admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-30T05:00:25.020170+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-30 05:00:28 +00:00
parent f60ad832f9
commit b52f3d6749
34 changed files with 1867 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2022/CVE-2022-464xx/CVE-2022-46486.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2022-46486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.173",
"lastModified": "2023-12-30T03:15:08.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://jovanbulck.github.io/files/ccs19-tale.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://sconedocs.github.io/release5.7/",
"source": "cve@mitre.org"
}
]
}

40
CVE-2022/CVE-2022-464xx/CVE-2022-46487.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-46487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.233",
"lastModified": "2023-12-30T03:15:08.233",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis."
}
],
"metrics": {},
"references": [
{
"url": "https://jovanbulck.github.io/files/acsac20-fpu.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle",
"source": "cve@mitre.org"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15107",
"source": "cve@mitre.org"
},
{
"url": "https://sconedocs.github.io/release5.7/",
"source": "cve@mitre.org"
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html#inpage-nav-3-3",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-327xx/CVE-2023-32747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32747",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:08.160",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:14:43.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:automattic:woocommerce_bookings:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.15.78",
"matchCriteriaId": "C45515F9-14D5-43F7-A41C-0406E91E554A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-bookings/wordpress-woocommerce-bookings-plugin-1-15-78-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-327xx/CVE-2023-32799.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32799",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:08.520",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:15:10.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:shipping_multiple_addresses:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.8.3",
"matchCriteriaId": "39660B5F-2F2F-4F7A-AEEA-272C2561E57A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-380xx/CVE-2023-38021.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-38021",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.303",
"lastModified": "2023-12-30T03:15:08.303",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76",
"source": "cve@mitre.org"
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2",
"source": "cve@mitre.org"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-380xx/CVE-2023-38022.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38022",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.360",
"lastModified": "2023-12-30T03:15:08.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user."
}
],
"metrics": {},
"references": [
{
"url": "https://jovanbulck.github.io/files/ccs19-tale.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
}
]
}

44
CVE-2023/CVE-2023-380xx/CVE-2023-38023.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-38023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.413",
"lastModified": "2023-12-30T03:15:08.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an \"AEPIC Leak.\""
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76",
"source": "cve@mitre.org"
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://sconedocs.github.io/release5.7/",
"source": "cve@mitre.org"
},
{
"url": "https://sconedocs.github.io/release5.8/",
"source": "cve@mitre.org"
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2",
"source": "cve@mitre.org"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41544.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41544",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T04:15:08.250",
"lastModified": "2023-12-30T04:15:08.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component."
}
],
"metrics": {},
"references": [
{
"url": "https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41544%28JeecgBoot_SSTI%29/",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-471xx/CVE-2023-47191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47191",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:11.767",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:20:37.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.3",
"matchCriteriaId": "A0E475DD-49AD-4029-B609-D7AEC9E1FB4E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/youzify/wordpress-youzify-plugin-1-2-2-insecure-direct-object-reference-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48795",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T16:15:10.897",
"lastModified": "2023-12-29T03:15:11.033",
"lastModified": "2023-12-30T03:15:08.467",
"vulnStatus": "Modified",
"descriptions": [
{
@ -1544,10 +1544,18 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"source": "cve@mitre.org",
@ -1555,6 +1563,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"source": "cve@mitre.org"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES",
"source": "cve@mitre.org",

51
CVE-2023/CVE-2023-497xx/CVE-2023-49752.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49752",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T18:15:13.460",
"lastModified": "2023-12-20T19:52:34.443",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:13:36.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Spoon themes Adifier - Classified Ads WordPress Theme. Este problema afecta a Adifier - Classified Ads WordPress Theme: desde n/a antes de 3.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spoonthemes:adifier:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "FA8FC617-4A22-443D-AF0B-9BE2C62040FE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/adifier/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-497xx/CVE-2023-49765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:12.173",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:21:01.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blazzdev:rate_my_post:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.2",
"matchCriteriaId": "8F9A458F-EA93-452F-9E27-8DEE6203738D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-498xx/CVE-2023-49812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.530",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:09:49.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wppa:wp_photo_album_plus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.5.02.005",
"matchCriteriaId": "AE94941E-749F-41C6-8EC8-B810E4355F91"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-508xx/CVE-2023-50832.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50832",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T18:15:08.277",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:14:20.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Mondula GmbH Multi Step Form permite XSS almacenado. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.13",
"matchCriteriaId": "E8304C95-A917-443B-AD53-E4A0CD79435E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-13-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-508xx/CVE-2023-50834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T19:15:12.670",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:23:31.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:augustinfotech:woocommerce_menu_extension:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.2",
"matchCriteriaId": "71781E8D-C946-44E0-8438-F2EF8C5663FB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-menu-extension/wordpress-woocommerce-menu-extension-plugin-1-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51090.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51090",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.073",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:18:55.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda M3 V1.0.0.12(4856) conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n formGetWeiXinConfig."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:m3_firmware:1.0.0.12\\(4856\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E2C81-574C-4FBB-8DCD-72F62D7A32E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8543333-41FC-48B4-B14C-D763495A1017"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/M3/getWeiXinConfig/M3_getWeiXinConfig.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51091.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51091",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.127",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:18:57.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda M3 V1.0.0.12(4856) conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n R7WebsSecurityHandler."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:m3_firmware:1.0.0.12\\(4856\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E2C81-574C-4FBB-8DCD-72F62D7A32E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8543333-41FC-48B4-B14C-D763495A1017"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/M3/cookie/M3_cookie.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51092.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51092",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.173",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:01.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda M3 V1.0.0.12(4856) conten\u00eda un desbordamiento de pila mediante la actualizaci\u00f3n de la funci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:m3_firmware:1.0.0.12\\(4856\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E2C81-574C-4FBB-8DCD-72F62D7A32E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8543333-41FC-48B4-B14C-D763495A1017"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/M3/upgrade/M3_upgrade.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51093.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51093",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.217",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:03.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda M3 V1.0.0.12(4856) conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n fromSetLocalVlanInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:m3_firmware:1.0.0.12\\(4856\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E2C81-574C-4FBB-8DCD-72F62D7A32E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8543333-41FC-48B4-B14C-D763495A1017"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/M3/setVlanInfo/M3_setVlanInfo.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51094.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51094",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.267",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:05.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda M3 V1.0.0.12(4856) contiene una vulnerabilidad de ejecuci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n TendaTelnet."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:m3_firmware:1.0.0.12\\(4856\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E2C81-574C-4FBB-8DCD-72F62D7A32E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8543333-41FC-48B4-B14C-D763495A1017"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/M3/telnet/M3_telnet.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51095.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51095",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T17:15:08.293",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:18:50.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda M3 V1.0.0.12(4856) conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n formDelWlRfPolicy."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:m3_firmware:1.0.0.12\\(4856\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E2C81-574C-4FBB-8DCD-72F62D7A32E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8543333-41FC-48B4-B14C-D763495A1017"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/M3/delWlPolicyData/M3_delWlPolicyData.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51097.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51097",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.317",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:06.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda W9 V1.0.0.7(4456)_CN conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n formSetAutoPing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "AA838176-0BF8-4BBA-93A8-E367251F27E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D015C5A3-DF6D-45B7-B669-9CCD50C5E704"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/W9/W9_setAutoPing/W9_setAutoPing.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51098.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51098",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.367",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:08.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo ."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda W9 V1.0.0.7(4456)_CN contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n formSetDiagnoseInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "AA838176-0BF8-4BBA-93A8-E367251F27E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D015C5A3-DF6D-45B7-B669-9CCD50C5E704"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/W9/W9_setDiagnoseInfo/W9_setDiagnoseInfo.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51099.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51099",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.413",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:10.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand ."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda W9 V1.0.0.7(4456)_CN contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n formexeCommand."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "AA838176-0BF8-4BBA-93A8-E367251F27E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D015C5A3-DF6D-45B7-B669-9CCD50C5E704"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/W9/W9_execommand/W9_execommand.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-511xx/CVE-2023-51100.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51100",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.460",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:12.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo ."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda W9 V1.0.0.7(4456)_CN contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n formGetDiagnoseInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "AA838176-0BF8-4BBA-93A8-E367251F27E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D015C5A3-DF6D-45B7-B669-9CCD50C5E704"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/W9/W9_getDiagnoseInfo/W9_getDiagnoseInfo.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-511xx/CVE-2023-51101.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51101",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.510",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:13.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda W9 V1.0.0.7(4456)_CN conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n formSetUplinkInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "AA838176-0BF8-4BBA-93A8-E367251F27E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D015C5A3-DF6D-45B7-B669-9CCD50C5E704"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/W9/W9_setUplinkInfo/W9_setUplinkInfo.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-511xx/CVE-2023-51102.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.657",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:19:15.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda W9 V1.0.0.7(4456)_CN conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n formWifiMacFilterSet."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "AA838176-0BF8-4BBA-93A8-E367251F27E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D015C5A3-DF6D-45B7-B669-9CCD50C5E704"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GD008/TENDA/blob/main/W9/W9_WifiMacFilterSet/W9_WifiMacFilterSet.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-70xx/CVE-2023-7018.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-7018",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-20T17:15:08.823",
"lastModified": "2023-12-20T19:52:41.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:13:12.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36."
},
{
"lang": "es",
"value": "Deserializaci\u00f3n de datos que no son de confianza en el repositorio de GitHub huggingface/transformers anteriores a 4.36."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.36.0",
"matchCriteriaId": "A7A810D1-9219-4534-83E2-F3FC5402E521"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-70xx/CVE-2023-7040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7040",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T20:15:08.553",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:25:06.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codelyfe:stupid_simple_cms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.4",
"matchCriteriaId": "700DA84E-DA65-4B87-B847-E4C61E24F5D1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20read.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248689",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248689",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-70xx/CVE-2023-7091.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7091",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-24T21:15:25.530",
"lastModified": "2023-12-25T03:08:09.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:15:29.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Dreamer CMS 4.1.3. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /upload/uploadFile. La manipulaci\u00f3n del archivo de argumentos conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248938 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "113EEBC1-2B91-4AE0-995F-E24A4AD607BC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248938",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248938",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-70xx/CVE-2023-7096.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-25T01:15:08.457",
"lastModified": "2023-12-25T03:08:09.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:16:06.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Faculty Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/php/crud.php. The manipulation of the argument fieldname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248948."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los proyectos de c\u00f3digo Faculty Management System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/php/crud.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fieldname conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248948."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carmelogarcia:faculty_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA917DA-4616-4066-91A4-AB48022B2D78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Glunko/vulnerability/blob/main/Faculty-Management-System_sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248948",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248948",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-70xx/CVE-2023-7097.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7097",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-25T02:15:44.337",
"lastModified": "2023-12-25T03:08:09.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:18:18.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en code-projects Water Billing System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /addbill.php. La manipulaci\u00f3n del argumento owners_id conduce a la inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248949."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:water_billing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51D0A518-2E14-4B20-AE40-5B1F7564B4FA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Glunko/vulnerability/blob/main/Water-Billing-System_sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248949",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248949",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-71xx/CVE-2023-7111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7111",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-26T03:15:09.040",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-30T03:18:29.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:library_management_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "421B1EEE-61E9-48D8-BE67-A8346F3CC55E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249006",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249006",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-30T03:00:24.750902+00:00
2023-12-30T05:00:25.020170+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-30T02:15:08.447000+00:00
2023-12-30T04:15:08.250000+00:00
```
### Last Data Feed Release
@ -29,22 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234541
234547
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `6`
* [CVE-2023-41542](CVE-2023/CVE-2023-415xx/CVE-2023-41542.json) (`2023-12-30T02:15:08.393`)
* [CVE-2023-41543](CVE-2023/CVE-2023-415xx/CVE-2023-41543.json) (`2023-12-30T02:15:08.447`)
* [CVE-2022-46486](CVE-2022/CVE-2022-464xx/CVE-2022-46486.json) (`2023-12-30T03:15:08.173`)
* [CVE-2022-46487](CVE-2022/CVE-2022-464xx/CVE-2022-46487.json) (`2023-12-30T03:15:08.233`)
* [CVE-2023-38021](CVE-2023/CVE-2023-380xx/CVE-2023-38021.json) (`2023-12-30T03:15:08.303`)
* [CVE-2023-38022](CVE-2023/CVE-2023-380xx/CVE-2023-38022.json) (`2023-12-30T03:15:08.360`)
* [CVE-2023-38023](CVE-2023/CVE-2023-380xx/CVE-2023-38023.json) (`2023-12-30T03:15:08.413`)
* [CVE-2023-41544](CVE-2023/CVE-2023-415xx/CVE-2023-41544.json) (`2023-12-30T04:15:08.250`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `27`
* [CVE-2023-51765](CVE-2023/CVE-2023-517xx/CVE-2023-51765.json) (`2023-12-30T01:15:09.577`)
* [CVE-2023-49752](CVE-2023/CVE-2023-497xx/CVE-2023-49752.json) (`2023-12-30T03:13:36.437`)
* [CVE-2023-50832](CVE-2023/CVE-2023-508xx/CVE-2023-50832.json) (`2023-12-30T03:14:20.717`)
* [CVE-2023-32747](CVE-2023/CVE-2023-327xx/CVE-2023-32747.json) (`2023-12-30T03:14:43.520`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-30T03:15:08.467`)
* [CVE-2023-32799](CVE-2023/CVE-2023-327xx/CVE-2023-32799.json) (`2023-12-30T03:15:10.643`)
* [CVE-2023-7091](CVE-2023/CVE-2023-70xx/CVE-2023-7091.json) (`2023-12-30T03:15:29.733`)
* [CVE-2023-7096](CVE-2023/CVE-2023-70xx/CVE-2023-7096.json) (`2023-12-30T03:16:06.620`)
* [CVE-2023-7097](CVE-2023/CVE-2023-70xx/CVE-2023-7097.json) (`2023-12-30T03:18:18.157`)
* [CVE-2023-7111](CVE-2023/CVE-2023-71xx/CVE-2023-7111.json) (`2023-12-30T03:18:29.320`)
* [CVE-2023-51095](CVE-2023/CVE-2023-510xx/CVE-2023-51095.json) (`2023-12-30T03:18:50.037`)
* [CVE-2023-51090](CVE-2023/CVE-2023-510xx/CVE-2023-51090.json) (`2023-12-30T03:18:55.947`)
* [CVE-2023-51091](CVE-2023/CVE-2023-510xx/CVE-2023-51091.json) (`2023-12-30T03:18:57.887`)
* [CVE-2023-51092](CVE-2023/CVE-2023-510xx/CVE-2023-51092.json) (`2023-12-30T03:19:01.717`)
* [CVE-2023-51093](CVE-2023/CVE-2023-510xx/CVE-2023-51093.json) (`2023-12-30T03:19:03.393`)
* [CVE-2023-51094](CVE-2023/CVE-2023-510xx/CVE-2023-51094.json) (`2023-12-30T03:19:05.307`)
* [CVE-2023-51097](CVE-2023/CVE-2023-510xx/CVE-2023-51097.json) (`2023-12-30T03:19:06.583`)
* [CVE-2023-51098](CVE-2023/CVE-2023-510xx/CVE-2023-51098.json) (`2023-12-30T03:19:08.387`)
* [CVE-2023-51099](CVE-2023/CVE-2023-510xx/CVE-2023-51099.json) (`2023-12-30T03:19:10.323`)
* [CVE-2023-51100](CVE-2023/CVE-2023-511xx/CVE-2023-51100.json) (`2023-12-30T03:19:12.080`)
* [CVE-2023-51101](CVE-2023/CVE-2023-511xx/CVE-2023-51101.json) (`2023-12-30T03:19:13.923`)
* [CVE-2023-51102](CVE-2023/CVE-2023-511xx/CVE-2023-51102.json) (`2023-12-30T03:19:15.973`)
* [CVE-2023-47191](CVE-2023/CVE-2023-471xx/CVE-2023-47191.json) (`2023-12-30T03:20:37.497`)
* [CVE-2023-49765](CVE-2023/CVE-2023-497xx/CVE-2023-49765.json) (`2023-12-30T03:21:01.940`)
* [CVE-2023-50834](CVE-2023/CVE-2023-508xx/CVE-2023-50834.json) (`2023-12-30T03:23:31.073`)
* [CVE-2023-7040](CVE-2023/CVE-2023-70xx/CVE-2023-7040.json) (`2023-12-30T03:25:06.460`)
## Download and Usage