admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-30T15:00:18.370884+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-30 15:00:22 +00:00
parent f38fe7dcb2
commit ae914437f6
129 changed files with 4208 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-354xx/CVE-2020-35438.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-35438",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-11T13:15:09.597",
"lastModified": "2021-05-17T17:12:05.217",
"lastModified": "2023-11-30T13:18:13.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kk_star_ratings_project:kk_star_ratings:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:kamalkhan:kk_star_ratings:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.1.5",
"matchCriteriaId": "E3CFF5EC-1204-4C85-9130-384A08FF8866"
"matchCriteriaId": "D2BDFE37-1565-4490-A260-C900EEA2AD8D"
}
]
}

8
CVE-2021/CVE-2021-368xx/CVE-2021-36806.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-36806",
"sourceIdentifier": "security-alert@sophos.com",
"published": "2023-11-30T10:15:07.183",
"lastModified": "2023-11-30T10:15:07.183",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on \n\nSophos Email Appliance \n\nolder than version 4.5.3.4.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad XSS reflejada permite una redirecci\u00f3n abierta cuando la v\u00edctima hace clic en un enlace malicioso a una p\u00e1gina de error en Sophos Email Appliance anterior a la versi\u00f3n 4.5.3.4."
}
],
"metrics": {

10
CVE-2022/CVE-2022-34xx/CVE-2022-3436.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3436",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-09T09:15:10.073",
"lastModified": "2023-11-07T03:51:14.920",
"lastModified": "2023-11-30T14:15:08.173",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -98,6 +98,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176007/Online-Student-Clearance-System-1.0-Shell-Upload.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.210367",
"source": "cna@vuldb.com",

8
CVE-2022/CVE-2022-425xx/CVE-2022-42536.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-42536",
"sourceIdentifier": "security@android.com",
"published": "2023-11-29T22:15:07.110",
"lastModified": "2023-11-29T22:15:07.110",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Remote code execution"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n remota de c\u00f3digo"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-425xx/CVE-2022-42537.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-42537",
"sourceIdentifier": "security@android.com",
"published": "2023-11-29T22:15:07.173",
"lastModified": "2023-11-29T22:15:07.173",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Remote code execution"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n remota de c\u00f3digo"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-425xx/CVE-2022-42538.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-42538",
"sourceIdentifier": "security@android.com",
"published": "2023-11-29T22:15:07.220",
"lastModified": "2023-11-29T22:15:07.220",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Elevation of privilege"
},
{
"lang": "es",
"value": "Elevaci\u00f3n de privilegios"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-425xx/CVE-2022-42539.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-42539",
"sourceIdentifier": "security@android.com",
"published": "2023-11-29T22:15:07.267",
"lastModified": "2023-11-29T22:15:07.267",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure"
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-425xx/CVE-2022-42540.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-42540",
"sourceIdentifier": "security@android.com",
"published": "2023-11-29T22:15:07.317",
"lastModified": "2023-11-29T22:15:07.317",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Elevation of privilege"
},
{
"lang": "es",
"value": "Elevaci\u00f3n de privilegios"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-425xx/CVE-2022-42541.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-42541",
"sourceIdentifier": "security@android.com",
"published": "2023-11-29T22:15:07.363",
"lastModified": "2023-11-29T22:15:07.363",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Remote code execution"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n remota de c\u00f3digo"
}
],
"metrics": {},

4
CVE-2022/CVE-2022-451xx/CVE-2022-45135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45135",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-30T08:15:07.063",
"lastModified": "2023-11-30T12:15:07.633",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

10
CVE-2022/CVE-2022-468xx/CVE-2022-46843.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46843",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-03-27T14:15:07.607",
"lastModified": "2023-11-07T03:56:03.073",
"lastModified": "2023-11-30T13:07:41.940",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 2.7
},
{
"source": "21595511-bba5-4825-b968-b78d1f9984a3",
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "21595511-bba5-4825-b968-b78d1f9984a3",
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
@ -75,9 +75,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce_vietnam_checkout_project:woocommerce_vietnam_checkout:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:levantoan:woocommerce_vietnam_checkout:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.5",
"matchCriteriaId": "E93D19C6-3996-4628-859D-911B5E90927D"
"matchCriteriaId": "CD1B0252-A40C-4ABD-9C39-D1E02F538916"
}
]
}

55
CVE-2023/CVE-2023-322xx/CVE-2023-32291.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32291",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:07.347",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through 8.14.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/google-analytics-premium/wordpress-monsterinsights-pro-plugin-8-14-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-333xx/CVE-2023-33333.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33333",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:08.323",
"lastModified": "2023-11-30T14:48:40.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-6-1-csrf-to-site-wide-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/complianz-gdpr/wordpress-complianz-plugin-6-4-4-csrf-lead-to-site-wide-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-340xx/CVE-2023-34030.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34030",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:09.397",
"lastModified": "2023-11-30T14:48:40.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-7-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/complianz-gdpr/wordpress-complianz-plugin-6-4-5-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-351xx/CVE-2023-35137.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35137",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:42.460",
"lastModified": "2023-11-30T02:15:42.460",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n incorrecta en el m\u00f3dulo de autenticaci\u00f3n de la versi\u00f3n de firmware V5.21(AAZF.14)C0 de Zyxel NAS326 y la versi\u00f3n de firmware NAS542 V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante no autenticado obtenga informaci\u00f3n del sistema enviando una URL manipulada a un dispositivo vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-351xx/CVE-2023-35138.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35138",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:42.737",
"lastModified": "2023-11-30T02:15:42.737",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the \u201cshow_zysync_server_contents\u201d function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n \u201cshow_zysync_server_contents\u201d de la versi\u00f3n de firmware V5.21(AAZF.14)C0 de Zyxel NAS326 y la versi\u00f3n de firmware NAS542 V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante no autenticado ejecute alg\u00fan comando sistema operativo (OS) enviando una solicitud HTTP POST manipulada."
}
],
"metrics": {

55
CVE-2023/CVE-2023-366xx/CVE-2023-36682.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36682",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:09.583",
"lastModified": "2023-11-30T14:48:40.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-schema-pro/wordpress-schema-pro-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-366xx/CVE-2023-36685.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36685",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:09.787",
"lastModified": "2023-11-30T14:48:40.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cartflows-pro/wordpress-cartflows-pro-plugin-1-11-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-378xx/CVE-2023-37867.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37867",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:09.983",
"lastModified": "2023-11-30T14:48:40.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR \u2013 Yet Another Star Rating Plugin for WordPress.This issue affects YASR \u2013 Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/yet-another-stars-rating/wordpress-yasr-yet-another-stars-rating-plugin-3-3-8-race-condition-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

65
CVE-2023/CVE-2023-379xx/CVE-2023-37924.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37924",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-22T10:15:07.577",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T14:00:17.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Apache Software Foundation Apache Submarine tiene una vulnerabilidad de inyecci\u00f3n SQL cuando un usuario inicia sesi\u00f3n. Este problema puede provocar un inicio de sesi\u00f3n no autorizado. Ahora hemos solucionado este problema y ahora el usuario debe tener el inicio de sesi\u00f3n correcto para acceder al banco de trabajo. Este problema afecta a Apache Submarine: desde 0.7.0 antes de 0.8.0. Recomendamos que todos los usuarios de Submarine con 0.7.0 actualicen a 0.8.0, que no solo soluciona el problema, admite el modo de autenticaci\u00f3n oidc, sino que tambi\u00e9n elimina el caso de inicios de sesi\u00f3n no autenticados. Si utiliza una versi\u00f3n inferior a 0.8.0 y no desea actualizar, puede probar PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull /1054 y reconstruir la imagen del servidor submarino para solucionar este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,18 +50,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.7.0",
"versionEndExcluding": "0.8.0",
"matchCriteriaId": "5227C744-A013-4BBA-945F-E7BCE19AA4B8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/apache/submarine/pull/1037",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://issues.apache.org/jira/browse/SUBMARINE-1361",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-379xx/CVE-2023-37927.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37927",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:42.940",
"lastModified": "2023-11-30T02:15:42.940",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales en el programa CGI del firmware Zyxel NAS326 versi\u00f3n V5.21(AAZF.14)C0 y NAS542 versi\u00f3n V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante autenticado ejecute alg\u00fan sistema operativo (OS ) comandos enviando una URL manipulada a un dispositivo vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-379xx/CVE-2023-37928.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37928",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:43.137",
"lastModified": "2023-11-30T02:15:43.137",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en el servidor WSGI de la versi\u00f3n de firmware V5.21(AAZF.14)C0 de Zyxel NAS326 y la versi\u00f3n de firmware NAS542 V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante autenticado ejecute alg\u00fan sistema operativo ( OS) enviando una URL manipulada a un dispositivo vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-37xx/CVE-2023-3741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3741",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-30T01:15:07.187",
"lastModified": "2023-11-30T01:15:07.187",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en NEC Platforms DT900 and DT900S Series, todas las versiones, permite a un atacante ejecutar cualquier comando en el dispositivo."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-384xx/CVE-2023-38474.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38474",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:07.550",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/forms-for-campaign-monitor/wordpress-campaign-monitor-for-wordpress-plugin-2-8-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

77
CVE-2023/CVE-2023-388xx/CVE-2023-38881.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-38881",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T19:15:08.640",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T14:19:39.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en la versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED permite a atacantes remotos ejecutar JavaScript arbitrario en el navegador web de un usuario, al incluir un payload malicioso en cualquiera de los archivos 'calendar_id', 'school_date ', par\u00e1metros 'mes' o 'a\u00f1o' en 'CalendarModal.php'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
"matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38881",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-388xx/CVE-2023-38882.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-38882",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T19:15:08.683",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T14:20:28.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) reflejada en la versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED permite a atacantes remotos ejecutar JavaScript arbitrario en el navegador web de un usuario, al incluir un payload malicioso en el par\u00e1metro 'include' en 'ForExport. php'"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
"matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38882",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

78
CVE-2023/CVE-2023-388xx/CVE-2023-38883.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-38883",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T19:15:08.730",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T14:21:33.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) reflejada en la versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED permite a atacantes remotos ejecutar JavaScript arbitrario en el navegador web de un usuario, al incluir un payload malicioso en el par\u00e1metro 'ajax' en 'ParentLookup.php'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
"matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38883",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-388xx/CVE-2023-38884.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-38884",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T19:15:08.773",
"lastModified": "2023-11-20T19:18:46.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T14:22:37.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Insecure Direct Object Reference (IDOR) en la versi\u00f3n Community Edition 9.0 de openSIS Classic permite que un atacante remoto no autenticado acceda a los archivos de cualquier estudiante visitando '/assets/studentfiles/-'"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
"matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-388xx/CVE-2023-38885.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-38885",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T19:15:08.820",
"lastModified": "2023-11-20T19:18:46.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T14:23:35.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request."
},
{
"lang": "es",
"value": "OpenSIS Classic Community Edition versi\u00f3n 9.0 carece de protecci\u00f3n contra ataques de Cross-Site Request Forgery (CSRF) en toda la aplicaci\u00f3n. Esto puede permitir a un atacante enga\u00f1ar a un usuario autenticado para que realice cualquier tipo de solicitud de cambio de estado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
"matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38885",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

8
CVE-2023/CVE-2023-404xx/CVE-2023-40458.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40458",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-11-29T23:15:20.367",
"lastModified": "2023-11-29T23:15:20.367",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a \nDenial of Service (DoS) condition for ACEManager without impairing \nother router functions. This condition is cleared by restarting the \ndevice.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de bucle con condici\u00f3n de salida inalcanzable (\"bucle infinito\") en Sierra Wireless, Inc. ALEOS podr\u00eda potencialmente permitir que un atacante remoto active una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) para ACEManager sin afectar otras funciones del router. Esta condici\u00f3n se elimina reiniciando el dispositivo."
}
],
"metrics": {

55
CVE-2023/CVE-2023-406xx/CVE-2023-40674.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40674",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:07.740",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-urls/wordpress-simple-urls-plugin-117-shortcode-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-406xx/CVE-2023-40680.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40680",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:07.927",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wordpress-seo/wordpress-yoast-seo-plugin-21-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-411xx/CVE-2023-41127.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41127",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:08.120",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/evergreen-content-poster/wordpress-evergreen-content-poster-plugin-1-3-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-411xx/CVE-2023-41128.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41128",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:08.310",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap \u2013 Product Feedback Board allows Stored XSS.This issue affects WP Roadmap \u2013 Product Feedback Board: from n/a through 1.0.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-roadmap/wordpress-wp-roadmap-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-411xx/CVE-2023-41136.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41136",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:07.773",
"lastModified": "2023-11-30T12:15:07.773",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.This issue affects Simple Long Form: from n/a through 2.2.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Laurence/OhMyBox.Info Simple Long Form permite almacenar XSS. Este problema afecta a Simple Long Form: desde n/a hasta 2.2.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4473.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4473",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:43.347",
"lastModified": "2023-11-30T02:15:43.347",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el servidor web de la versi\u00f3n de firmware V5.21(AAZF.14)C0 de Zyxel NAS326 y la versi\u00f3n de firmware NAS542 V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante no autenticado ejecute algunos comandos del sistema operativo (SO). enviando una URL manipulada a un dispositivo vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4474.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4474",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:43.553",
"lastModified": "2023-11-30T02:15:43.553",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales en el servidor WSGI del firmware Zyxel NAS326 versi\u00f3n V5.21(AAZF.14)C0 y NAS542 versi\u00f3n V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante no autenticado ejecute alg\u00fan sistema operativo (OS ) comandos enviando una URL manipulada a un dispositivo vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-450xx/CVE-2023-45050.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45050",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:07.983",
"lastModified": "2023-11-30T12:15:07.983",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack \u2013 WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack \u2013 WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Automattic Jetpack \u2013 WP Security, Backup, Speed, &amp; Growth permite almacenar XSS. Este problema afecta a Jetpack \u2013 WP Security, Backup, Speed, &amp; Growth: desde n/a hasta 12.8-a.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-474xx/CVE-2023-47418.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47418",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T06:15:46.873",
"lastModified": "2023-11-30T06:15:46.873",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript."
},
{
"lang": "es",
"value": "La vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en o2oa versi\u00f3n 8.1.2 y anteriores permite a los atacantes crear una nueva interfaz en la funci\u00f3n de administraci\u00f3n de servicios para ejecutar JavaScript."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-474xx/CVE-2023-47463.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47463",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T05:15:08.950",
"lastModified": "2023-11-30T05:15:08.950",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function."
},
{
"lang": "es",
"value": "Vulnerabilidad de permisos inseguros en GL.iNet AX1800 versi\u00f3n 4.0.0 anterior a 4.5.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para la funci\u00f3n de autenticaci\u00f3n gl_nas_sys."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-474xx/CVE-2023-47464.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47464",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T05:15:09.060",
"lastModified": "2023-11-30T05:15:09.060",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function."
},
{
"lang": "es",
"value": "Vulnerabilidad de permisos inseguros en GL.iNet AX1800 versi\u00f3n 4.0.0 anterior a 4.5.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de carga API."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47505.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47505",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:08.180",
"lastModified": "2023-11-30T12:15:08.180",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web (\"Cross-site Scripting\") en Elementor.Com Elementor permite Cross-Site Scripting (XSS). Este problema afecta a Elementor: desde n/a hasta 3.16.4."
}
],
"metrics": {

55
CVE-2023/CVE-2023-476xx/CVE-2023-47645.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47645",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:10.200",
"lastModified": "2023-11-30T14:48:40.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-2-6-delete-form-submission-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-477xx/CVE-2023-47777.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:08.370",
"lastModified": "2023-11-30T12:15:08.370",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en Automattic WooCommerce, Automattic WooCommerce Blocks permite XSS almacenado. Este problema afecta a WooCommerce: desde n/a hasta 8.1.1; WooCommerce Blocks: desde n/a hasta 11.1.1."
}
],
"metrics": {

55
CVE-2023/CVE-2023-478xx/CVE-2023-47827.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47827",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:10.390",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/events-addon-for-elementor/wordpress-events-addon-for-elementor-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-478xx/CVE-2023-47850.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47850",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:08.560",
"lastModified": "2023-11-30T12:15:08.560",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles permite almacenar XSS. Este problema afecta a Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: desde n/a hasta 6.2.2.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47851.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47851",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:08.757",
"lastModified": "2023-11-30T12:15:08.757",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate permite almacenar XSS. Este problema afecta a Bootstrap Shortcodes Ultimate: desde n/a hasta 4.3.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47854.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47854",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:08.950",
"lastModified": "2023-11-30T12:15:08.950",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS.This issue affects Parallax Image: from n/a through 1.7.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Howard Ehrenberg Parallax Image permite almacenar XSS. Este problema afecta a Parallax Image: desde n/a hasta 1.7.1."
}
],
"metrics": {

55
CVE-2023/CVE-2023-47xx/CVE-2023-4770.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4770",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:11.880",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48279.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48279",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:10.590",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/seraphinite-post-docx-source/wordpress-seraphinite-post-docx-source-plugin-2-16-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48281.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48281",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:10.783",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.This issue affects Broken Link Checker for YouTube: from n/a through 1.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/broken-link-checker-for-youtube/wordpress-broken-link-checker-for-youtube-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48282.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48282",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:08.503",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/taxonomy-filter/wordpress-taxonomy-filter-plugin-2-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48283.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48283",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:08.713",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-testimonials-showcase/wordpress-simple-testimonials-showcase-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48284.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48284",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:08.933",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator \u2013 WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator \u2013 WooCommerce Email Customizer: from n/a through 1.2.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/decorator-woocommerce-email-customizer/wordpress-decorator-woocommerce-email-customizer-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-482xx/CVE-2023-48289.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48289",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:09.140",
"lastModified": "2023-11-30T12:15:09.140",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en SpreadsheetConverter Import Spreadsheets from Microsoft Excel permite almacenar XSS. Este problema afecta a Import Spreadsheets from Microsoft Excel: desde n/a hasta 10.1.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-483xx/CVE-2023-48322.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48322",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:09.333",
"lastModified": "2023-11-30T12:15:09.333",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees: from n/a through 1.13.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en eDoc Intelligence eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees permite XSS reflejado. Este problema afecta a eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees: desde n/a hasta 1.13."
}
],
"metrics": {

55
CVE-2023/CVE-2023-483xx/CVE-2023-48323.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48323",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:09.123",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support \u2013 WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support \u2013 WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-wordpress-helpdesk-support-plugin-plugin-6-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-483xx/CVE-2023-48326.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48326",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:09.523",
"lastModified": "2023-11-30T12:15:09.523",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Pixelite Events Manager permite XSS Reflejado. Este problema afecta a Events Manager: desde n/a hasta 6.4.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-483xx/CVE-2023-48329.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48329",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T12:15:09.713",
"lastModified": "2023-11-30T12:15:09.713",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CodeBard Fast Custom Social Share de CodeBard permite almacenar XSS. Este problema afecta a Fast Custom Social Share de CodeBard: desde n/a hasta 1.1.1."
}
],
"metrics": {

55
CVE-2023/CVE-2023-483xx/CVE-2023-48330.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48330",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:09.310",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bulk-comment-remove/wordpress-bulk-comment-remove-plugin-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48331.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48331",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:09.500",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mybooktable/wordpress-mybooktable-bookstore-by-stormhill-media-plugin-3-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48334.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48334",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:09.693",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/league-table-lite/wordpress-league-table-plugin-1-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-483xx/CVE-2023-48336.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48336",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T11:15:12.907",
"lastModified": "2023-11-30T11:15:12.907",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48737",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T11:15:13.760",
"lastModified": "2023-11-30T11:15:13.760",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-487xx/CVE-2023-48742.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48742",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T14:15:10.983",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/license-manager-for-woocommerce/wordpress-license-manager-for-woocommerce-plugin-2-2-10-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-487xx/CVE-2023-48743.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48743",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T11:15:14.023",
"lastModified": "2023-11-30T11:15:14.023",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-487xx/CVE-2023-48744.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48744",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-30T13:15:09.893",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/availability-calendar/wordpress-availability-calendar-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48912.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48912",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T14:15:11.177",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20article%20management%20modification%20section.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48913.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48913",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T14:15:11.220",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Tiamat-ron/cms/blob/main/The%20deletion%20function%20of%20the%20Article%20Management%20Office%20exists%20in%20CSRF.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48914.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48914",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T14:15:11.273",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20newly%20added%20section%20of%20article%20management.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48963.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48963",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T14:15:11.477",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/daodaoshao/vul_tenda_i6_1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-489xx/CVE-2023-48964.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48964",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T14:15:11.670",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/daodaoshao/vul_tenda_i6_2",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-490xx/CVE-2023-49052.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49052",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-30T07:15:08.177",
"lastModified": "2023-11-30T07:15:08.177",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos en Microweber v.2.0.4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para la funci\u00f3n de carga de archivos en el componente de formularios creado."
}
],
"metrics": {},

75
CVE-2023/CVE-2023-490xx/CVE-2023-49060.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-49060",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.560",
"lastModified": "2023-11-21T16:30:00.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T14:29:10.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120."
},
{
"lang": "es",
"value": "Un atacante podr\u00eda haber accedido a p\u00e1ginas o datos internos filtrando una clave de seguridad de ReaderMode a trav\u00e9s del atributo \"referrerpolicy\". Esta vulnerabilidad afecta a Firefox para iOS &lt; 120."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "BFCA44B4-7729-4424-B92F-5CBE873E4C8D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861405",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Not Applicable"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-51/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-490xx/CVE-2023-49076.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49076",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T06:15:46.937",
"lastModified": "2023-11-30T06:15:46.937",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5."
},
{
"lang": "es",
"value": "El framework de datos del cliente permite la gesti\u00f3n de los datos del cliente dentro de Pimcore. No hay tokens ni encabezados para evitar que se produzcan ataques CSRF, por lo que un atacante podr\u00eda aprovechar esta vulnerabilidad para crear nuevos clientes. Este problema se solucion\u00f3 en la versi\u00f3n 4.0.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49077.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49077",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T07:15:08.267",
"lastModified": "2023-11-30T07:15:08.267",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11."
},
{
"lang": "es",
"value": "Mailcow: dockerized es un software colaborativo/paquete de correo electr\u00f3nico de c\u00f3digo abierto basado en Docker. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) dentro de la interfaz de usuario de cuarentena del sistema. Esta vulnerabilidad representa una amenaza importante para los administradores que utilizan la funci\u00f3n Cuarentena. Un atacante puede enviar un correo electr\u00f3nico cuidadosamente elaborado que contenga c\u00f3digo JavaScript malicioso. Este problema se solucion\u00f3 en la versi\u00f3n 2023-11."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49081.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49081",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T07:15:08.723",
"lastModified": "2023-11-30T07:15:08.723",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0."
},
{
"lang": "es",
"value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Una validaci\u00f3n incorrecta hizo posible que un atacante modificara la solicitud HTTP (por ejemplo, para insertar un nuevo encabezado) o creara una nueva solicitud HTTP si el atacante controla la versi\u00f3n HTTP. La vulnerabilidad s\u00f3lo ocurre si el atacante puede controlar la versi\u00f3n HTTP de la solicitud. Este problema se solucion\u00f3 en la versi\u00f3n 3.9.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49087.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49087",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T06:15:47.173",
"lastModified": "2023-11-30T06:15:47.173",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
},
{
"lang": "es",
"value": "xml-security es una librer\u00eda que implementa cifrado y firmas XML. La validaci\u00f3n de una firma XML requiere verificar que el valor hash del documento XML relacionado coincida con un valor DigestValue espec\u00edfico, pero tambi\u00e9n que la firma criptogr\u00e1fica en el \u00e1rbol SignedInfo (el que contiene el DigestValue) verifique y coincida con una clave p\u00fablica confiable. Si un atacante de alguna manera (es decir, explotando un error en la funci\u00f3n de canonicalizaci\u00f3n de PHP) logra manipular el DigestValue de la versi\u00f3n canonicalizada, ser\u00eda posible falsificar la firma. Este problema se solucion\u00f3 en las versiones 1.6.12 y 5.0.0-alpha.13."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49094.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49094",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T05:15:09.123",
"lastModified": "2023-11-30T05:15:09.123",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.\n"
},
{
"lang": "es",
"value": "Symbolicator es un servicio de simbolizaci\u00f3n para seguimientos de pila y minivolcados nativos con soporte de servidor de s\u00edmbolos. Un atacante podr\u00eda hacer que Symbolicator env\u00ede solicitudes GET HTTP arbitrarias a direcciones IP internas mediante el uso de un endpoint HTTP especialmente manipulado. La respuesta podr\u00eda reflejarse al atacante si tiene una cuenta en la instancia Sentry. El problema se solucion\u00f3 en la versi\u00f3n 23.11.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49095.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49095",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T07:15:09.133",
"lastModified": "2023-11-30T07:15:09.133",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2."
},
{
"lang": "es",
"value": "nexkey es una plataforma de microblogging. Una validaci\u00f3n insuficiente de las solicitudes de ActivityPub recibidas en la bandeja de entrada podr\u00eda permitir que cualquier usuario se haga pasar por otro usuario en determinadas circunstancias. Este problema se solucion\u00f3 en la versi\u00f3n 12.122.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49097.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49097",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T05:15:09.503",
"lastModified": "2023-11-30T05:15:09.503",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. This issue has been patched in versions 2.41.6, 2.40.10 and 2.39.9.\n"
},
{
"lang": "es",
"value": "ZITADEL es un sistema de infraestructura de identidad. ZITADEL utiliza el encabezado de solicitudes de activaci\u00f3n de notificaciones Forwarded o X-Forwarded-Host para crear el enlace del bot\u00f3n enviado en los correos electr\u00f3nicos para confirmar un restablecimiento de contrase\u00f1a con el c\u00f3digo enviado por correo electr\u00f3nico. Si este encabezado se sobrescribe y un usuario hace clic en el enlace a un sitio malicioso en el correo electr\u00f3nico, el c\u00f3digo secreto se puede recuperar y utilizar para restablecer la contrase\u00f1a del usuario y hacerse cargo de su cuenta. Este ataque no puede apoderarse de las cuentas con MFA o sin contrase\u00f1a habilitadas. Este problema se solucion\u00f3 en las versiones 2.41.6, 2.40.10 y 2.39.9."
}
],
"metrics": {

4
CVE-2023/CVE-2023-496xx/CVE-2023-49620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49620",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-30T09:15:07.227",
"lastModified": "2023-11-30T12:15:09.900",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-496xx/CVE-2023-49693.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49693",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-29T23:15:20.567",
"lastModified": "2023-11-29T23:15:20.567",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nNETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.\n\n"
},
{
"lang": "es",
"value": "NETGEAR ProSAFE Network Management System tiene Java Debug Wire Protocol (JDWP) escuchando en el puerto 11611 y usuarios no autenticados pueden acceder a \u00e9l de forma remota, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49694.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49694",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-29T23:15:20.750",
"lastModified": "2023-11-29T23:15:20.750",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.\n\n\n\n"
},
{
"lang": "es",
"value": "Un usuario de sistema operativo con pocos privilegios y acceso a un host de Windows donde est\u00e1 instalado NETGEAR ProSAFE Network Management System puede crear archivos JSP arbitrarios en un directorio de aplicaci\u00f3n web Tomcat. Luego, el usuario puede ejecutar los archivos JSP bajo el contexto de seguridad de SYSTEM."
}
],
"metrics": {

8
CVE-2023/CVE-2023-496xx/CVE-2023-49699.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49699",
"sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae",
"published": "2023-11-30T07:15:09.543",
"lastModified": "2023-11-30T07:15:09.543",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption in IMS while calling VoLTE Streamingmedia Interface "
},
{
"lang": "es",
"value": "Corrupci\u00f3n de la memoria en IMS al llamar a la interfaz VoLTE Streamingmedia"
}
],
"metrics": {

8
CVE-2023/CVE-2023-497xx/CVE-2023-49700.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49700",
"sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae",
"published": "2023-11-30T07:15:09.967",
"lastModified": "2023-11-30T07:15:09.967",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large. "
},
{
"lang": "es",
"value": "Violaciones de las mejores pr\u00e1cticas de seguridad: una operaci\u00f3n de cadena en Streamingmedia escribir\u00e1 m\u00e1s all\u00e1 del final del b\u00fafer de destino de tama\u00f1o fijo si el b\u00fafer de origen es demasiado grande."
}
],
"metrics": {

8
CVE-2023/CVE-2023-497xx/CVE-2023-49701.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49701",
"sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae",
"published": "2023-11-30T08:15:07.273",
"lastModified": "2023-11-30T08:15:07.273",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:05.043",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption in SIM management while USIMPhase2init "
},
{
"lang": "es",
"value": "Corrupci\u00f3n de la memoria en la gesti\u00f3n de SIM mientras USIMFase2init"
}
],
"metrics": {

8
CVE-2023/CVE-2023-497xx/CVE-2023-49733.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49733",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-30T12:15:09.963",
"lastModified": "2023-11-30T12:15:09.963",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Restricci\u00f3n inadecuada de la vulnerabilidad de referencia de entidad externa XML en Apache Cocoon. Este problema afecta a Apache Cocoon: desde 2.2.0 antes de 2.3.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.3.0, que soluciona el problema."
}
],
"metrics": {},

10
CVE-2023/CVE-2023-49xx/CVE-2023-4931.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4931",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-27T14:15:07.930",
"lastModified": "2023-11-27T16:35:06.953",
"lastModified": "2023-11-30T14:15:12.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files."
},
{
"lang": "es",
"value": "La vulnerabilidad del elemento de ruta de b\u00fasqueda no controlada en Plesk Installer afecta a la versi\u00f3n 3.27.0.0. Un atacante local podr\u00eda ejecutar c\u00f3digo arbitrario inyectando archivos DLL en la misma carpeta donde est\u00e1 instalada la aplicaci\u00f3n, lo que provocar\u00eda el secuestro de DLL en los archivos edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll y profapi.dll."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "https://support.plesk.com/hc/en-us/articles/17426121182103",
"source": "cve-coordination@incibe.es"
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-plesk",
"source": "cve-coordination@incibe.es"

8
CVE-2023/CVE-2023-52xx/CVE-2023-5247.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5247",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-30T04:15:07.867",
"lastModified": "2023-11-30T04:15:07.867",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition."
},
{
"lang": "es",
"value": "La vulnerabilidad de ejecuci\u00f3n de c\u00f3digo malicioso debido al control externo del nombre o ruta del archivo en m\u00faltiples productos de software de ingenier\u00eda de Mitsubishi Electric FA permite a un atacante malicioso ejecutar un c\u00f3digo malicioso haciendo que usuarios leg\u00edtimos abran un archivo de proyecto especialmente manipulado, lo que podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n y eliminaci\u00f3n o una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."
}
],
"metrics": {

8
CVE-2023/CVE-2023-52xx/CVE-2023-5274.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5274",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-30T05:15:09.983",
"lastModified": "2023-11-30T05:15:09.983",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la funci\u00f3n de simulaci\u00f3n de GX Works2 permite a un atacante provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en la funci\u00f3n mediante el env\u00edo de paquetes especialmente manipulados. Sin embargo, el atacante necesitar\u00eda enviar los paquetes desde la misma maquina personal donde se ejecuta la funci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-52xx/CVE-2023-5275.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5275",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-30T05:15:10.400",
"lastModified": "2023-11-30T05:15:10.400",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la funci\u00f3n de simulaci\u00f3n de GX Works2 permite a un atacante provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en la funci\u00f3n mediante el env\u00edo de paquetes especialmente manipulados. Sin embargo, el atacante necesitar\u00eda enviar los paquetes desde la misma maquina personal donde se ejecuta la funci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-57xx/CVE-2023-5772.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5772",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-30T04:15:08.090",
"lastModified": "2023-11-30T04:15:08.090",
"vulnStatus": "Received",
"lastModified": "2023-11-30T13:39:13.380",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Debug Log Manager para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.2.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n clear_log(). Esto hace posible que atacantes no autenticados borre el registro de depuraci\u00f3n mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

55
CVE-2023/CVE-2023-59xx/CVE-2023-5965.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5965",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:12.943",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5966.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5966",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:13.450",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm",
"source": "cve-coordination@incibe.es"
}
]
}

37
CVE-2023/CVE-2023-60xx/CVE-2023-6011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6011",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T09:15:07.927",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T13:59:08.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
@ -50,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dece:geodi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.0.27396",
"matchCriteriaId": "6153DD6B-3A60-49BE-B0D7-BA04739EBB58"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0650",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

16
CVE-2023/CVE-2023-60xx/CVE-2023-6022.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6022",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:09.200",
"lastModified": "2023-11-24T23:05:56.763",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-30T13:15:10.103",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the Prefect API."
"value": "An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the open source Prefect web server's API."
},
{
"lang": "es",
@ -35,15 +35,13 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -63,7 +61,7 @@
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",

55
CVE-2023/CVE-2023-60xx/CVE-2023-6026.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6026",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:13.983",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadmin",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6027.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6027",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-30T14:15:14.497",
"lastModified": "2023-11-30T14:48:37.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the \"/pmcadmin/configure.php\" parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadmin",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6071.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6071",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-30T13:15:10.293",
"lastModified": "2023-11-30T13:38:42.753",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413",
"source": "trellixpsirt@trellix.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More