admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-10T03:00:26.843138+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-10 03:00:30 +00:00
parent f7dbf63706
commit ba758fda79
72 changed files with 1976 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-30xx/CVE-2023-3043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3043",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:09.290",
"lastModified": "2024-01-09T23:15:09.290",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
CVE-2023/CVE-2023-326xx/CVE-2023-32650.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32650",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:08.543",
"lastModified": "2024-01-08T18:15:45.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:19:46.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de an\u00e1lisis maxhandle FST_BL_GEOM de GTKWave 3.3.115, cuando se compila como un binario de 32 bits. Un archivo .fst especialmente manipulado puede provocar da\u00f1os en la memoria. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1777",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-340xx/CVE-2023-34087.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34087",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:08.783",
"lastModified": "2024-01-08T18:15:45.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:19:38.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de validaci\u00f3n de \u00edndice de matriz incorrecta en la funcionalidad de an\u00e1lisis EVCD var len de GTKWave 3.3.115. Un archivo .evcd especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1803",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-343xx/CVE-2023-34332.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34332",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:07.817",
"lastModified": "2024-01-09T23:15:07.817",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-343xx/CVE-2023-34333.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34333",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.223",
"lastModified": "2024-01-09T23:15:08.223",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
CVE-2023/CVE-2023-344xx/CVE-2023-34436.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34436",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:08.990",
"lastModified": "2024-01-08T18:15:45.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:19:19.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad LXT2 num_time_table_entries de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1819",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-350xx/CVE-2023-35004.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35004",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:09.210",
"lastModified": "2024-01-08T18:15:45.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:19:00.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n de valores VZT long_len de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1816",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-350xx/CVE-2023-35057.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35057",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:09.407",
"lastModified": "2024-01-08T18:15:45.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:18:50.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n de elementos de valor LXT2 lxt2_rd_trace de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar da\u00f1os en la memoria. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1821",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-351xx/CVE-2023-35128.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35128",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:09.600",
"lastModified": "2024-01-08T18:15:45.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:18:41.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad fstReaderIterBlocks2 time_table tsec_nitems de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar da\u00f1os en la memoria. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1792",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-359xx/CVE-2023-35989.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35989",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:12.800",
"lastModified": "2024-01-08T18:15:47.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:18:31.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n de bloques zlib LXT2 de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1822",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-359xx/CVE-2023-35992.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35992",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:12.987",
"lastModified": "2024-01-08T18:15:47.117",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:18:19.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n de vesc FST fstReaderIterBlocks2 de GTKWave 3.3.115, cuando se compila como un binario de 32 bits. Un archivo .fst especialmente manipulado puede provocar da\u00f1os en la memoria. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1790",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-368xx/CVE-2023-36861.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36861",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:14.377",
"lastModified": "2024-01-08T18:15:47.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:18:00.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad VZT LZMA_read_varint de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1811",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-368xx/CVE-2023-36864.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36864",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:14.593",
"lastModified": "2024-01-08T18:15:47.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:17:44.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n fstReaderIterBlocks2 temp_signal_value_buf de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1797",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-372xx/CVE-2023-37282.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37282",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:15.187",
"lastModified": "2024-01-08T18:15:47.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:17:21.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad de extracci\u00f3n dmem VZT LZMA_Read de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1810",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-372xx/CVE-2023-37293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37293",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.413",
"lastModified": "2024-01-09T23:15:08.413",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-372xx/CVE-2023-37294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37294",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.600",
"lastModified": "2024-01-09T23:15:08.600",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-372xx/CVE-2023-37295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37295",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.770",
"lastModified": "2024-01-09T23:15:08.770",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-372xx/CVE-2023-37296.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37296",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.940",
"lastModified": "2024-01-09T23:15:08.940",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-372xx/CVE-2023-37297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37297",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:09.110",
"lastModified": "2024-01-09T23:15:09.110",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
CVE-2023/CVE-2023-385xx/CVE-2023-38583.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38583",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:19.187",
"lastModified": "2024-01-08T18:15:49.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:17:06.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n LXT2 lxt2_rd_expand_integer_to_bits de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1827",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-386xx/CVE-2023-38657.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38657",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:22.390",
"lastModified": "2024-01-08T18:15:50.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:16:51.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad de descompresi\u00f3n de bloques LXT2 zlib de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE5AA96-C9D5-4450-BA9F-013FAFA077D3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1823",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-388xx/CVE-2023-38827.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38827",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T22:15:43.263",
"lastModified": "2024-01-09T22:15:43.263",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-479xx/CVE-2023-47992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47992",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.467",
"lastModified": "2024-01-09T23:15:09.467",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-479xx/CVE-2023-47993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47993",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.530",
"lastModified": "2024-01-09T23:15:09.530",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-479xx/CVE-2023-47994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47994",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.583",
"lastModified": "2024-01-09T23:15:09.583",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-479xx/CVE-2023-47995.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47995",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.637",
"lastModified": "2024-01-09T23:15:09.637",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-479xx/CVE-2023-47996.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47996",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.680",
"lastModified": "2024-01-09T23:15:09.680",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-479xx/CVE-2023-47997.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47997",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T00:15:45.463",
"lastModified": "2024-01-10T00:15:45.463",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

36
CVE-2023/CVE-2023-496xx/CVE-2023-49622.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49622",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:39.593",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:14:24.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'itemnameid' del recurso material_bill.php?action=itemRelation no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

46
CVE-2023/CVE-2023-496xx/CVE-2023-49624.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49624",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:39.817",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:14:18.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'cancelid' del recurso material_bill.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -35,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +60,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-496xx/CVE-2023-49625.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49625",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:40.037",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:14:10.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'id' del recurso partylist_edit_submit.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-496xx/CVE-2023-49633.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49633",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:40.243",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:14:03.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'buyer_address' del recurso buyer_detail_submit.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-496xx/CVE-2023-49639.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49639",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:40.440",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:57.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'customer_details' del recurso buyer_invoice_submit.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-496xx/CVE-2023-49658.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49658",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:40.657",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:48.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'bank_details' del recurso party_submit.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-496xx/CVE-2023-49665.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49665",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:40.860",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:39.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'quantity[]' del recurso submit_delivery_list.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-496xx/CVE-2023-49666.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49666",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:41.067",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:33.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Billing Software v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'custmer_details' del recurso submit_material_list.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:billing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB93636-E714-4294-919D-762AF03439DB"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/zimerman/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-501xx/CVE-2023-50136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50136",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T22:15:43.350",
"lastModified": "2024-01-09T22:15:43.350",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

36
CVE-2023/CVE-2023-507xx/CVE-2023-50743.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50743",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:41.270",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:27.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. \n\n"
},
{
"lang": "es",
"value": "Online Notice Board System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'dd' del recurso registration.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:online_notice_board_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EC95D9-422E-4AEC-A1C4-743140F2CDAC"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/perahia/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-507xx/CVE-2023-50752.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50752",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:41.473",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:17.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. \n\n"
},
{
"lang": "es",
"value": "Online Notice Board System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'e' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:online_notice_board_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EC95D9-422E-4AEC-A1C4-743140F2CDAC"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/perahia/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-507xx/CVE-2023-50753.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50753",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T14:15:41.680",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:11.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. \n\n"
},
{
"lang": "es",
"value": "Online Notice Board System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'dd' del recurso user/update_profile.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:online_notice_board_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EC95D9-422E-4AEC-A1C4-743140F2CDAC"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/perahia/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

46
CVE-2023/CVE-2023-507xx/CVE-2023-50760.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50760",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.387",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:13:05.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.\n\n"
},
{
"lang": "es",
"value": "Online Notice Board System v1.0 es afectado por una vulnerabilidad de carga de archivos insegura en el par\u00e1metro 'f' de la p\u00e1gina user/update_profile_pic.php, lo que permite a un atacante autenticado obtener la ejecuci\u00f3n remota de c\u00f3digo en el servidor que aloja la aplicaci\u00f3n."
}
],
"metrics": {
@ -35,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +60,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:online_notice_board_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EC95D9-422E-4AEC-A1C4-743140F2CDAC"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/arrau/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

56
CVE-2023/CVE-2023-508xx/CVE-2023-50862.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50862",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.593",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:12:52.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Travel Website v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'hotelIDHidden' del recurso booking.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3607D6-CEA1-435F-9039-52E09E7B362F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-508xx/CVE-2023-50863.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50863",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.800",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:12:42.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Travel Website v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'hotelIDHidden' del recurso generateReceipt.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3607D6-CEA1-435F-9039-52E09E7B362F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-508xx/CVE-2023-50864.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50864",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.003",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:12:35.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Travel Website v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'hotelId' del recurso hotelDetails.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3607D6-CEA1-435F-9039-52E09E7B362F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-508xx/CVE-2023-50865.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50865",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.217",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:12:29.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Travel Website v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'city' del recurso hotelSearch.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3607D6-CEA1-435F-9039-52E09E7B362F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-508xx/CVE-2023-50866.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50866",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.417",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:12:23.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Travel Website v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'username' del recurso loginAction.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3607D6-CEA1-435F-9039-52E09E7B362F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-508xx/CVE-2023-50867.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50867",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.623",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:12:15.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Travel Website v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'username' del recurso signupAction.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3607D6-CEA1-435F-9039-52E09E7B362F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-57xx/CVE-2023-5770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5770",
"sourceIdentifier": "security@proofpoint.com",
"published": "2024-01-09T22:15:43.400",
"lastModified": "2024-01-09T22:15:43.400",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-64xx/CVE-2023-6476.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6476",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-09T22:15:43.610",
"lastModified": "2024-01-09T22:15:43.610",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-66xx/CVE-2023-6600.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6600",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.337",
"lastModified": "2024-01-09T21:01:53.373",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-10T01:15:38.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:omgf:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:daan:omgf:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.7.10",
"matchCriteriaId": "2E1BE201-64B1-470C-8DCA-C600D16262FF"
"matchCriteriaId": "98671D90-E99F-4DE7-B805-EC45DF08B4DC"
}
]
}

65
CVE-2023/CVE-2023-69xx/CVE-2023-6992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6992",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2024-01-04T12:15:23.690",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T01:14:35.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,11 +11,31 @@
},
{
"lang": "es",
"value": "Se descubri\u00f3 que la versi\u00f3n Cloudflare de la librer\u00eda zlib era vulnerable a problemas de corrupci\u00f3n de memoria que afectan la implementaci\u00f3n del algoritmo de deflaci\u00f3n (deflate.c). Los problemas se debieron a una validaci\u00f3n de entrada incorrecta y a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Un atacante local podr\u00eda aprovechar el problema durante la compresi\u00f3n utilizando un archivo malicioso manipulado que podr\u00eda provocar una denegaci\u00f3n de servicio del software. Parches: el problema se solucion\u00f3 en la confirmaci\u00f3n 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c. El repositorio ascendente no se ve afectado."
"value": "Se descubri\u00f3 que la versi\u00f3n Cloudflare de la librer\u00eda zlib era vulnerable a problemas de corrupci\u00f3n de memoria que afectan la implementaci\u00f3n del algoritmo de deflaci\u00f3n (deflate.c). Los problemas se debieron a una validaci\u00f3n de entrada incorrecta y a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Un atacante local podr\u00eda aprovechar el problema durante la compresi\u00f3n utilizando un archivo malicioso manipulado que podr\u00eda provocar una denegaci\u00f3n de servicio del software. Parches: el problema se solucion\u00f3 en el commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c. El repositorio ascendente no se ve afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@cloudflare.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cna@cloudflare.com",
"type": "Secondary",
@ -58,14 +88,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudflare:zlib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-11-16",
"matchCriteriaId": "6DAB9F62-5C2E-43C9-838C-081351A38200"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cloudflare/zlib",
"source": "cna@cloudflare.com"
"source": "cna@cloudflare.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh",
"source": "cna@cloudflare.com"
"source": "cna@cloudflare.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-70xx/CVE-2023-7032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7032",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2024-01-09T20:15:42.967",
"lastModified": "2024-01-09T20:15:42.967",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0342",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T20:15:43.190",
"lastModified": "2024-01-09T20:15:43.190",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0343",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T20:15:43.503",
"lastModified": "2024-01-09T20:15:43.503",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0344",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T21:15:08.123",
"lastModified": "2024-01-09T21:15:08.123",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0345",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T21:15:08.347",
"lastModified": "2024-01-09T21:15:08.347",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0346",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T22:15:43.800",
"lastModified": "2024-01-09T22:15:43.800",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0347.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0347",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T22:15:44.027",
"lastModified": "2024-01-09T22:15:44.027",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0348",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T22:15:44.257",
"lastModified": "2024-01-09T22:15:44.257",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0349.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0349",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:09.727",
"lastModified": "2024-01-09T23:15:09.727",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0350",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:09.947",
"lastModified": "2024-01-09T23:15:09.947",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0351",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:10.180",
"lastModified": "2024-01-09T23:15:10.180",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0352",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:10.403",
"lastModified": "2024-01-09T23:15:10.403",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0354",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T00:15:45.950",
"lastModified": "2024-01-10T00:15:45.950",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0355",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T00:15:46.217",
"lastModified": "2024-01-10T00:15:46.217",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2024/CVE-2024-03xx/CVE-2024-0356.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0356",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T01:15:43.233",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250123",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250123",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0357.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0357",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T01:15:43.460",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250124",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250124",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0358.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0358",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T01:15:43.663",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/Po2N8SpTuzrV",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250125",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250125",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0359.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0359",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T02:15:46.637",
"lastModified": "2024-01-10T02:15:46.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250126",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250126",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0360.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0360",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T02:15:46.873",
"lastModified": "2024-01-10T02:15:46.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250127",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250127",
"source": "cna@vuldb.com"
}
]
}

4
CVE-2024/CVE-2024-216xx/CVE-2024-21664.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21664",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-09T20:15:43.740",
"lastModified": "2024-01-09T20:15:43.740",
"vulnStatus": "Received",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-10T00:55:25.999809+00:00
2024-01-10T03:00:26.843138+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-10T00:15:46.217000+00:00
2024-01-10T02:15:46.873000+00:00
```
### Last Data Feed Release
@ -23,50 +23,55 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-01-09T01:00:28.250132+00:00
2024-01-10T01:00:28.271326+00:00
```
### Total Number of included CVEs
```plain
235361
235366
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `5`
* [CVE-2023-34332](CVE-2023/CVE-2023-343xx/CVE-2023-34332.json) (`2024-01-09T23:15:07.817`)
* [CVE-2023-34333](CVE-2023/CVE-2023-343xx/CVE-2023-34333.json) (`2024-01-09T23:15:08.223`)
* [CVE-2023-37293](CVE-2023/CVE-2023-372xx/CVE-2023-37293.json) (`2024-01-09T23:15:08.413`)
* [CVE-2023-37294](CVE-2023/CVE-2023-372xx/CVE-2023-37294.json) (`2024-01-09T23:15:08.600`)
* [CVE-2023-37295](CVE-2023/CVE-2023-372xx/CVE-2023-37295.json) (`2024-01-09T23:15:08.770`)
* [CVE-2023-37296](CVE-2023/CVE-2023-372xx/CVE-2023-37296.json) (`2024-01-09T23:15:08.940`)
* [CVE-2023-37297](CVE-2023/CVE-2023-372xx/CVE-2023-37297.json) (`2024-01-09T23:15:09.110`)
* [CVE-2023-3043](CVE-2023/CVE-2023-30xx/CVE-2023-3043.json) (`2024-01-09T23:15:09.290`)
* [CVE-2023-47992](CVE-2023/CVE-2023-479xx/CVE-2023-47992.json) (`2024-01-09T23:15:09.467`)
* [CVE-2023-47993](CVE-2023/CVE-2023-479xx/CVE-2023-47993.json) (`2024-01-09T23:15:09.530`)
* [CVE-2023-47994](CVE-2023/CVE-2023-479xx/CVE-2023-47994.json) (`2024-01-09T23:15:09.583`)
* [CVE-2023-47995](CVE-2023/CVE-2023-479xx/CVE-2023-47995.json) (`2024-01-09T23:15:09.637`)
* [CVE-2023-47996](CVE-2023/CVE-2023-479xx/CVE-2023-47996.json) (`2024-01-09T23:15:09.680`)
* [CVE-2023-47997](CVE-2023/CVE-2023-479xx/CVE-2023-47997.json) (`2024-01-10T00:15:45.463`)
* [CVE-2024-0349](CVE-2024/CVE-2024-03xx/CVE-2024-0349.json) (`2024-01-09T23:15:09.727`)
* [CVE-2024-0350](CVE-2024/CVE-2024-03xx/CVE-2024-0350.json) (`2024-01-09T23:15:09.947`)
* [CVE-2024-0351](CVE-2024/CVE-2024-03xx/CVE-2024-0351.json) (`2024-01-09T23:15:10.180`)
* [CVE-2024-0352](CVE-2024/CVE-2024-03xx/CVE-2024-0352.json) (`2024-01-09T23:15:10.403`)
* [CVE-2024-0354](CVE-2024/CVE-2024-03xx/CVE-2024-0354.json) (`2024-01-10T00:15:45.950`)
* [CVE-2024-0355](CVE-2024/CVE-2024-03xx/CVE-2024-0355.json) (`2024-01-10T00:15:46.217`)
* [CVE-2024-0356](CVE-2024/CVE-2024-03xx/CVE-2024-0356.json) (`2024-01-10T01:15:43.233`)
* [CVE-2024-0357](CVE-2024/CVE-2024-03xx/CVE-2024-0357.json) (`2024-01-10T01:15:43.460`)
* [CVE-2024-0358](CVE-2024/CVE-2024-03xx/CVE-2024-0358.json) (`2024-01-10T01:15:43.663`)
* [CVE-2024-0359](CVE-2024/CVE-2024-03xx/CVE-2024-0359.json) (`2024-01-10T02:15:46.637`)
* [CVE-2024-0360](CVE-2024/CVE-2024-03xx/CVE-2024-0360.json) (`2024-01-10T02:15:46.873`)
### CVEs modified in the last Commit
Recently modified CVEs: `5`
Recently modified CVEs: `66`
* [CVE-2023-48655](CVE-2023/CVE-2023-486xx/CVE-2023-48655.json) (`2024-01-10T00:15:45.530`)
* [CVE-2023-48656](CVE-2023/CVE-2023-486xx/CVE-2023-48656.json) (`2024-01-10T00:15:45.627`)
* [CVE-2023-48657](CVE-2023/CVE-2023-486xx/CVE-2023-48657.json) (`2024-01-10T00:15:45.697`)
* [CVE-2023-48658](CVE-2023/CVE-2023-486xx/CVE-2023-48658.json) (`2024-01-10T00:15:45.780`)
* [CVE-2023-48659](CVE-2023/CVE-2023-486xx/CVE-2023-48659.json) (`2024-01-10T00:15:45.860`)
* [CVE-2023-37294](CVE-2023/CVE-2023-372xx/CVE-2023-37294.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-37295](CVE-2023/CVE-2023-372xx/CVE-2023-37295.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-37296](CVE-2023/CVE-2023-372xx/CVE-2023-37296.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-37297](CVE-2023/CVE-2023-372xx/CVE-2023-37297.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-3043](CVE-2023/CVE-2023-30xx/CVE-2023-3043.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-47992](CVE-2023/CVE-2023-479xx/CVE-2023-47992.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-47993](CVE-2023/CVE-2023-479xx/CVE-2023-47993.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-47994](CVE-2023/CVE-2023-479xx/CVE-2023-47994.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-47995](CVE-2023/CVE-2023-479xx/CVE-2023-47995.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-47996](CVE-2023/CVE-2023-479xx/CVE-2023-47996.json) (`2024-01-10T01:21:28.543`)
* [CVE-2023-47997](CVE-2023/CVE-2023-479xx/CVE-2023-47997.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0342](CVE-2024/CVE-2024-03xx/CVE-2024-0342.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0343](CVE-2024/CVE-2024-03xx/CVE-2024-0343.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-21664](CVE-2024/CVE-2024-216xx/CVE-2024-21664.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0344](CVE-2024/CVE-2024-03xx/CVE-2024-0344.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0345](CVE-2024/CVE-2024-03xx/CVE-2024-0345.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0346](CVE-2024/CVE-2024-03xx/CVE-2024-0346.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0347](CVE-2024/CVE-2024-03xx/CVE-2024-0347.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0348](CVE-2024/CVE-2024-03xx/CVE-2024-0348.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0349](CVE-2024/CVE-2024-03xx/CVE-2024-0349.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0350](CVE-2024/CVE-2024-03xx/CVE-2024-0350.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0351](CVE-2024/CVE-2024-03xx/CVE-2024-0351.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0352](CVE-2024/CVE-2024-03xx/CVE-2024-0352.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0354](CVE-2024/CVE-2024-03xx/CVE-2024-0354.json) (`2024-01-10T01:21:28.543`)
* [CVE-2024-0355](CVE-2024/CVE-2024-03xx/CVE-2024-0355.json) (`2024-01-10T01:21:28.543`)
## Download and Usage