admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-01T23:00:18.041174+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-01 23:00:21 +00:00
parent 6ad7e29661
commit a429a100fd
39 changed files with 2023 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125081",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T23:15:15.173",
"lastModified": "2023-11-07T02:18:43.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-01T22:04:49.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

11
CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125084",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T00:15:08.823",
"lastModified": "2023-11-07T02:18:44.037",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-01T22:03:27.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -138,6 +138,7 @@
"url": "https://vuldb.com/?id.220205",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}

10
CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-10T02:15:58.147",
"lastModified": "2023-11-07T02:18:46.353",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-01T22:05:39.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -91,7 +91,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{

10
CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125095",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-09T06:15:10.593",
"lastModified": "2023-11-07T02:18:46.810",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-01T22:08:11.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

10
CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-10T03:15:07.040",
"lastModified": "2023-11-07T02:18:47.120",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-01T22:10:36.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

18
CVE-2017/CVE-2017-201xx/CVE-2017-20155.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-20155",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T23:15:08.883",
"lastModified": "2023-11-07T02:43:19.843",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-01T22:07:13.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -114,8 +114,7 @@
"url": "https://github.com/Sterc/Analytics-dashboard-widget/commit/855d9560d3782c105568eedf9b22a769fbf29cc0",
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{
@ -131,15 +130,14 @@
"url": "https://github.com/Sterc/Analytics-dashboard-widget/milestone/2",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
"Product"
]
},
{
"url": "https://github.com/Sterc/Analytics-dashboard-widget/pull/12",
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{

13
CVE-2017/CVE-2017-201xx/CVE-2017-20156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-20156",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-31T10:15:09.183",
"lastModified": "2023-11-07T02:43:20.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-01T22:09:35.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -114,8 +114,7 @@
"url": "https://github.com/exciting-io/printer/commit/5f8c715d6e2cc000f621a6833f0a86a673462136",
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{

10
CVE-2022/CVE-2022-404xx/CVE-2022-40433.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-40433",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:24.010",
"lastModified": "2023-09-25T17:23:18.193",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-01T21:15:07.527",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service."
"value": "An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en la funci\u00f3n ciMethodBlocks::make_block_at de Oracle JDK (HotSpot VM) 11, 17 y OpenJDK (HotSpot VM) 8, 11, 17, que permite a los atacantes provocar una denegaci\u00f3n de servicio.\n"
}
],
"metrics": {

62
CVE-2023/CVE-2023-256xx/CVE-2023-25632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25632",
"sourceIdentifier": "cve@navercorp.com",
"published": "2023-11-27T07:15:43.397",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:17:40.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "La aplicaci\u00f3n de navegador Android Mobile Whale anterior a 3.0.1.2 permite al atacante eludir la funci\u00f3n de desbloqueo del navegador mediante la funci\u00f3n \"Abrir en Whale\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@navercorp.com",
"type": "Secondary",
@ -27,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:naver:whale_browser:*:*:*:*:*:android:*:*",
"versionEndExcluding": "3.0.1.2",
"matchCriteriaId": "AC969CAF-AD1C-48DE-BDD8-F276EC21450C"
}
]
}
]
}
],
"references": [
{
"url": "https://cve.naver.com/detail/cve-2023-25632.html",
"source": "cve@navercorp.com"
"source": "cve@navercorp.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-320xx/CVE-2023-32063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32063",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.143",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:46:28.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:client_relationship_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndIncluding": "4.2.5",
"matchCriteriaId": "D7A1B563-4905-464D-A4B0-A317A2182BA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:client_relationship_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.4",
"matchCriteriaId": "3A2D401C-A6CD-48B0-8A5C-A9FD55182189"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:client_relationship_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "E55AC63D-454C-48E3-8FD5-E8521E9554A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/OroCRMCallBundle/commit/456b1dda7762abf4ff59eafffaa70ab7f09d1c85",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/oroinc/OroCRMCallBundle/commit/9a41dff459bb4aff864175ca883d553ac0954950",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/oroinc/crm/security/advisories/GHSA-897w-jv7j-6r7g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-320xx/CVE-2023-32064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32064",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.360",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T22:01:44.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndIncluding": "4.2.8",
"matchCriteriaId": "9E0C45BF-56A3-480F-AC47-7811E56CF653"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.11",
"matchCriteriaId": "9A2DBB10-E76F-4210-943D-9FF29CD90538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "EA4A911B-D810-45B3-BCAA-ABD4EF968657"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-8gwj-68w6-7v6c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-320xx/CVE-2023-32065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32065",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.570",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T22:00:52.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndIncluding": "4.2.10",
"matchCriteriaId": "8CD6473A-785F-4EA1-8546-250A24D35964"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.11",
"matchCriteriaId": "9A2DBB10-E76F-4210-943D-9FF29CD90538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "EA4A911B-D810-45B3-BCAA-ABD4EF968657"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-88g2-xgh9-4ph2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-406xx/CVE-2023-40699.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40699",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:07.633",
"lastModified": "2023-12-01T21:15:07.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265161",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7067714",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-420xx/CVE-2023-42009.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42009",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:07.857",
"lastModified": "2023-12-01T21:15:07.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265504",
"source": "psirt@us.ibm.com"
},
{
"url": "https://https://www.ibm.com/support/pages/node/7070755",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-420xx/CVE-2023-42019.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42019",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.053",
"lastModified": "2023-12-01T21:15:08.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265569",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7067719",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-420xx/CVE-2023-42022.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42022",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.260",
"lastModified": "2023-12-01T21:15:08.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265938",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7074335",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-430xx/CVE-2023-43021.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43021",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.460",
"lastModified": "2023-12-01T21:15:08.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266167",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7074317",
"source": "psirt@us.ibm.com"
}
]
}

76
CVE-2023/CVE-2023-437xx/CVE-2023-43754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43754",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-27T10:15:07.657",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:18:42.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.12",
"matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.3",
"matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.1",
"matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44381.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44381",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:09.573",
"lastModified": "2023-12-01T22:15:09.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44382.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44382",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:09.780",
"lastModified": "2023-12-01T22:15:09.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-444xx/CVE-2023-44402.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44402",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:09.970",
"lastModified": "2023-12-01T22:15:09.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://github.com/electron/electron/pull/39788",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"source": "security-advisories@github.com"
},
{
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2023/CVE-2023-452xx/CVE-2023-45223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45223",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-27T10:15:07.840",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:22:56.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.12",
"matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.3",
"matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-461xx/CVE-2023-46174.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46174",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.663",
"lastModified": "2023-12-01T21:15:08.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269506",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7067717",
"source": "psirt@us.ibm.com"
}
]
}

64
CVE-2023/CVE-2023-463xx/CVE-2023-46355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46355",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T23:15:07.520",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:17:19.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "En el m\u00f3dulo \"CSV Feeds PRO\" (csvfeeds) < 2.6.1 de Bl Modules para PrestaShop, un invitado puede descargar informaci\u00f3n personal sin restricciones. Debido a un control de acceso demasiado permisivo que no obliga al administrador a utilizar una contrase\u00f1a en los feeds, un invitado puede acceder a las exportaciones del m\u00f3dulo, lo que puede provocar filtraciones de informaci\u00f3n personal de la tabla ps_customer/ps_order, como nombre/apellido/correo electr\u00f3nico/n\u00famero de tel\u00e9fono/direcci\u00f3n postal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blmodules:csv_feeds_pro:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "2.6.1",
"matchCriteriaId": "BEC51F0B-EE9A-4BE8-96F8-D374716C7029"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/23/csvfeeds.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-464xx/CVE-2023-46480.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46480",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T23:15:07.567",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:04:35.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "Un problema en OwnCast v.0.1.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro authHost de la funci\u00f3n indieauth."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncast_project:owncast:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60E81CAB-A9D8-4197-83F5-F1D4915D3D54"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/owncast/owncast",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/shahzaibak96/CVE-2023-46480",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-467xx/CVE-2023-46746.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46746",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.167",
"lastModified": "2023-12-01T22:15:10.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/PostHog/posthog/commit/22bd5942638d5d9bc4bd603a9bfe8f8a95572292",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/PostHog/posthog/security/advisories/GHSA-wqqw-r8c5-j67c",
"source": "security-advisories@github.com"
}
]
}

76
CVE-2023/CVE-2023-471xx/CVE-2023-47168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47168",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-27T10:15:08.023",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:24:07.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.12",
"matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.3",
"matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.1",
"matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-482xx/CVE-2023-48268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48268",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-27T10:15:08.217",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:30:14.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.12",
"matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.3",
"matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.1",
"matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48314.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48314",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.360",
"lastModified": "2023-12-01T22:15:10.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2",
"source": "security-advisories@github.com"
}
]
}

76
CVE-2023/CVE-2023-483xx/CVE-2023-48369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48369",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-27T10:15:08.400",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:37:48.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.12",
"matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.3",
"matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.1",
"matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-487xx/CVE-2023-48713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48713",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.820",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:53:20.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.5",
"matchCriteriaId": "F83BBBFD-C622-41D7-BE6A-D7BA52B6B2D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.3",
"matchCriteriaId": "3672D2F9-C70C-4FC1-8992-B8EB42F755BB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-491xx/CVE-2023-49145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49145",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-27T23:15:07.780",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:01:41.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -50,18 +70,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.7.0",
"versionEndExcluding": "1.24.0",
"matchCriteriaId": "5833EB7C-1FFC-458E-90C0-59FD98000131"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/27/5",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://nifi.apache.org/security.html#CVE-2023-49145",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-492xx/CVE-2023-49276.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49276",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.563",
"lastModified": "2023-12-01T22:15:10.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/louislam/uptime-kuma/commit/f28dccf4e11f041564293e4f407e69ab9ee2277f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-v4v2-8h88-65qj",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-492xx/CVE-2023-49277.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49277",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T21:15:08.857",
"lastModified": "2023-12-01T21:15:08.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/DarrenOfficial/dpaste/commit/44a666a79b3b29ed4f340600bfcf55113bfb7086",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/DarrenOfficial/dpaste/security/advisories/GHSA-r8j9-5cj7-cv39",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-492xx/CVE-2023-49281.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-49281",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-01T22:15:10.760",
"lastModified": "2023-12-01T22:15:10.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://github.com/Cainor/Calendarinho/commit/15b2393efd69101727d27a4e710880ce46e84d70",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Cainor/Calendarinho/commit/9a0174bef939565a76cbe7762996ecddca9ba55e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Cainor/Calendarinho/commit/c77defeb0103c1f7a4709799b8751aaeb0d09eed",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Cainor/Calendarinho/security/advisories/GHSA-g2gp-x888-6xrj",
"source": "security-advisories@github.com"
}
]
}

114
CVE-2023/CVE-2023-59xx/CVE-2023-5960.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5960",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T03:15:07.310",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:43:59.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,118 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-62xx/CVE-2023-6202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6202",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-27T10:15:08.677",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T21:40:49.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.12",
"matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.3",
"matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-64xx/CVE-2023-6462.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-01T22:15:10.960",
"lastModified": "2023-12-01T22:15:10.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/qqisee/vulndis/blob/main/xss_delete_user.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.246612",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.246612",
"source": "cna@vuldb.com"
}
]
}

76
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-01T21:00:18.640057+00:00
2023-12-01T23:00:18.041174+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-01T20:57:34.647000+00:00
2023-12-01T22:15:10.960000+00:00
```
### Last Data Feed Release
@ -29,47 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231959
231974
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `15`
* [CVE-2023-26024](CVE-2023/CVE-2023-260xx/CVE-2023-26024.json) (`2023-12-01T19:15:07.640`)
* [CVE-2023-38268](CVE-2023/CVE-2023-382xx/CVE-2023-38268.json) (`2023-12-01T20:15:07.083`)
* [CVE-2023-43015](CVE-2023/CVE-2023-430xx/CVE-2023-43015.json) (`2023-12-01T20:15:07.287`)
* [CVE-2023-40699](CVE-2023/CVE-2023-406xx/CVE-2023-40699.json) (`2023-12-01T21:15:07.633`)
* [CVE-2023-42009](CVE-2023/CVE-2023-420xx/CVE-2023-42009.json) (`2023-12-01T21:15:07.857`)
* [CVE-2023-42019](CVE-2023/CVE-2023-420xx/CVE-2023-42019.json) (`2023-12-01T21:15:08.053`)
* [CVE-2023-42022](CVE-2023/CVE-2023-420xx/CVE-2023-42022.json) (`2023-12-01T21:15:08.260`)
* [CVE-2023-43021](CVE-2023/CVE-2023-430xx/CVE-2023-43021.json) (`2023-12-01T21:15:08.460`)
* [CVE-2023-46174](CVE-2023/CVE-2023-461xx/CVE-2023-46174.json) (`2023-12-01T21:15:08.663`)
* [CVE-2023-49277](CVE-2023/CVE-2023-492xx/CVE-2023-49277.json) (`2023-12-01T21:15:08.857`)
* [CVE-2023-44381](CVE-2023/CVE-2023-443xx/CVE-2023-44381.json) (`2023-12-01T22:15:09.573`)
* [CVE-2023-44382](CVE-2023/CVE-2023-443xx/CVE-2023-44382.json) (`2023-12-01T22:15:09.780`)
* [CVE-2023-44402](CVE-2023/CVE-2023-444xx/CVE-2023-44402.json) (`2023-12-01T22:15:09.970`)
* [CVE-2023-46746](CVE-2023/CVE-2023-467xx/CVE-2023-46746.json) (`2023-12-01T22:15:10.167`)
* [CVE-2023-48314](CVE-2023/CVE-2023-483xx/CVE-2023-48314.json) (`2023-12-01T22:15:10.360`)
* [CVE-2023-49276](CVE-2023/CVE-2023-492xx/CVE-2023-49276.json) (`2023-12-01T22:15:10.563`)
* [CVE-2023-49281](CVE-2023/CVE-2023-492xx/CVE-2023-49281.json) (`2023-12-01T22:15:10.760`)
* [CVE-2023-6462](CVE-2023/CVE-2023-64xx/CVE-2023-6462.json) (`2023-12-01T22:15:10.960`)
### CVEs modified in the last Commit
Recently modified CVEs: `55`
Recently modified CVEs: `23`
* [CVE-2023-5885](CVE-2023/CVE-2023-58xx/CVE-2023-5885.json) (`2023-12-01T20:10:57.750`)
* [CVE-2023-47503](CVE-2023/CVE-2023-475xx/CVE-2023-47503.json) (`2023-12-01T20:13:12.863`)
* [CVE-2023-48711](CVE-2023/CVE-2023-487xx/CVE-2023-48711.json) (`2023-12-01T20:13:43.540`)
* [CVE-2023-6276](CVE-2023/CVE-2023-62xx/CVE-2023-6276.json) (`2023-12-01T20:14:23.160`)
* [CVE-2023-48796](CVE-2023/CVE-2023-487xx/CVE-2023-48796.json) (`2023-12-01T20:14:35.870`)
* [CVE-2023-5974](CVE-2023/CVE-2023-59xx/CVE-2023-5974.json) (`2023-12-01T20:14:58.070`)
* [CVE-2023-44303](CVE-2023/CVE-2023-443xx/CVE-2023-44303.json) (`2023-12-01T20:16:07.103`)
* [CVE-2023-6345](CVE-2023/CVE-2023-63xx/CVE-2023-6345.json) (`2023-12-01T20:18:41.460`)
* [CVE-2023-6346](CVE-2023/CVE-2023-63xx/CVE-2023-6346.json) (`2023-12-01T20:20:30.500`)
* [CVE-2023-6347](CVE-2023/CVE-2023-63xx/CVE-2023-6347.json) (`2023-12-01T20:24:37.130`)
* [CVE-2023-6350](CVE-2023/CVE-2023-63xx/CVE-2023-6350.json) (`2023-12-01T20:28:07.370`)
* [CVE-2023-47865](CVE-2023/CVE-2023-478xx/CVE-2023-47865.json) (`2023-12-01T20:38:33.720`)
* [CVE-2023-5906](CVE-2023/CVE-2023-59xx/CVE-2023-5906.json) (`2023-12-01T20:40:23.673`)
* [CVE-2023-5737](CVE-2023/CVE-2023-57xx/CVE-2023-5737.json) (`2023-12-01T20:41:26.787`)
* [CVE-2023-5845](CVE-2023/CVE-2023-58xx/CVE-2023-5845.json) (`2023-12-01T20:48:51.303`)
* [CVE-2023-6329](CVE-2023/CVE-2023-63xx/CVE-2023-6329.json) (`2023-12-01T20:50:45.717`)
* [CVE-2023-41257](CVE-2023/CVE-2023-412xx/CVE-2023-41257.json) (`2023-12-01T20:51:01.553`)
* [CVE-2023-40194](CVE-2023/CVE-2023-401xx/CVE-2023-40194.json) (`2023-12-01T20:51:53.920`)
* [CVE-2023-39542](CVE-2023/CVE-2023-395xx/CVE-2023-39542.json) (`2023-12-01T20:52:29.170`)
* [CVE-2023-38573](CVE-2023/CVE-2023-385xx/CVE-2023-38573.json) (`2023-12-01T20:52:57.627`)
* [CVE-2023-49316](CVE-2023/CVE-2023-493xx/CVE-2023-49316.json) (`2023-12-01T20:54:48.077`)
* [CVE-2023-32616](CVE-2023/CVE-2023-326xx/CVE-2023-32616.json) (`2023-12-01T20:55:14.250`)
* [CVE-2023-35985](CVE-2023/CVE-2023-359xx/CVE-2023-35985.json) (`2023-12-01T20:55:23.353`)
* [CVE-2023-6219](CVE-2023/CVE-2023-62xx/CVE-2023-6219.json) (`2023-12-01T20:57:20.553`)
* [CVE-2023-29770](CVE-2023/CVE-2023-297xx/CVE-2023-29770.json) (`2023-12-01T20:57:34.647`)
* [CVE-2014-125084](CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json) (`2023-12-01T22:03:27.830`)
* [CVE-2014-125081](CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json) (`2023-12-01T22:04:49.620`)
* [CVE-2014-125093](CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json) (`2023-12-01T22:05:39.367`)
* [CVE-2014-125095](CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json) (`2023-12-01T22:08:11.780`)
* [CVE-2014-125096](CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json) (`2023-12-01T22:10:36.937`)
* [CVE-2017-20155](CVE-2017/CVE-2017-201xx/CVE-2017-20155.json) (`2023-12-01T22:07:13.797`)
* [CVE-2017-20156](CVE-2017/CVE-2017-201xx/CVE-2017-20156.json) (`2023-12-01T22:09:35.407`)
* [CVE-2022-40433](CVE-2022/CVE-2022-404xx/CVE-2022-40433.json) (`2023-12-01T21:15:07.527`)
* [CVE-2023-49145](CVE-2023/CVE-2023-491xx/CVE-2023-49145.json) (`2023-12-01T21:01:41.407`)
* [CVE-2023-46480](CVE-2023/CVE-2023-464xx/CVE-2023-46480.json) (`2023-12-01T21:04:35.097`)
* [CVE-2023-46355](CVE-2023/CVE-2023-463xx/CVE-2023-46355.json) (`2023-12-01T21:17:19.887`)
* [CVE-2023-25632](CVE-2023/CVE-2023-256xx/CVE-2023-25632.json) (`2023-12-01T21:17:40.063`)
* [CVE-2023-43754](CVE-2023/CVE-2023-437xx/CVE-2023-43754.json) (`2023-12-01T21:18:42.600`)
* [CVE-2023-45223](CVE-2023/CVE-2023-452xx/CVE-2023-45223.json) (`2023-12-01T21:22:56.440`)
* [CVE-2023-47168](CVE-2023/CVE-2023-471xx/CVE-2023-47168.json) (`2023-12-01T21:24:07.470`)
* [CVE-2023-48268](CVE-2023/CVE-2023-482xx/CVE-2023-48268.json) (`2023-12-01T21:30:14.497`)
* [CVE-2023-48369](CVE-2023/CVE-2023-483xx/CVE-2023-48369.json) (`2023-12-01T21:37:48.153`)
* [CVE-2023-6202](CVE-2023/CVE-2023-62xx/CVE-2023-6202.json) (`2023-12-01T21:40:49.863`)
* [CVE-2023-5960](CVE-2023/CVE-2023-59xx/CVE-2023-5960.json) (`2023-12-01T21:43:59.323`)
* [CVE-2023-32063](CVE-2023/CVE-2023-320xx/CVE-2023-32063.json) (`2023-12-01T21:46:28.420`)
* [CVE-2023-48713](CVE-2023/CVE-2023-487xx/CVE-2023-48713.json) (`2023-12-01T21:53:20.687`)
* [CVE-2023-32065](CVE-2023/CVE-2023-320xx/CVE-2023-32065.json) (`2023-12-01T22:00:52.193`)
* [CVE-2023-32064](CVE-2023/CVE-2023-320xx/CVE-2023-32064.json) (`2023-12-01T22:01:44.107`)
## Download and Usage