2046"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C"
}
]
}
@ -112,7 +147,10 @@
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7053",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4042",

20
CVE-2023/CVE-2023-434xx/CVE-2023-43481.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43481",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:07.990",
"lastModified": "2023-12-27T22:15:16.540",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.tcl.browser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-439xx/CVE-2023-43955.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-43955",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.050",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.phlox.tvwebbrowser",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/truefedex/tv-bro/pull/182#issue-1901769895",
"source": "cve@mitre.org"
}
]
}

58
CVE-2023/CVE-2023-451xx/CVE-2023-45115.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45115",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:07.517",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:36:32.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'ch' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'ch' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

58
CVE-2023/CVE-2023-451xx/CVE-2023-45116.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45116",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:08.040",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:36:11.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'demail' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'demail' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-451xx/CVE-2023-45117.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45117",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:08.380",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:36:01.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'eid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'eid' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

58
CVE-2023/CVE-2023-451xx/CVE-2023-45118.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45118",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:08.750",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:38:08.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'fdid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'fdid' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

58
CVE-2023/CVE-2023-451xx/CVE-2023-45119.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45119",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T16:15:09.197",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:37:56.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'n' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'n' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-469xx/CVE-2023-46918.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-46918",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.597",
"lastModified": "2023-12-27T22:15:16.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.phlox.simpleserver/blob/main/CWE-321.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-469xx/CVE-2023-46919.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-46919",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.103",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.phlox.simpleserver/blob/main/CWE-321.md",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-478xx/CVE-2023-47882.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47882",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.147",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/yi/blob/main/CWE-319.md",
"source": "cve@mitre.org"
},
{
"url": "https://play.google.com/store/apps/details?id=com.yunyi.smartcamera",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-478xx/CVE-2023-47883.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-47883",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.193",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/AFC-POC.apk",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/TVBrowserDemo.gif",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-490xx/CVE-2023-49000.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.653",
"lastModified": "2023-12-27T22:15:16.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49000",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-490xx/CVE-2023-49001.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49001",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.700",
"lastModified": "2023-12-27T22:15:16.700",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.gurry.kvbrowser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49001",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-490xx/CVE-2023-49002.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49002",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.750",
"lastModified": "2023-12-27T22:15:16.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.sinous.voice.dialer/blob/main/CWE-928.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49002",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-490xx/CVE-2023-49003.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49003",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.790",
"lastModified": "2023-12-27T22:15:16.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.simplemobiletools.dialer/blob/main/CWE-928.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49003",
"source": "cve@mitre.org"
}
]
}

51
CVE-2023/CVE-2023-503xx/CVE-2023-50377.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50377",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:10.290",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:34:56.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.This issue affects Simple Counter: from n/a through 1.0.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en AB-WP Simple Counter permite XSS almacenado. Este problema afecta a Simple Counter: desde n/a hasta 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ab-wp:simple_counter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.2",
"matchCriteriaId": "9E24F646-A50B-486B-B0E6-7854BD76E604"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/abwp-simple-counter/wordpress-simple-counter-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50826.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50826",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:12.213",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:25:38.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.This issue affects Menu Image, Icons made easy: from n/a through 3.10.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Freshlight Lab Menu Image, Icons made easy permite XSS almacenado. Este problema afecta a Menu Image, Icons made easy: desde n/a hasta 3.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freshlightlab:menu_image\\,_icons_made_easy:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.10",
"matchCriteriaId": "A2B1AA77-D943-4ABF-9492-15DAF4FCD721"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/menu-image/wordpress-menu-image-icons-made-easy-plugin-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50827.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50827",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:12.497",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:25:18.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Accredible Accredible Certificates & Open Badges permite XSS almacenado. Este problema afecta a Accredible Certificates & Open Badges: desde n/a hasta 1.4.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accredible:accredible_certificates_\\&_open_badges:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.8",
"matchCriteriaId": "7DE5DCCB-E748-4A58-BACF-7B6298519861"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accredible-certificates/wordpress-accredible-certificates-open-badges-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51011.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51011",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.260",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:33.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter\u2019 of the setLanConfig interface of the cstecgi .cgi"
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro lanPriDns de la interfaz setLanConfig de cstecgi .cgi"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanPriDns/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51012.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51012",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.310",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:27.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter\u2019 of the setLanConfig interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro lanGateway de la interfaz setLanConfig de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanGateway/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51013.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51013",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.360",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:22.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter\u2019 of the setLanConfig interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro lanNetmask de la interfaz setLanConfig de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanNetmask/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51014.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51014",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.403",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:13.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter\u2019 of the setLanConfig interface of the cstecgi .cgi"
},
{
"lang": "es",
"value": "TOTOLINK EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro lanSecDns de la interfaz setLanConfig de cstecgi .cgi"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig_lanSecDns/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51015.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51015",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.450",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:05.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the \u2018enable parameter\u2019 of the setDmzCfg interface of the cstecgi .cgi"
},
{
"lang": "es",
"value": "TOTOLINX EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios en 'enable parameter' de la interfaz setDmzCfg del cstecgi .cgi"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setDmzCfg/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51016.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51016",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.493",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:07:25.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en la interfaz setRebootScheCfg de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/10/EX1800T/TOTOlink%20EX1800T_V9.1.0cu.2112_B20220316%28setRebootScheCfg%29/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51017.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51017",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.540",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:09:57.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter\u2019 of the setLanConfig interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro lanIp de la interfaz setLanConfig de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanIp/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51018.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51018",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.587",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:09:49.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018opmode\u2019 parameter of the setWiFiApConfig interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'opmode' de la interfaz setWiFiApConfig de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setWiFiApConfig-opmode/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51019.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51019",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.630",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:09:43.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018key5g\u2019 parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'key5g' de la interfaz setWiFiExtenderConfig de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-key5g/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51020.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51020",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.673",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:09:01.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018langType\u2019 parameter of the setLanguageCfg interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'langType' de la interfaz setLanguageCfg de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setLanguageCfg-langType/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51021.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51021",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.737",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:08:51.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018merge\u2019 parameter of the setRptWizardCfg interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'merge' de la interfaz setRptWizardCfg de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setRptWizardCfg-merge/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51022.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51022",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.787",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:08:45.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018langFlag\u2019 parameter of the setLanguageCfg interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'langFlag' de la interfaz setLanguageCfg de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setLanguageCfg-langFlag/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51023.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T18:15:07.770",
"lastModified": "2023-12-22T20:32:34.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:11:11.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the \u2018host_time\u2019 parameter of the NTPSyncWithHost interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios en el par\u00e1metro 'host_time' de la interfaz NTPSyncWithHost del cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031NTPSyncWithHost-host_time/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51024.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51024",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T18:15:07.820",
"lastModified": "2023-12-22T20:32:34.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:11:05.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018tz\u2019 parameter of the setNtpCfg interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'tz' de la interfaz setNtpCfg del cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setNtpCfg-tz/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51025.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51025",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T18:15:07.860",
"lastModified": "2023-12-22T20:32:34.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:57.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the \u2018admuser\u2019 parameter of the setPasswordCfg interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de un comando arbitrario no autorizado en el par\u00e1metro 'admuser' de la interfaz setPasswordCfg del cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51026.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51026",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T18:15:07.907",
"lastModified": "2023-12-22T20:32:34.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:48.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018hour\u2019 parameter of the setRebootScheCfg interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'hour' de la interfaz setRebootScheCfg de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setRebootScheCfg-hour/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51027.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51027",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T18:15:07.953",
"lastModified": "2023-12-22T20:32:34.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:10:41.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018apcliAuthMode\u2019 parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi."
},
{
"lang": "es",
"value": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios no autorizados en el par\u00e1metro 'apcliAuthMode' de la interfaz setWiFiExtenderConfig de cstecgi .cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-apcliAuthMode/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-510xx/CVE-2023-51048.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-51048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:10.797",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:38:45.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que S-CMS v5.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro A_newsauth en /admin/ajax.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3797FECE-5F4C-4A17-B21E-15BE49A20B41"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

67
CVE-2023/CVE-2023-510xx/CVE-2023-51049.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-51049",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:10.903",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:39:12.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que S-CMS v5.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro A_bbsauth en /admin/ajax.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3797FECE-5F4C-4A17-B21E-15BE49A20B41"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

67
CVE-2023/CVE-2023-510xx/CVE-2023-51050.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-51050",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:11.000",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:39:22.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que S-CMS v5.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro A_productauth en /admin/ajax.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3797FECE-5F4C-4A17-B21E-15BE49A20B41"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51074.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51074",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.253",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/json-path/JsonPath/issues/973",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51075.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51075",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.300",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dromara/hutool/issues/3421",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51079.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51079",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.350",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mvel/mvel/issues/348",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51080.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51080",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.397",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dromara/hutool/issues/3423",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51084.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.450",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/PoppingSnack/VulReport/issues/12",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-520xx/CVE-2023-52075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52075",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T20:15:19.300",
"lastModified": "2023-12-27T20:15:19.300",
"vulnStatus": "Received",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-520xx/CVE-2023-52077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52077",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T19:15:07.763",
"lastModified": "2023-12-27T19:15:07.763",
"vulnStatus": "Received",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-70xx/CVE-2023-7020.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7020",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T01:15:34.073",
"lastModified": "2023-12-21T02:24:16.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:11:34.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tongda OA 2017 hasta 11.9 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo general/wiki/cp/ct/view.php. La manipulaci\u00f3n del argumento TEMP_ID conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-248567. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere_2017:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.9",
"matchCriteriaId": "1B3C1D0D-0551-447E-887C-F24428A73171"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zte12321/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248567",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248567",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-70xx/CVE-2023-7021.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T01:15:34.393",
"lastModified": "2023-12-21T02:24:16.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:11:16.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tongda OA 2017 hasta 11.9. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo general/vehicle/checkup/delete_search.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento VU_ID conduce a la inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-248568. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere_2017:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.10",
"matchCriteriaId": "93A78FB4-1B3E-487C-8926-4E417A01FE24"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qq956801985/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248568",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248568",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-70xx/CVE-2023-7022.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T02:15:43.680",
"lastModified": "2023-12-21T02:24:16.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-27T21:06:48.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tongda OA 2017 hasta 11.9. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo general/work_plan/manage/delete_all.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento DELETE_STR conduce a la inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248569. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere_2017:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.9",
"matchCriteriaId": "1B3C1D0D-0551-447E-887C-F24428A73171"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/willchen0011/cve/blob/main/sql3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248569",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248569",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-27T21:00:24.557090+00:00
2023-12-27T23:00:24.684700+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-27T20:49:16.410000+00:00
2023-12-27T22:15:16.790000+00:00
```
### Last Data Feed Release
@ -29,47 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234287
234302
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `15`
* [CVE-2023-52077](CVE-2023/CVE-2023-520xx/CVE-2023-52077.json) (`2023-12-27T19:15:07.763`)
* [CVE-2023-40038](CVE-2023/CVE-2023-400xx/CVE-2023-40038.json) (`2023-12-27T20:15:19.230`)
* [CVE-2023-52075](CVE-2023/CVE-2023-520xx/CVE-2023-52075.json) (`2023-12-27T20:15:19.300`)
* [CVE-2023-43955](CVE-2023/CVE-2023-439xx/CVE-2023-43955.json) (`2023-12-27T21:15:08.050`)
* [CVE-2023-46919](CVE-2023/CVE-2023-469xx/CVE-2023-46919.json) (`2023-12-27T21:15:08.103`)
* [CVE-2023-47882](CVE-2023/CVE-2023-478xx/CVE-2023-47882.json) (`2023-12-27T21:15:08.147`)
* [CVE-2023-47883](CVE-2023/CVE-2023-478xx/CVE-2023-47883.json) (`2023-12-27T21:15:08.193`)
* [CVE-2023-51074](CVE-2023/CVE-2023-510xx/CVE-2023-51074.json) (`2023-12-27T21:15:08.253`)
* [CVE-2023-51075](CVE-2023/CVE-2023-510xx/CVE-2023-51075.json) (`2023-12-27T21:15:08.300`)
* [CVE-2023-51079](CVE-2023/CVE-2023-510xx/CVE-2023-51079.json) (`2023-12-27T21:15:08.350`)
* [CVE-2023-51080](CVE-2023/CVE-2023-510xx/CVE-2023-51080.json) (`2023-12-27T21:15:08.397`)
* [CVE-2023-51084](CVE-2023/CVE-2023-510xx/CVE-2023-51084.json) (`2023-12-27T21:15:08.450`)
* [CVE-2023-43481](CVE-2023/CVE-2023-434xx/CVE-2023-43481.json) (`2023-12-27T21:15:07.990`)
* [CVE-2023-46918](CVE-2023/CVE-2023-469xx/CVE-2023-46918.json) (`2023-12-27T22:15:16.597`)
* [CVE-2023-49000](CVE-2023/CVE-2023-490xx/CVE-2023-49000.json) (`2023-12-27T22:15:16.653`)
* [CVE-2023-49001](CVE-2023/CVE-2023-490xx/CVE-2023-49001.json) (`2023-12-27T22:15:16.700`)
* [CVE-2023-49002](CVE-2023/CVE-2023-490xx/CVE-2023-49002.json) (`2023-12-27T22:15:16.750`)
* [CVE-2023-49003](CVE-2023/CVE-2023-490xx/CVE-2023-49003.json) (`2023-12-27T22:15:16.790`)
### CVEs modified in the last Commit
Recently modified CVEs: `40`
Recently modified CVEs: `42`
* [CVE-2023-44277](CVE-2023/CVE-2023-442xx/CVE-2023-44277.json) (`2023-12-27T19:33:29.213`)
* [CVE-2023-23970](CVE-2023/CVE-2023-239xx/CVE-2023-23970.json) (`2023-12-27T19:45:38.120`)
* [CVE-2023-49814](CVE-2023/CVE-2023-498xx/CVE-2023-49814.json) (`2023-12-27T19:46:23.767`)
* [CVE-2023-45603](CVE-2023/CVE-2023-456xx/CVE-2023-45603.json) (`2023-12-27T19:47:42.173`)
* [CVE-2023-47784](CVE-2023/CVE-2023-477xx/CVE-2023-47784.json) (`2023-12-27T20:05:27.610`)
* [CVE-2023-47990](CVE-2023/CVE-2023-479xx/CVE-2023-47990.json) (`2023-12-27T20:11:02.707`)
* [CVE-2023-31231](CVE-2023/CVE-2023-312xx/CVE-2023-31231.json) (`2023-12-27T20:21:21.870`)
* [CVE-2023-34385](CVE-2023/CVE-2023-343xx/CVE-2023-34385.json) (`2023-12-27T20:21:37.573`)
* [CVE-2023-40204](CVE-2023/CVE-2023-402xx/CVE-2023-40204.json) (`2023-12-27T20:22:37.537`)
* [CVE-2023-28170](CVE-2023/CVE-2023-281xx/CVE-2023-28170.json) (`2023-12-27T20:24:35.040`)
* [CVE-2023-7023](CVE-2023/CVE-2023-70xx/CVE-2023-7023.json) (`2023-12-27T20:38:15.883`)
* [CVE-2023-49678](CVE-2023/CVE-2023-496xx/CVE-2023-49678.json) (`2023-12-27T20:47:15.660`)
* [CVE-2023-49679](CVE-2023/CVE-2023-496xx/CVE-2023-49679.json) (`2023-12-27T20:47:33.007`)
* [CVE-2023-49680](CVE-2023/CVE-2023-496xx/CVE-2023-49680.json) (`2023-12-27T20:47:39.947`)
* [CVE-2023-49681](CVE-2023/CVE-2023-496xx/CVE-2023-49681.json) (`2023-12-27T20:47:47.840`)
* [CVE-2023-49682](CVE-2023/CVE-2023-496xx/CVE-2023-49682.json) (`2023-12-27T20:47:54.283`)
* [CVE-2023-49683](CVE-2023/CVE-2023-496xx/CVE-2023-49683.json) (`2023-12-27T20:48:02.790`)
* [CVE-2023-7024](CVE-2023/CVE-2023-70xx/CVE-2023-7024.json) (`2023-12-27T20:48:22.690`)
* [CVE-2023-49684](CVE-2023/CVE-2023-496xx/CVE-2023-49684.json) (`2023-12-27T20:48:32.050`)
* [CVE-2023-49685](CVE-2023/CVE-2023-496xx/CVE-2023-49685.json) (`2023-12-27T20:48:40.047`)
* [CVE-2023-49686](CVE-2023/CVE-2023-496xx/CVE-2023-49686.json) (`2023-12-27T20:48:45.937`)
* [CVE-2023-49687](CVE-2023/CVE-2023-496xx/CVE-2023-49687.json) (`2023-12-27T20:48:52.213`)
* [CVE-2023-49688](CVE-2023/CVE-2023-496xx/CVE-2023-49688.json) (`2023-12-27T20:48:59.487`)
* [CVE-2023-49689](CVE-2023/CVE-2023-496xx/CVE-2023-49689.json) (`2023-12-27T20:49:07.780`)
* [CVE-2023-49690](CVE-2023/CVE-2023-496xx/CVE-2023-49690.json) (`2023-12-27T20:49:16.410`)
* [CVE-2023-51011](CVE-2023/CVE-2023-510xx/CVE-2023-51011.json) (`2023-12-27T21:10:33.847`)
* [CVE-2023-51027](CVE-2023/CVE-2023-510xx/CVE-2023-51027.json) (`2023-12-27T21:10:41.763`)
* [CVE-2023-51026](CVE-2023/CVE-2023-510xx/CVE-2023-51026.json) (`2023-12-27T21:10:48.950`)
* [CVE-2023-51025](CVE-2023/CVE-2023-510xx/CVE-2023-51025.json) (`2023-12-27T21:10:57.747`)
* [CVE-2023-51024](CVE-2023/CVE-2023-510xx/CVE-2023-51024.json) (`2023-12-27T21:11:05.060`)
* [CVE-2023-51023](CVE-2023/CVE-2023-510xx/CVE-2023-51023.json) (`2023-12-27T21:11:11.397`)
* [CVE-2023-7021](CVE-2023/CVE-2023-70xx/CVE-2023-7021.json) (`2023-12-27T21:11:16.050`)
* [CVE-2023-7020](CVE-2023/CVE-2023-70xx/CVE-2023-7020.json) (`2023-12-27T21:11:34.267`)
* [CVE-2023-50827](CVE-2023/CVE-2023-508xx/CVE-2023-50827.json) (`2023-12-27T21:25:18.757`)
* [CVE-2023-50826](CVE-2023/CVE-2023-508xx/CVE-2023-50826.json) (`2023-12-27T21:25:38.740`)
* [CVE-2023-50377](CVE-2023/CVE-2023-503xx/CVE-2023-50377.json) (`2023-12-27T21:34:56.883`)
* [CVE-2023-45117](CVE-2023/CVE-2023-451xx/CVE-2023-45117.json) (`2023-12-27T21:36:01.277`)
* [CVE-2023-45116](CVE-2023/CVE-2023-451xx/CVE-2023-45116.json) (`2023-12-27T21:36:11.097`)
* [CVE-2023-45115](CVE-2023/CVE-2023-451xx/CVE-2023-45115.json) (`2023-12-27T21:36:32.453`)
* [CVE-2023-52077](CVE-2023/CVE-2023-520xx/CVE-2023-52077.json) (`2023-12-27T21:37:15.710`)
* [CVE-2023-40038](CVE-2023/CVE-2023-400xx/CVE-2023-40038.json) (`2023-12-27T21:37:15.710`)
* [CVE-2023-52075](CVE-2023/CVE-2023-520xx/CVE-2023-52075.json) (`2023-12-27T21:37:15.710`)
* [CVE-2023-45119](CVE-2023/CVE-2023-451xx/CVE-2023-45119.json) (`2023-12-27T21:37:56.367`)
* [CVE-2023-45118](CVE-2023/CVE-2023-451xx/CVE-2023-45118.json) (`2023-12-27T21:38:08.260`)
* [CVE-2023-51048](CVE-2023/CVE-2023-510xx/CVE-2023-51048.json) (`2023-12-27T21:38:45.147`)
* [CVE-2023-51049](CVE-2023/CVE-2023-510xx/CVE-2023-51049.json) (`2023-12-27T21:39:12.257`)
* [CVE-2023-51050](CVE-2023/CVE-2023-510xx/CVE-2023-51050.json) (`2023-12-27T21:39:22.713`)
* [CVE-2023-4042](CVE-2023/CVE-2023-40xx/CVE-2023-4042.json) (`2023-12-27T22:04:29.077`)
* [CVE-2023-34966](CVE-2023/CVE-2023-349xx/CVE-2023-34966.json) (`2023-12-27T22:06:19.453`)
* [CVE-2023-34967](CVE-2023/CVE-2023-349xx/CVE-2023-34967.json) (`2023-12-27T22:06:24.227`)
## Download and Usage