admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-04T19:00:25.444381+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-04 19:00:29 +00:00
parent cdc9db6105
commit c05ddb8881
53 changed files with 2690 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
CVE-2022/CVE-2022-446xx/CVE-2022-44684.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-44684",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-20T20:15:19.003",
"lastModified": "2023-12-21T02:24:22.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:53:13.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Local Session Manager (LSM) Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Local Session Manager (LSM)"
}
],
"metrics": {
@ -34,10 +38,80 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.2364",
"matchCriteriaId": "AA5A49C2-6A51-4A73-AC74-532BC6430763"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19043.2364",
"matchCriteriaId": "86AEB671-97BB-4C0C-AC20-AFF67C541FA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.2364",
"matchCriteriaId": "B0458BC1-9795-459C-826C-A6A094AE03DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.2364",
"matchCriteriaId": "0D4D2A8F-5F2C-4A6F-902C-6C1DAD745CCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.1335",
"matchCriteriaId": "9E936B0C-9BA0-4C70-8469-F8D79A9B72E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.993",
"matchCriteriaId": "F9DC28E9-C12F-45C4-B591-B52CDABCBA98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44684",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
]
}
]
}

176
CVE-2023/CVE-2023-00xx/CVE-2023-0011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0011",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-12-20T08:15:43.503",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:50:39.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -50,10 +80,150 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:u-blox:toby-l200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BBDE75-F751-4CA5-BB8F-B0A7443F31B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:u-blox:toby-l200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFF98D9-6F6A-4998-A4D6-718EF265ADD7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:u-blox:toby-l201_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49EA82B9-A8B8-47BE-B4A4-2C617C8DFFA7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:u-blox:toby-l201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1944470-58F1-45D5-86D5-DAE6B1C5300D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:u-blox:toby-l210_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0566D11-FF7F-4FD2-BA72-E88BE6575F85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:u-blox:toby-l210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE97AF5-F30C-49A2-B9C1-4A8D06627E61"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:u-blox:toby-l220_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6FAB6F-9FCA-4ECE-9405-B076D228CA6A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:u-blox:toby-l220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED64C75E-0D3F-4803-B7A5-73C9E2FD3E15"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:u-blox:toby-l280_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D9729-1AC5-4A6E-BB9F-FE0B3EF81A1D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:u-blox:toby-l280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115539C2-F49B-4D21-BA9E-32D67D33FAAB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.u-blox.com/en/report-security-issues",
"source": "vulnerability@ncsc.ch"
"source": "vulnerability@ncsc.ch",
"tags": [
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-31xx/CVE-2023-3171.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3171",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-27T16:15:13.103",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:07:40.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en EAP-7 durante la deserializaci\u00f3n de ciertas clases, lo que permite la creaci\u00f3n de instancias de HashMap y HashTable sin verificar los recursos consumidos. Este problema podr\u00eda permitir que un atacante env\u00ede solicitudes maliciosas utilizando estas clases, lo que eventualmente podr\u00eda agotar el mont\u00f3n y provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,30 +80,102 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "645A908C-18C2-4AB1-ACE7-3969E3A552A5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:5484",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5485",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5486",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5488",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3171",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

64
CVE-2023/CVE-2023-375xx/CVE-2023-37544.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37544",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-20T09:15:07.007",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:52:01.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -50,14 +70,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.10.5",
"matchCriteriaId": "D512CD7B-D493-491E-A6C5-879E81251897"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.11.0",
"versionEndExcluding": "2.11.2",
"matchCriteriaId": "0ECAEE42-ADBE-40B3-BD33-3C7D2006C2C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B50CF4D0-189C-404B-9906-04E7BB94B574"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/od0k9zts1toc9h9snbqq4pjpyx28mv4m",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

4
CVE-2023/CVE-2023-37xx/CVE-2023-3726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3726",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.117",
"lastModified": "2024-01-04T15:15:09.117",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

19
CVE-2023/CVE-2023-393xx/CVE-2023-39323.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39323",
"sourceIdentifier": "security@golang.org",
"published": "2023-10-05T21:15:11.283",
"lastModified": "2023-11-25T11:15:17.997",
"vulnStatus": "Modified",
"lastModified": "2024-01-04T18:04:15.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
@ -157,7 +157,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202311-09",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0001/",

69
CVE-2023/CVE-2023-424xx/CVE-2023-42436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42436",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:09.637",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:08:27.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en la funci\u00f3n de presentaci\u00f3n de las versiones de GROWI anteriores a la v3.4.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.0",
"matchCriteriaId": "D901AB34-3DCE-4839-80CD-3FEC49A4A54D"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN18715935/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-457xx/CVE-2023-45737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45737",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:09.907",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:13:57.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en la p\u00e1gina App Settings (/admin/app) y en la p\u00e1gina Markdown Settings (/admin/markdown) de las versiones de GROWI anteriores a la v3.5.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "740F997E-C5AB-460E-ABF3-A81A61BFE75F"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN18715935/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-457xx/CVE-2023-45740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45740",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.010",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:11:01.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "La vulnerabilidad de cross-site scripting almacenado al procesar im\u00e1genes de perfil existe en las versiones de GROWI anteriores a la v4.1.3. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.3",
"matchCriteriaId": "2A391DBE-7AF1-4D74-9AA0-DBA4B971D298"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN18715935/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-458xx/CVE-2023-45871.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45871",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-15T01:15:09.027",
"lastModified": "2023-12-28T16:18:15.007",
"lastModified": "2024-01-04T18:04:09.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]

69
CVE-2023/CVE-2023-466xx/CVE-2023-46699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46699",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.407",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:09:09.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "La vulnerabilidad de Cross-site request forgery (CSRF) existe en la p\u00e1gina User settings (/me) de las versiones de GROWI anteriores a la v6.0.0. Si un usuario ve una p\u00e1gina maliciosa mientras inicia sesi\u00f3n, la configuraci\u00f3n puede cambiarse sin la intenci\u00f3n del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.0",
"matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN18715935/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-469xx/CVE-2023-46989.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46989",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T06:15:44.227",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:14:27.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Innovadeluxe Quick Order para PrestaShop anterior a v.1.4.0, permite a atacantes locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n getProducts() en el archivo productlist.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:innovadeluxe:quick_order:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.4.0",
"matchCriteriaId": "17E3F176-B73F-4222-9429-AED82553EC5C"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/12/12/idxquickorder.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

166
CVE-2023/CVE-2023-46xx/CVE-2023-4641.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4641",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-27T16:15:13.363",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:06:55.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Shadow-Utils. Al solicitar una nueva contrase\u00f1a, Shadow-Utils la solicita dos veces. Si la contrase\u00f1a falla en el segundo intento, Shadow-Utils no logra limpiar el b\u00fafer utilizado para almacenar la primera entrada. Esto puede permitir que un atacante con suficiente acceso recupere la contrase\u00f1a de la memoria."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,22 +80,142 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shadow-maint:shadow-utils:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.0",
"matchCriteriaId": "484C918F-130D-4D52-85EF-F7DCD276CC36"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABBAA9E-CCBA-480B-ABB5-454448D91262"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "910C9542-26FC-4635-9351-128727971830"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "55CF7208-4D36-4C35-92BC-F6EA2C8DEDE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "F791F846-7762-40E0-9056-032FD10F2046"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D7389-35C1-48C4-A9EC-2564842723C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B528C5D-0F72-4685-8516-257597E94AE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:6632",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7112",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4641",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215945",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

75
CVE-2023/CVE-2023-481xx/CVE-2023-48114.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-48114",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T15:15:09.587",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:52:42.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name."
},
{
"lang": "es",
"value": "SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite XSS almacenado usando image/svg+xml y un documento SVG cargado. Esto ocurre porque la aplicaci\u00f3n intenta permitir las URL de youtube.com, pero en realidad permite youtube.com seguido de un car\u00e1cter @ y un nombre de dominio controlado por el atacante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.8495",
"versionEndExcluding": "16.0.8747",
"matchCriteriaId": "71542879-0A2F-4646-A8E1-54DF2347F4FB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.smartertools.com/smartermail/release-notes/current",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

75
CVE-2023/CVE-2023-481xx/CVE-2023-48115.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-48115",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T15:15:09.637",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:52:28.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request."
},
{
"lang": "es",
"value": "SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite DOM XSS almacenado porque se omite un mecanismo de protecci\u00f3n XSS cuando messageHTML y messagePlainText se configuran en la misma solicitud."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.8495",
"versionEndExcluding": "16.0.8747",
"matchCriteriaId": "71542879-0A2F-4646-A8E1-54DF2347F4FB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.smartertools.com/smartermail/release-notes/current",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

75
CVE-2023/CVE-2023-481xx/CVE-2023-48116.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-48116",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T15:15:09.697",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:52:20.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment."
},
{
"lang": "es",
"value": "SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite almacenar XSS a trav\u00e9s de una descripci\u00f3n manipulada de una cita del Calendario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.8495",
"versionEndExcluding": "16.0.8747",
"matchCriteriaId": "71542879-0A2F-4646-A8E1-54DF2347F4FB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.smartertools.com/smartermail/release-notes/current",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

69
CVE-2023/CVE-2023-490xx/CVE-2023-49000.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.653",
"lastModified": "2023-12-28T15:09:59.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:45:41.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Un problema en ArtistScope ArtisBrowser v.34.1.5 y anteriores permite a un atacante omitir las restricciones de acceso previstas mediante la interacci\u00f3n con el componente com.artis.browser.IntentReceiverActivity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artistscope:artisbrowser:*:*:*:*:*:*:*:*",
"versionEndIncluding": "34.1.5",
"matchCriteriaId": "AD17DF57-D7E8-42AE-970B-9FD4BE38982F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49000",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-490xx/CVE-2023-49001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49001",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.700",
"lastModified": "2023-12-28T15:09:59.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:45:26.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "Un problema en Indi Browser (aka kvbrowser) v.12.11.23 permite a un atacante omitir las restricciones de acceso previstas mediante la interacci\u00f3n con el componente com.example.gurry.kvbrowswer.webview."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:indibrowser:indi_browser:12.11.23:*:*:*:*:*:*:*",
"matchCriteriaId": "34065821-EF9B-48F5-AC74-29206CFDCBD5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/com.gurry.kvbrowser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49001",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-490xx/CVE-2023-49003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49003",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.790",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:36:38.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "Un problema en simplemobiletools Simple Dialer 5.18.1 permite a un atacante omitirlas restricciones de acceso previstas mediante la interacci\u00f3n con com.simplemobiletools.dialer.activities.DialerActivity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simplemobiletools:simple_dialer:5.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D66FA02-CDAC-43D2-B453-3FFA457834E4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/com.simplemobiletools.dialer/blob/main/CWE-928.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-49003",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-492xx/CVE-2023-49228.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49228",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.023",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:54:01.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. La autenticaci\u00f3n del puerto de consola utiliza credenciales codificadas, lo que permite a un atacante con acceso f\u00edsico y conocimiento suficiente ejecutar comandos arbitrarios como root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.4.0",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-492xx/CVE-2023-49230.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49230",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.150",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:17:22.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. Una verificaci\u00f3n de autorizaci\u00f3n faltante en portales cautivos permite a los atacantes modificar las configuraciones de los portales sin autenticaci\u00f3n previa."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.4.0",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49469",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T06:15:44.340",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:14:07.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Vulnerabilidad reflejada de Cross Site Scripting (XSS) en Shaarli v0.12.2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de etiqueta de b\u00fasqueda."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shaarli_project:shaarli:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9DCA3-CDAD-4047-9EEB-D35772A5B4F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shaarli/Shaarli/issues/2038",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/shaarli/Shaarli/releases/tag/v0.13.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

70
CVE-2023/CVE-2023-499xx/CVE-2023-49949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49949",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T14:15:07.277",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:32:10.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Passwork anterior a 6.2.0 permite a los usuarios autenticados remotamente omitir 2FA enviando un mill\u00f3n de c\u00f3digos de 6 d\u00edgitos posibles."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:passwork:passwork:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.0",
"matchCriteriaId": "861369D4-3EB5-4EF5-BB22-3B043204AA9A"
}
]
}
]
}
],
"references": [
{
"url": "https://acribia.ru/articles/2fa_bypass_passwork",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://passwork.ru/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

57
CVE-2023/CVE-2023-502xx/CVE-2023-50255.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50255",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T17:15:07.847",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:03:20.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "Deepin-Compressor es el administrador de archivos predeterminado del sistema operativo Deepin Linux. Antes de la versi\u00f3n 5.12.21, hab\u00eda una vulnerabilidad de path traversal en deepin-compressor que se pod\u00eda explotar para lograr la ejecuci\u00f3n remota de comandos en el sistema de destino al abrir archivos manipulados. Se recomienda a los usuarios que actualicen a la versi\u00f3n 5.12.21, que soluciona el problema. No se conocen workarounds para esta vulnerabilidad. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,14 +78,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deepin:deepin-compressor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.21",
"matchCriteriaId": "4B8C269F-A8B9-4677-B050-5C9F7DD7D4FA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-504xx/CVE-2023-50428.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-50428",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-09T19:15:07.977",
"lastModified": "2023-12-11T17:50:29.823",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-04T17:15:08.690",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023."
"value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\""
},
{
"lang": "es",
@ -84,6 +84,10 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799",
"source": "cve@mitre.org",

80
CVE-2023/CVE-2023-507xx/CVE-2023-50732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50732",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T20:15:07.900",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:55:32.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +80,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3",
"versionEndExcluding": "14.10.7",
"matchCriteriaId": "BCBC97DA-9B2B-4A24-A5CB-DD15CBDD301B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F1AD4421-AE75-43F7-9B8F-F0A739D166C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20625",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-507xx/CVE-2023-50760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50760",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.387",
"lastModified": "2024-01-04T15:15:09.387",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-508xx/CVE-2023-50862.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50862",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.593",
"lastModified": "2024-01-04T15:15:09.593",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-508xx/CVE-2023-50863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50863",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.800",
"lastModified": "2024-01-04T15:15:09.800",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-508xx/CVE-2023-50864.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50864",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.003",
"lastModified": "2024-01-04T15:15:10.003",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-508xx/CVE-2023-50865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50865",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.217",
"lastModified": "2024-01-04T15:15:10.217",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-508xx/CVE-2023-50866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50866",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.417",
"lastModified": "2024-01-04T15:15:10.417",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-508xx/CVE-2023-50867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50867",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.623",
"lastModified": "2024-01-04T15:15:10.623",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-510xx/CVE-2023-51080.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-51080",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.397",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:46:45.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el m\u00e9todo NumberUtil.toBigDecimal en hutool-core v5.8.23 conten\u00eda un desbordamiento de pila."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hutool:hutool:5.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E06EB61A-4250-4F44-9743-3108FF70C157"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dromara/hutool/issues/3423",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

68
CVE-2023/CVE-2023-510xx/CVE-2023-51084.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-51084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.450",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:46:23.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que hyavijava v6.0.07.1 conten\u00eda un desbordamiento de pila mediante el m\u00e9todo ResultConverter.convert2Xml."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yavijava:yavijava:6.0.07.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B65B9D4-F712-40E8-9651-B632DBD5EFDC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/PoppingSnack/VulReport/issues/12",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

8
CVE-2023/CVE-2023-517xx/CVE-2023-51764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T05:15:08.273",
"lastModified": "2023-12-29T02:15:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:15:08.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -51,6 +51,10 @@
{
"url": "https://www.postfix.org/smtp-smuggling.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.youtube.com/watch?v=V8KPV96g1To",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-517xx/CVE-2023-51765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51765",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.527",
"lastModified": "2023-12-30T18:15:40.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:15:08.607",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -71,6 +71,10 @@
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/22/7",
"source": "cve@mitre.org"
},
{
"url": "https://www.youtube.com/watch?v=V8KPV96g1To",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-517xx/CVE-2023-51766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.673",
"lastModified": "2024-01-04T16:23:05.490",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-04T18:15:08.680",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -221,6 +221,10 @@
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=V8KPV96g1To",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-56xx/CVE-2023-5644.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5644",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:07.843",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:12:49.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users."
},
{
"lang": "es",
"value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no autoriza correctamente sus endpoint de API REST, lo que permite a los usuarios con el rol de Colaborador ver y eliminar datos a los que solo deber\u00edan tener acceso los usuarios administradores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.3",
"matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/08f1d623-0453-4103-a9aa-2d0ddb6eb69e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-56xx/CVE-2023-5645.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5645",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:07.890",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:13:05.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor."
},
{
"lang": "es",
"value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que lleva a una inyecci\u00f3n SQL explotable por usuarios con un rol tan bajo como Colaborador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.3",
"matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e392fb53-66e9-4c43-9e4f-f4ea7c561551",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-56xx/CVE-2023-5672.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5672",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:07.937",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:08:45.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files."
},
{
"lang": "es",
"value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no valida correctamente los par\u00e1metros de ruta de archivo al adjuntar archivos a correos electr\u00f3nicos, lo que provoca la inclusi\u00f3n de archivos locales y permite que un atacante filtre el contenido de archivos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.3",
"matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-56xx/CVE-2023-5673.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5673",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:07.980",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:09:37.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution."
},
{
"lang": "es",
"value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no valida correctamente las extensiones de archivo que cargan archivos para adjuntarlos a correos electr\u00f3nicos, lo que permite a los atacantes cargar archivos PHP, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.3",
"matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-56xx/CVE-2023-5674.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5674",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:08.023",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:49:34.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor."
},
{
"lang": "es",
"value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que lleva a una inyecci\u00f3n SQL explotable por usuarios con un rol tan bajo como Colaborador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.3",
"matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-59xx/CVE-2023-5931.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5931",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:08.077",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:45:49.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server"
},
{
"lang": "es",
"value": "El complemento rtMedia para WordPress, BuddyPress y bbPress WordPress anterior a 4.6.16 no valida los archivos que se cargar\u00e1n, lo que podr\u00eda permitir a atacantes con una cuenta con pocos privilegios (por ejemplo, suscriptores) cargar archivos arbitrarios como PHP en el servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rtcamp:rtmedia:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.6.16",
"matchCriteriaId": "76F051CB-D2C0-4BC3-AEC7-556534B3A627"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-59xx/CVE-2023-5939.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5939",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-12-26T19:15:08.120",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:41:13.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users."
},
{
"lang": "es",
"value": "El complemento rtMedia para WordPress, BuddyPress y bbPress WordPress anterior a 4.6.16 carga el contenido del archivo de importaci\u00f3n de forma insegura, lo que provoca la ejecuci\u00f3n remota de c\u00f3digo por parte de usuarios privilegiados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rtcamp:rtmedia:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.6.16",
"matchCriteriaId": "76F051CB-D2C0-4BC3-AEC7-556534B3A627"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-62xx/CVE-2023-6270.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6270",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-04T17:15:08.803",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6270",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256786",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2023/CVE-2023-65xx/CVE-2023-6551.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6551",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-04T16:15:09.380",
"lastModified": "2024-01-04T16:15:09.380",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

80
CVE-2023/CVE-2023-70xx/CVE-2023-7047.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-7047",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-12-21T15:15:14.427",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:37:04.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nInadequate validation of permissions when employing remote tools and \nmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and \nearlier permits a user to initiate a connection without proper execution\n rights via the remote tools feature. This affects only SQL data sources.\n"
},
{
"lang": "es",
"value": "La validaci\u00f3n inadecuada de permisos al emplear herramientas remotas y macros a trav\u00e9s del men\u00fa contextual dentro de las versiones 2023.3.31 y anteriores de Devolutions Remote Desktop Manager permite a un usuario iniciar una conexi\u00f3n sin los derechos de ejecuci\u00f3n adecuados a trav\u00e9s de la funci\u00f3n de herramientas remotas. Esto afecta s\u00f3lo a las fuentes de datos SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.3.31.0",
"matchCriteriaId": "54C810F3-599E-44AD-ABF9-B63C828D2868"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0024/",
"source": "security@devolutions.net"
"source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-71xx/CVE-2023-7116.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7116",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-27T16:15:13.580",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T17:04:33.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249086 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en WeiYe-Jing datax-web 2.1.2 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /api/log/killJob del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ProcessId conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249086 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:datax-web_project:datax-web:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16F7D48B-A5CC-48B9-89C0-A6E6A86A6318"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@2839549219ljk/rec-vulnerability-e8f2e1033b1f",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249086",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249086",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

59
CVE-2023/CVE-2023-71xx/CVE-2023-7123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7123",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T00:15:12.310",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:35:57.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom:medicine_tracker_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F1E41-C4C8-4AC2-9FA8-FEBC30E278E1"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@2839549219ljk/medicine-tracking-system-sql-injection-7b0dde3a82a4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249095",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249095",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

59
CVE-2023/CVE-2023-71xx/CVE-2023-7124.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7124",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T03:15:08.070",
"lastModified": "2023-12-28T15:09:53.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T18:33:58.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:e-commerce_site:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E87EFAB-5254-4878-B8E2-5FC6A8775CA2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/E-commerce_Site/E-commerce_Site-Reflected_Cross_Site_Scripting.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249096",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249096",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2024/CVE-2024-216xx/CVE-2024-21625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21625",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-04T15:15:11.030",
"lastModified": "2024-01-04T15:15:11.030",
"vulnStatus": "Received",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-04T17:00:24.382538+00:00
2024-01-04T19:00:25.444381+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-04T16:57:57.387000+00:00
2024-01-04T18:53:13.777000+00:00
```
### Last Data Feed Release
@ -29,44 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234877
234878
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `1`
* [CVE-2023-3726](CVE-2023/CVE-2023-37xx/CVE-2023-3726.json) (`2024-01-04T15:15:09.117`)
* [CVE-2023-50760](CVE-2023/CVE-2023-507xx/CVE-2023-50760.json) (`2024-01-04T15:15:09.387`)
* [CVE-2023-50862](CVE-2023/CVE-2023-508xx/CVE-2023-50862.json) (`2024-01-04T15:15:09.593`)
* [CVE-2023-50863](CVE-2023/CVE-2023-508xx/CVE-2023-50863.json) (`2024-01-04T15:15:09.800`)
* [CVE-2023-50864](CVE-2023/CVE-2023-508xx/CVE-2023-50864.json) (`2024-01-04T15:15:10.003`)
* [CVE-2023-50865](CVE-2023/CVE-2023-508xx/CVE-2023-50865.json) (`2024-01-04T15:15:10.217`)
* [CVE-2023-50866](CVE-2023/CVE-2023-508xx/CVE-2023-50866.json) (`2024-01-04T15:15:10.417`)
* [CVE-2023-50867](CVE-2023/CVE-2023-508xx/CVE-2023-50867.json) (`2024-01-04T15:15:10.623`)
* [CVE-2023-6551](CVE-2023/CVE-2023-65xx/CVE-2023-6551.json) (`2024-01-04T16:15:09.380`)
* [CVE-2024-21625](CVE-2024/CVE-2024-216xx/CVE-2024-21625.json) (`2024-01-04T15:15:11.030`)
* [CVE-2023-6270](CVE-2023/CVE-2023-62xx/CVE-2023-6270.json) (`2024-01-04T17:15:08.803`)
### CVEs modified in the last Commit
Recently modified CVEs: `15`
Recently modified CVEs: `51`
* [CVE-2022-2389](CVE-2022/CVE-2022-23xx/CVE-2022-2389.json) (`2024-01-04T15:17:19.940`)
* [CVE-2023-6093](CVE-2023/CVE-2023-60xx/CVE-2023-6093.json) (`2024-01-04T15:15:10.880`)
* [CVE-2023-6094](CVE-2023/CVE-2023-60xx/CVE-2023-6094.json) (`2024-01-04T15:15:10.963`)
* [CVE-2023-28616](CVE-2023/CVE-2023-286xx/CVE-2023-28616.json) (`2024-01-04T15:28:24.317`)
* [CVE-2023-5180](CVE-2023/CVE-2023-51xx/CVE-2023-5180.json) (`2024-01-04T15:43:40.260`)
* [CVE-2023-50297](CVE-2023/CVE-2023-502xx/CVE-2023-50297.json) (`2024-01-04T15:57:56.167`)
* [CVE-2023-51654](CVE-2023/CVE-2023-516xx/CVE-2023-51654.json) (`2024-01-04T16:09:42.810`)
* [CVE-2023-43481](CVE-2023/CVE-2023-434xx/CVE-2023-43481.json) (`2024-01-04T16:15:04.757`)
* [CVE-2023-52075](CVE-2023/CVE-2023-520xx/CVE-2023-52075.json) (`2024-01-04T16:16:36.747`)
* [CVE-2023-40038](CVE-2023/CVE-2023-400xx/CVE-2023-40038.json) (`2024-01-04T16:18:01.263`)
* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-04T16:23:05.490`)
* [CVE-2023-51714](CVE-2023/CVE-2023-517xx/CVE-2023-51714.json) (`2024-01-04T16:36:01.253`)
* [CVE-2023-51700](CVE-2023/CVE-2023-517xx/CVE-2023-51700.json) (`2024-01-04T16:55:39.650`)
* [CVE-2023-51664](CVE-2023/CVE-2023-516xx/CVE-2023-51664.json) (`2024-01-04T16:57:12.717`)
* [CVE-2023-51443](CVE-2023/CVE-2023-514xx/CVE-2023-51443.json) (`2024-01-04T16:57:57.387`)
* [CVE-2023-7123](CVE-2023/CVE-2023-71xx/CVE-2023-7123.json) (`2024-01-04T18:35:57.930`)
* [CVE-2023-49003](CVE-2023/CVE-2023-490xx/CVE-2023-49003.json) (`2024-01-04T18:36:38.453`)
* [CVE-2023-7047](CVE-2023/CVE-2023-70xx/CVE-2023-7047.json) (`2024-01-04T18:37:04.157`)
* [CVE-2023-5939](CVE-2023/CVE-2023-59xx/CVE-2023-5939.json) (`2024-01-04T18:41:13.330`)
* [CVE-2023-49001](CVE-2023/CVE-2023-490xx/CVE-2023-49001.json) (`2024-01-04T18:45:26.187`)
* [CVE-2023-49000](CVE-2023/CVE-2023-490xx/CVE-2023-49000.json) (`2024-01-04T18:45:41.737`)
* [CVE-2023-5931](CVE-2023/CVE-2023-59xx/CVE-2023-5931.json) (`2024-01-04T18:45:49.370`)
* [CVE-2023-51084](CVE-2023/CVE-2023-510xx/CVE-2023-51084.json) (`2024-01-04T18:46:23.653`)
* [CVE-2023-51080](CVE-2023/CVE-2023-510xx/CVE-2023-51080.json) (`2024-01-04T18:46:45.783`)
* [CVE-2023-3726](CVE-2023/CVE-2023-37xx/CVE-2023-3726.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-50760](CVE-2023/CVE-2023-507xx/CVE-2023-50760.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-50862](CVE-2023/CVE-2023-508xx/CVE-2023-50862.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-50863](CVE-2023/CVE-2023-508xx/CVE-2023-50863.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-50864](CVE-2023/CVE-2023-508xx/CVE-2023-50864.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-50865](CVE-2023/CVE-2023-508xx/CVE-2023-50865.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-50866](CVE-2023/CVE-2023-508xx/CVE-2023-50866.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-50867](CVE-2023/CVE-2023-508xx/CVE-2023-50867.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-6551](CVE-2023/CVE-2023-65xx/CVE-2023-6551.json) (`2024-01-04T18:46:53.270`)
* [CVE-2023-5674](CVE-2023/CVE-2023-56xx/CVE-2023-5674.json) (`2024-01-04T18:49:34.613`)
* [CVE-2023-0011](CVE-2023/CVE-2023-00xx/CVE-2023-0011.json) (`2024-01-04T18:50:39.487`)
* [CVE-2023-37544](CVE-2023/CVE-2023-375xx/CVE-2023-37544.json) (`2024-01-04T18:52:01.020`)
* [CVE-2023-48116](CVE-2023/CVE-2023-481xx/CVE-2023-48116.json) (`2024-01-04T18:52:20.000`)
* [CVE-2023-48115](CVE-2023/CVE-2023-481xx/CVE-2023-48115.json) (`2024-01-04T18:52:28.027`)
* [CVE-2023-48114](CVE-2023/CVE-2023-481xx/CVE-2023-48114.json) (`2024-01-04T18:52:42.640`)
* [CVE-2024-21625](CVE-2024/CVE-2024-216xx/CVE-2024-21625.json) (`2024-01-04T18:46:53.270`)
## Download and Usage