admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-17T17:00:17.609269+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-17 17:00:21 +00:00
parent fe3abca775
commit ad6d5a4ab2
31 changed files with 1744 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2023/CVE-2023-265xx/CVE-2023-26531.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26531",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T01:15:07.410",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:41:51.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? plugin <=\u00a04.2.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento ??? ????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? en versiones &lt;= 4.2.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wbolt:all-in-one_search_automatic_push_management:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.2.7",
"matchCriteriaId": "64CAE9E5-CAA5-4431-A950-E9C84DBCCEED"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/baidu-submit-link/wordpress-baidu-google-bing-indexnow-yandex-plugin-4-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-317xx/CVE-2023-31754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31754",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T04:15:07.697",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:18:53.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 que la interfaz de usuario de Optimizely CMS anterior a v12.16.0 conten\u00eda una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s del panel de Administraci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.16.0",
"matchCriteriaId": "1D53DC11-31A3-46BA-BBD5-9872644CF8AC"
}
]
}
]
}
],
"references": [
{
"url": "https://labs.withsecure.com/advisories/optimizely-admin-panel-dom-xss",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-375xx/CVE-2023-37580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37580",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T16:15:10.327",
"lastModified": "2023-08-04T17:10:21.003",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-17T15:15:11.693",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-07-27",
"cisaActionDue": "2023-08-17",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/17/2",
"source": "cve@mitre.org"
},
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org",

57
CVE-2023/CVE-2023-400xx/CVE-2023-40054.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40054",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-11-09T15:15:07.910",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:47:04.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.\u00a0We found this issue was not resolved in CVE-2023-33226"
},
{
"lang": "es",
"value": "Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEMA. Descubrimos que este problema no se resolvi\u00f3 en CVE-2023-33226."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:network_configuration_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.4",
"matchCriteriaId": "326A77F4-FAF0-4F79-8BC3-2E60C124BD52"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4-1_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40054",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-400xx/CVE-2023-40055.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40055",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-11-09T15:15:08.143",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:43:41.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.\u00a0We found this issue was not resolved in CVE-2023-33227"
},
{
"lang": "es",
"value": "Network Configuration Manager era susceptible a Directory Traversal Remote Code Execution Vulnerability. Esta vulnerabilidad permite que un usuario de bajo nivel realice acciones con privilegios de SYSTEM. Descubrimos que este problema no se resolvi\u00f3 en CVE-2023-33227."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:network_configuration_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.4",
"matchCriteriaId": "326A77F4-FAF0-4F79-8BC3-2E60C124BD52"
}
]
}
]
}
],
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-452xx/CVE-2023-45283.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45283",
"sourceIdentifier": "security@golang.org",
"published": "2023-11-09T17:15:08.757",
"lastModified": "2023-11-09T19:32:04.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:39:56.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,112 @@
"value": "El paquete filepath no reconoce las rutas con el prefijo \\??\\ como especiales. En Windows, una ruta que comienza con \\??\\ es una ruta de dispositivo local ra\u00edz equivalente a una ruta que comienza con \\\\?\\. Se pueden utilizar rutas con un prefijo \\??\\ para acceder a ubicaciones arbitrarias en el sistema. Por ejemplo, la ruta \\??\\c:\\x es equivalente a la ruta m\u00e1s com\u00fan c:\\x. Antes de la soluci\u00f3n, Clean pod\u00eda convertir una ruta ra\u00edz como \\a\\..\\??\\b en la ruta ra\u00edz del dispositivo local \\??\\b. Clean ahora convertir\u00e1 esto a .\\??\\b. De manera similar, Join(\\, ??, b) podr\u00eda convertir una secuencia aparentemente inocente de elementos de ruta en la ruta del dispositivo local ra\u00edz \\??\\b. Unirse ahora convertir\u00e1 esto a \\.\\??\\b. Adem\u00e1s, con la soluci\u00f3n, IsAbs ahora informa correctamente las rutas que comienzan con \\??\\ como absolutas, y VolumeName informa correctamente el prefijo \\??\\ como nombre de volumen."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.11",
"matchCriteriaId": "C1E7C289-7484-4AA8-A96B-07D2E2933258"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0-0",
"versionEndExcluding": "1.21.4",
"matchCriteriaId": "4E3FC16C-41B2-4900-901F-48BDA3DC9ED2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/540277",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://go.dev/issue/63713",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2185",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-452xx/CVE-2023-45284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45284",
"sourceIdentifier": "security@golang.org",
"published": "2023-11-09T17:15:08.813",
"lastModified": "2023-11-09T19:32:04.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:39:27.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,112 @@
"value": "En Windows, la funci\u00f3n IsLocal no detecta correctamente los nombres de dispositivos reservados en algunos casos. Los nombres reservados seguidos de espacios, como \"COM1\", y los nombres reservados \"COM\" y \"LPT\" seguidos del super\u00edndice 1, 2 o 3 se informan incorrectamente como locales. Con la soluci\u00f3n, IsLocal ahora informa correctamente estos nombres como no locales."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.11",
"matchCriteriaId": "C1E7C289-7484-4AA8-A96B-07D2E2933258"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0-0",
"versionEndExcluding": "1.21.4",
"matchCriteriaId": "4E3FC16C-41B2-4900-901F-48BDA3DC9ED2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/540277",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://go.dev/issue/63713",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2186",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-455xx/CVE-2023-45558.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45558",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T03:15:09.210",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:16:58.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en Golden v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtraci\u00f3n del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golden_project:golden:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "2D493C6F-C5FC-4ED8-9631-3FCFB57AEDBF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45558.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-455xx/CVE-2023-45560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45560",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T03:15:09.263",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:13:34.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en la tarjeta de miembro de Yasukawa v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtraci\u00f3n del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:memberscard_project:memberscard:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "EE75DE1F-2116-4880-B989-ACE3879A0F8A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45560.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-460xx/CVE-2023-46023.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-46023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T22:15:30.150",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:00:30.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en addTask.php en Code-Projects Simple Task List 1.0 permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro 'status'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:simple_task_list:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B691815C-6D04-44C0-9DB6-B189933EFC52"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ersinerenler/Code-Projects-Simple-Task-List-1.0/blob/main/CVE-2023-46023-Code-Projects-Simple-Task-List-1.0-SQL-Injection-Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-460xx/CVE-2023-46024.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46024",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T22:15:30.193",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:01:02.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en phpgurukul Teacher Subject Allocation Management System 1.0 permite a atacantes ejecutar comandos SQL arbitrarios y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro 'searchdata'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:teacher_subject_allocation_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDCFA35-D2DD-41B1-9D2F-49FC8443B0A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ersinerenler/phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/blob/main/CVE-2023-46024-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-460xx/CVE-2023-46025.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46025",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T22:15:30.240",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:11:18.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en teacher-info.php en phpgurukul Teacher Subject Allocation Management System 1.0 permite a atacantes obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro 'editid'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:teacher_subject_allocation_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDCFA35-D2DD-41B1-9D2F-49FC8443B0A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ersinerenler/phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/blob/main/CVE-2023-46025-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-460xx/CVE-2023-46026.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46026",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T22:15:30.280",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:32:51.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en profile.php en phpgurukul Teacher Subject Allocation Management System 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros 'adminname' y 'email'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:teacher_subject_allocation_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDCFA35-D2DD-41B1-9D2F-49FC8443B0A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ersinerenler/phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/blob/main/CVE-2023-46026-PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0-Stored-Cross-Site-Scripting-Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-464xx/CVE-2023-46445.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46445",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T03:15:09.470",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:05:45.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en AsyncSSH v2.14.0 y versiones anteriores permite a los atacantes controlar el mensaje de informaci\u00f3n de la extensi\u00f3n (RFC 8308) mediante un ataque de intermediario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.14.1",
"matchCriteriaId": "5CCE165C-9A45-4A7B-95AF-2DF9137B4075"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-465xx/CVE-2023-46580.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46580",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T22:15:30.330",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:32:29.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Scripting (XSS) en Inventory Management V1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro pname del componente editProduct.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:inventory_management:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F61BF0-DE4B-4BE2-825B-83182334ACB1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46580-Code-Projects-Inventory-Management-1.0-Stored-Cross-Site-Scripting-Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-465xx/CVE-2023-46581.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46581",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T22:15:30.380",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:31:31.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Inventory Management v.1.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros name, uname y email electr\u00f3nico en el componente registration.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:inventory_management:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F61BF0-DE4B-4BE2-825B-83182334ACB1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46581-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-467xx/CVE-2023-46743.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46743",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-09T16:15:34.683",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:42:09.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3."
},
{
"lang": "es",
"value": "application-collabora es una integraci\u00f3n de Collabora Online en XWiki. Como parte de los casos de uso de la aplicaci\u00f3n, dependiendo de los derechos que tenga un usuario sobre un documento, deber\u00eda poder abrir los archivos adjuntos de Office en modo de visualizaci\u00f3n o edici\u00f3n. Actualmente, si un usuario abre un archivo adjunto en modo de edici\u00f3n en collabora, este derecho se conservar\u00e1 para todos los usuarios futuros, hasta que se cierre la sesi\u00f3n de edici\u00f3n, incluso si algunos de ellos solo tienen derecho de visualizaci\u00f3n. El servidor de Collabora es el que emite esta solicitud y parece que el par\u00e1metro de consulta `userCanWrite` est\u00e1 almacenado en cach\u00e9, incluso si, por ejemplo, el token no lo est\u00e1. Este problema se solucion\u00f3 en la versi\u00f3n 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:application-collabora:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "08164BF8-B0B5-4C77-B13F-B81350B0ADAA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch"
]
}
]
}

70
CVE-2023/CVE-2023-46xx/CVE-2023-4603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4603",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-13T23:15:08.800",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:21:24.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:star-emea:star_cloudprnt_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.4",
"matchCriteriaId": "1793D1F2-792C-4393-B30A-8BD134592689"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1cRVH7Oz6M2U2XTbNAmm43PDKBw6FzShA/view?usp=sharing",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2991002/star-cloudprnt-for-woocommerce/trunk?contextall=1&old=2510015&old_path=%2Fstar-cloudprnt-for-woocommerce%2Ftrunk",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110c6d41-e814-41c9-a3e7-d94ec3d953e6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47533.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47533",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T21:15:11.670",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:53:53.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <=\u00a01.8.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en wpdevart Countdown and CountUp, WooCommerce Sales Timer en versiones &lt;= 1.8.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdevart:countdown_and_countup\\,_woocommerce_sales_timer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.2",
"matchCriteriaId": "A3EC4D4C-85FF-4A32-8A37-943F3C54F84C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/countdown-wpdevart-extended/wordpress-countdown-and-countup-woocommerce-sales-timer-plugin-1-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47550.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47550",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T20:15:08.463",
"lastModified": "2023-11-14T21:38:09.280",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:55:36.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy \u2013 Smart Donations allows Stored XSS.This issue affects Donations Made Easy \u2013 Smart Donations: from n/a through 4.0.12.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RedNao Donations Made Easy \u2013 Smart Donations permite almacenar XSS. Este problema afecta a Donations Made Easy \u2013 Smart Donations: desde n/a hasta 4.0.12."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rednao:donations_made_easy_-_smart_donations:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0.12",
"matchCriteriaId": "CF2CF4D9-CEA8-405C-AF65-15499E991E4F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smart-donations/wordpress-donations-made-easy-smart-donations-plugin-4-0-12-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47554.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47554",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T20:15:08.667",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:54:55.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK BV Actueel Financieel Nieuws \u2013 Denk Internet Solutions plugin <=\u00a05.1.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en DenK BV Actueel Financieel Nieuws en el complemento Denk Internet Solutions en versiones &lt;= 5.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:denk:actueel_financieel_nieuws:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "FADFB2B2-39B0-472F-9F74-C718666A2E7B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/denk-internet-solutions/wordpress-actueel-financieel-nieuws-denk-internet-solutions-plugin-5-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-476xx/CVE-2023-47609.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47609",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-14T06:15:29.310",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:06:44.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en versiones de OSS Calendar anteriores a la v.2.0.3 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario u obtener y/o alterar la informaci\u00f3n almacenada en la base de datos mediante el env\u00edo de una solicitud especialmente manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oss-calendar:oss_calendar:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "6884FF3A-4C8E-462C-B779-27F762A97755"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN67822421/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://oss-calendar.com/news/20231113/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47646.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47646",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T20:15:08.860",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:54:42.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability in CedCommerce Recently viewed and most viewed products plugin <=\u00a01.1.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de gerente de tienda o superiores) almacenada en el complemento CedCommerce Recently Viewed and Most Viewed Products en versiones &lt;= 1.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cedcommerce:recently_viewed_and_most_viewed_products:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.1",
"matchCriteriaId": "9F77D299-7807-4FE6-B1F6-25410FAA220A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/recently-viewed-and-most-viewed-products/wordpress-recently-viewed-and-most-viewed-products-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47653.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47653",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T19:15:31.413",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:56:48.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu Bakar TWB Woocommerce Reviews plugin <=\u00a01.7.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado autenticado (con permisos de admin o superiores) en el complemento Abu Bakar TWB Woocommerce Reviews en versiones &lt;= 1.7.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:theweb-designs:twb_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.5",
"matchCriteriaId": "C886893A-1C75-4629-B779-40DC802D1C48"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/twb-woocommerce-reviews/wordpress-twb-woocommerce-reviews-plugin-1-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47654.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47654",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T19:15:31.717",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:56:18.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in livescore.Bz BZScore \u2013 Live Score plugin <=\u00a01.03 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en Livescore.Bz BZScore en el complemento Live Score en versiones &lt;= 1.03."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:livescore:bzscore:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "5FA8F9E9-BC03-4E7F-A87E-EFE0D72A16E7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bzscore-live-score/wordpress-bzscore-live-score-plugin-1-03-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47656.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47656",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T19:15:31.937",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:56:07.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <=\u00a07.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado autenticado (con permisos de editor o superiores) en el complemento Marco Milesi ANAC XML Bandi di Gara en versiones &lt;= 7.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:marcomilesi:anac_xml_bandi_di_gara:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.5",
"matchCriteriaId": "1CFE8072-FF06-4EA0-9928-8D7118498273"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/avcp/wordpress-anac-xml-bandi-di-gara-plugin-7-5-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47658.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47658",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T19:15:32.130",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T15:55:48.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <=\u00a03.0.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de gerente de tienda o superiores) almacenada en el complemento actpro Extra Product Options para WooCommerce en versiones &lt;= 3.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:actpro:extra_product_options_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.3",
"matchCriteriaId": "1DE9D911-EA76-4F26-8A99-3BE483BAA8CC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/extra-product-options-for-woocommerce/wordpress-extra-product-options-for-woocommerce-plugin-3-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

121
CVE-2023/CVE-2023-55xx/CVE-2023-5550.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5550",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-11-09T20:15:10.867",
"lastModified": "2023-11-09T20:51:06.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:36:28.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution."
},
{
"lang": "es",
"value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle que tambi\u00e9n tiene acceso directo al servidor web fuera del root web de Moodle podr\u00eda utilizar un archivo local incluido para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,18 +80,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.24",
"matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.17",
"matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.6",
"matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243452",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451591",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-56xx/CVE-2023-5631.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5631",
"sourceIdentifier": "security@eset.com",
"published": "2023-10-18T15:15:08.727",
"lastModified": "2023-11-03T22:15:12.373",
"lastModified": "2023-11-17T15:15:12.237",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-10-26",
"cisaActionDue": "2023-11-16",
@ -145,6 +145,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/11/01/3",
"source": "security@eset.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/17/2",
"source": "security@eset.com"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079",
"source": "security@eset.com",

66
CVE-2023/CVE-2023-60xx/CVE-2023-6054.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6054",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-09T19:15:08.803",
"lastModified": "2023-11-09T19:32:04.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T16:38:56.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tongda OA 2017 hasta 11.9 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo general/wiki/cp/manage/lock.php. La manipulaci\u00f3n del argumento TERM_ID_STR conduce a la inyecci\u00f3n SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-244875. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17F21834-2024-4969-BB2C-1C56D7C85F5D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TinkAnet/cve/blob/main/sql2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.244875",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.244875",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

72
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-17T15:00:17.971726+00:00
2023-11-17T17:00:17.609269+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-17T14:50:40.710000+00:00
2023-11-17T16:47:04.747000+00:00
```
### Last Data Feed Release
@ -34,53 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `14`
Recently added CVEs: `0`
* [CVE-2023-22268](CVE-2023/CVE-2023-222xx/CVE-2023-22268.json) (`2023-11-17T13:15:07.693`)
* [CVE-2023-22272](CVE-2023/CVE-2023-222xx/CVE-2023-22272.json) (`2023-11-17T13:15:07.897`)
* [CVE-2023-22273](CVE-2023/CVE-2023-222xx/CVE-2023-22273.json) (`2023-11-17T13:15:08.097`)
* [CVE-2023-22274](CVE-2023/CVE-2023-222xx/CVE-2023-22274.json) (`2023-11-17T13:15:08.277`)
* [CVE-2023-22275](CVE-2023/CVE-2023-222xx/CVE-2023-22275.json) (`2023-11-17T13:15:08.467`)
* [CVE-2023-44324](CVE-2023/CVE-2023-443xx/CVE-2023-44324.json) (`2023-11-17T13:15:08.927`)
* [CVE-2023-48029](CVE-2023/CVE-2023-480xx/CVE-2023-48029.json) (`2023-11-17T13:15:09.143`)
* [CVE-2023-26347](CVE-2023/CVE-2023-263xx/CVE-2023-26347.json) (`2023-11-17T14:15:20.867`)
* [CVE-2023-26364](CVE-2023/CVE-2023-263xx/CVE-2023-26364.json) (`2023-11-17T14:15:21.083`)
* [CVE-2023-44350](CVE-2023/CVE-2023-443xx/CVE-2023-44350.json) (`2023-11-17T14:15:21.293`)
* [CVE-2023-44351](CVE-2023/CVE-2023-443xx/CVE-2023-44351.json) (`2023-11-17T14:15:21.490`)
* [CVE-2023-44352](CVE-2023/CVE-2023-443xx/CVE-2023-44352.json) (`2023-11-17T14:15:21.693`)
* [CVE-2023-44353](CVE-2023/CVE-2023-443xx/CVE-2023-44353.json) (`2023-11-17T14:15:21.890`)
* [CVE-2023-44355](CVE-2023/CVE-2023-443xx/CVE-2023-44355.json) (`2023-11-17T14:15:22.083`)
### CVEs modified in the last Commit
Recently modified CVEs: `61`
Recently modified CVEs: `30`
* [CVE-2023-39545](CVE-2023/CVE-2023-395xx/CVE-2023-39545.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-39546](CVE-2023/CVE-2023-395xx/CVE-2023-39546.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-39547](CVE-2023/CVE-2023-395xx/CVE-2023-39547.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-41101](CVE-2023/CVE-2023-411xx/CVE-2023-41101.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-41102](CVE-2023/CVE-2023-411xx/CVE-2023-41102.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-44325](CVE-2023/CVE-2023-443xx/CVE-2023-44325.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-44326](CVE-2023/CVE-2023-443xx/CVE-2023-44326.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-48078](CVE-2023/CVE-2023-480xx/CVE-2023-48078.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-45382](CVE-2023/CVE-2023-453xx/CVE-2023-45382.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-45387](CVE-2023/CVE-2023-453xx/CVE-2023-45387.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-48031](CVE-2023/CVE-2023-480xx/CVE-2023-48031.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-48648](CVE-2023/CVE-2023-486xx/CVE-2023-48648.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-48649](CVE-2023/CVE-2023-486xx/CVE-2023-48649.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-38130](CVE-2023/CVE-2023-381xx/CVE-2023-38130.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-42428](CVE-2023/CVE-2023-424xx/CVE-2023-42428.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-47283](CVE-2023/CVE-2023-472xx/CVE-2023-47283.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-47675](CVE-2023/CVE-2023-476xx/CVE-2023-47675.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-39548](CVE-2023/CVE-2023-395xx/CVE-2023-39548.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-47797](CVE-2023/CVE-2023-477xx/CVE-2023-47797.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-4775](CVE-2023/CVE-2023-47xx/CVE-2023-4775.json) (`2023-11-17T13:59:12.040`)
* [CVE-2023-47684](CVE-2023/CVE-2023-476xx/CVE-2023-47684.json) (`2023-11-17T14:12:47.883`)
* [CVE-2023-47363](CVE-2023/CVE-2023-473xx/CVE-2023-47363.json) (`2023-11-17T14:20:37.830`)
* [CVE-2023-47364](CVE-2023/CVE-2023-473xx/CVE-2023-47364.json) (`2023-11-17T14:22:55.423`)
* [CVE-2023-47365](CVE-2023/CVE-2023-473xx/CVE-2023-47365.json) (`2023-11-17T14:28:56.487`)
* [CVE-2023-47680](CVE-2023/CVE-2023-476xx/CVE-2023-47680.json) (`2023-11-17T14:50:40.710`)
* [CVE-2023-46580](CVE-2023/CVE-2023-465xx/CVE-2023-46580.json) (`2023-11-17T15:32:29.183`)
* [CVE-2023-46026](CVE-2023/CVE-2023-460xx/CVE-2023-46026.json) (`2023-11-17T15:32:51.837`)
* [CVE-2023-26531](CVE-2023/CVE-2023-265xx/CVE-2023-26531.json) (`2023-11-17T15:41:51.473`)
* [CVE-2023-47533](CVE-2023/CVE-2023-475xx/CVE-2023-47533.json) (`2023-11-17T15:53:53.267`)
* [CVE-2023-47646](CVE-2023/CVE-2023-476xx/CVE-2023-47646.json) (`2023-11-17T15:54:42.697`)
* [CVE-2023-47554](CVE-2023/CVE-2023-475xx/CVE-2023-47554.json) (`2023-11-17T15:54:55.480`)
* [CVE-2023-47550](CVE-2023/CVE-2023-475xx/CVE-2023-47550.json) (`2023-11-17T15:55:36.170`)
* [CVE-2023-47658](CVE-2023/CVE-2023-476xx/CVE-2023-47658.json) (`2023-11-17T15:55:48.510`)
* [CVE-2023-47656](CVE-2023/CVE-2023-476xx/CVE-2023-47656.json) (`2023-11-17T15:56:07.823`)
* [CVE-2023-47654](CVE-2023/CVE-2023-476xx/CVE-2023-47654.json) (`2023-11-17T15:56:18.253`)
* [CVE-2023-47653](CVE-2023/CVE-2023-476xx/CVE-2023-47653.json) (`2023-11-17T15:56:48.323`)
* [CVE-2023-46023](CVE-2023/CVE-2023-460xx/CVE-2023-46023.json) (`2023-11-17T16:00:30.087`)
* [CVE-2023-46024](CVE-2023/CVE-2023-460xx/CVE-2023-46024.json) (`2023-11-17T16:01:02.297`)
* [CVE-2023-46445](CVE-2023/CVE-2023-464xx/CVE-2023-46445.json) (`2023-11-17T16:05:45.097`)
* [CVE-2023-46025](CVE-2023/CVE-2023-460xx/CVE-2023-46025.json) (`2023-11-17T16:11:18.807`)
* [CVE-2023-45560](CVE-2023/CVE-2023-455xx/CVE-2023-45560.json) (`2023-11-17T16:13:34.593`)
* [CVE-2023-45558](CVE-2023/CVE-2023-455xx/CVE-2023-45558.json) (`2023-11-17T16:16:58.577`)
* [CVE-2023-4603](CVE-2023/CVE-2023-46xx/CVE-2023-4603.json) (`2023-11-17T16:21:24.260`)
* [CVE-2023-5550](CVE-2023/CVE-2023-55xx/CVE-2023-5550.json) (`2023-11-17T16:36:28.377`)
* [CVE-2023-6054](CVE-2023/CVE-2023-60xx/CVE-2023-6054.json) (`2023-11-17T16:38:56.467`)
* [CVE-2023-45284](CVE-2023/CVE-2023-452xx/CVE-2023-45284.json) (`2023-11-17T16:39:27.450`)
* [CVE-2023-45283](CVE-2023/CVE-2023-452xx/CVE-2023-45283.json) (`2023-11-17T16:39:56.683`)
* [CVE-2023-46743](CVE-2023/CVE-2023-467xx/CVE-2023-46743.json) (`2023-11-17T16:42:09.437`)
* [CVE-2023-40055](CVE-2023/CVE-2023-400xx/CVE-2023-40055.json) (`2023-11-17T16:43:41.590`)
* [CVE-2023-40054](CVE-2023/CVE-2023-400xx/CVE-2023-40054.json) (`2023-11-17T16:47:04.747`)
## Download and Usage