From c05ddb888195278daf6a88dd1a226dffaabb22b8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 4 Jan 2024 19:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-04T19:00:25.444381+00:00 --- CVE-2022/CVE-2022-446xx/CVE-2022-44684.json | 80 ++++++++- CVE-2023/CVE-2023-00xx/CVE-2023-0011.json | 176 +++++++++++++++++++- CVE-2023/CVE-2023-31xx/CVE-2023-3171.json | 122 +++++++++++++- CVE-2023/CVE-2023-375xx/CVE-2023-37544.json | 64 ++++++- CVE-2023/CVE-2023-37xx/CVE-2023-3726.json | 4 +- CVE-2023/CVE-2023-393xx/CVE-2023-39323.json | 19 ++- CVE-2023/CVE-2023-424xx/CVE-2023-42436.json | 69 +++++++- CVE-2023/CVE-2023-457xx/CVE-2023-45737.json | 69 +++++++- CVE-2023/CVE-2023-457xx/CVE-2023-45740.json | 69 +++++++- CVE-2023/CVE-2023-458xx/CVE-2023-45871.json | 14 +- CVE-2023/CVE-2023-466xx/CVE-2023-46699.json | 69 +++++++- CVE-2023/CVE-2023-469xx/CVE-2023-46989.json | 65 +++++++- CVE-2023/CVE-2023-46xx/CVE-2023-4641.json | 166 +++++++++++++++++- CVE-2023/CVE-2023-481xx/CVE-2023-48114.json | 75 ++++++++- CVE-2023/CVE-2023-481xx/CVE-2023-48115.json | 75 ++++++++- CVE-2023/CVE-2023-481xx/CVE-2023-48116.json | 75 ++++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49000.json | 69 +++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49001.json | 68 +++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49003.json | 68 +++++++- CVE-2023/CVE-2023-492xx/CVE-2023-49228.json | 82 ++++++++- CVE-2023/CVE-2023-492xx/CVE-2023-49230.json | 82 ++++++++- CVE-2023/CVE-2023-494xx/CVE-2023-49469.json | 69 +++++++- CVE-2023/CVE-2023-499xx/CVE-2023-49949.json | 70 +++++++- CVE-2023/CVE-2023-502xx/CVE-2023-50255.json | 57 ++++++- CVE-2023/CVE-2023-504xx/CVE-2023-50428.json | 10 +- CVE-2023/CVE-2023-507xx/CVE-2023-50732.json | 80 ++++++++- CVE-2023/CVE-2023-507xx/CVE-2023-50760.json | 4 +- CVE-2023/CVE-2023-508xx/CVE-2023-50862.json | 4 +- CVE-2023/CVE-2023-508xx/CVE-2023-50863.json | 4 +- CVE-2023/CVE-2023-508xx/CVE-2023-50864.json | 4 +- CVE-2023/CVE-2023-508xx/CVE-2023-50865.json | 4 +- CVE-2023/CVE-2023-508xx/CVE-2023-50866.json | 4 +- CVE-2023/CVE-2023-508xx/CVE-2023-50867.json | 4 +- CVE-2023/CVE-2023-510xx/CVE-2023-51080.json | 69 +++++++- CVE-2023/CVE-2023-510xx/CVE-2023-51084.json | 68 +++++++- CVE-2023/CVE-2023-517xx/CVE-2023-51764.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51765.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51766.json | 8 +- CVE-2023/CVE-2023-56xx/CVE-2023-5644.json | 69 +++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5645.json | 69 +++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5672.json | 69 +++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5673.json | 69 +++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5674.json | 69 +++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5931.json | 69 +++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5939.json | 69 +++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6270.json | 59 +++++++ CVE-2023/CVE-2023-65xx/CVE-2023-6551.json | 4 +- CVE-2023/CVE-2023-70xx/CVE-2023-7047.json | 80 ++++++++- CVE-2023/CVE-2023-71xx/CVE-2023-7116.json | 62 ++++++- CVE-2023/CVE-2023-71xx/CVE-2023-7123.json | 59 ++++++- CVE-2023/CVE-2023-71xx/CVE-2023-7124.json | 59 ++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21625.json | 4 +- README.md | 61 +++---- 53 files changed, 2690 insertions(+), 236 deletions(-) create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6270.json diff --git a/CVE-2022/CVE-2022-446xx/CVE-2022-44684.json b/CVE-2022/CVE-2022-446xx/CVE-2022-44684.json index cb2a515d3a6..9e49668058c 100644 --- a/CVE-2022/CVE-2022-446xx/CVE-2022-44684.json +++ b/CVE-2022/CVE-2022-446xx/CVE-2022-44684.json @@ -2,12 +2,16 @@ "id": "CVE-2022-44684", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-20T20:15:19.003", - "lastModified": "2023-12-21T02:24:22.413", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:53:13.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Local Session Manager (LSM) Denial of Service Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Local Session Manager (LSM)" } ], "metrics": { @@ -34,10 +38,80 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19042.2364", + "matchCriteriaId": "AA5A49C2-6A51-4A73-AC74-532BC6430763" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19043.2364", + "matchCriteriaId": "86AEB671-97BB-4C0C-AC20-AFF67C541FA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.2364", + "matchCriteriaId": "B0458BC1-9795-459C-826C-A6A094AE03DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.2364", + "matchCriteriaId": "0D4D2A8F-5F2C-4A6F-902C-6C1DAD745CCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.1335", + "matchCriteriaId": "9E936B0C-9BA0-4C70-8469-F8D79A9B72E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.993", + "matchCriteriaId": "F9DC28E9-C12F-45C4-B591-B52CDABCBA98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44684", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Broken Link", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0011.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0011.json index ca3be5ef5a0..c0d867b06c4 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0011.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0011.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0011", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-12-20T08:15:43.503", - "lastModified": "2023-12-20T13:50:15.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:50:39.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -50,10 +80,150 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:u-blox:toby-l200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "23BBDE75-F751-4CA5-BB8F-B0A7443F31B0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:u-blox:toby-l200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7AFF98D9-6F6A-4998-A4D6-718EF265ADD7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:u-blox:toby-l201_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49EA82B9-A8B8-47BE-B4A4-2C617C8DFFA7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:u-blox:toby-l201:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B1944470-58F1-45D5-86D5-DAE6B1C5300D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:u-blox:toby-l210_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0566D11-FF7F-4FD2-BA72-E88BE6575F85" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:u-blox:toby-l210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1AE97AF5-F30C-49A2-B9C1-4A8D06627E61" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:u-blox:toby-l220_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD6FAB6F-9FCA-4ECE-9405-B076D228CA6A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:u-blox:toby-l220:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED64C75E-0D3F-4803-B7A5-73C9E2FD3E15" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:u-blox:toby-l280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D80D9729-1AC5-4A6E-BB9F-FE0B3EF81A1D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:u-blox:toby-l280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "115539C2-F49B-4D21-BA9E-32D67D33FAAB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.u-blox.com/en/report-security-issues", - "source": "vulnerability@ncsc.ch" + "source": "vulnerability@ncsc.ch", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3171.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3171.json index a0c9da0e6d1..1d695a4fcec 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3171.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3171.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3171", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-27T16:15:13.103", - "lastModified": "2023-12-27T18:24:09.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:07:40.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en EAP-7 durante la deserializaci\u00f3n de ciertas clases, lo que permite la creaci\u00f3n de instancias de HashMap y HashTable sin verificar los recursos consumidos. Este problema podr\u00eda permitir que un atacante env\u00ede solicitudes maliciosas utilizando estas clases, lo que eventualmente podr\u00eda agotar el mont\u00f3n y provocar una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,30 +80,102 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*", + "matchCriteriaId": "645A908C-18C2-4AB1-ACE7-3969E3A552A5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*", + "matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:5484", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:5485", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:5486", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:5488", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3171", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37544.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37544.json index 5ad26b9eb5b..0546834f8ce 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37544.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37544.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37544", "sourceIdentifier": "security@apache.org", "published": "2023-12-20T09:15:07.007", - "lastModified": "2023-12-20T13:50:15.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:52:01.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@apache.org", "type": "Secondary", @@ -50,14 +70,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.10.5", + "matchCriteriaId": "D512CD7B-D493-491E-A6C5-879E81251897" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.11.0", + "versionEndExcluding": "2.11.2", + "matchCriteriaId": "0ECAEE42-ADBE-40B3-BD33-3C7D2006C2C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:pulsar:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B50CF4D0-189C-404B-9906-04E7BB94B574" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/12/20/2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/od0k9zts1toc9h9snbqq4pjpyx28mv4m", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json index 4f608d97fce..21db127ddb3 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3726", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:09.117", - "lastModified": "2024-01-04T15:15:09.117", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json index 1514e1c6410..d369b87bab6 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39323", "sourceIdentifier": "security@golang.org", "published": "2023-10-05T21:15:11.283", - "lastModified": "2023-11-25T11:15:17.997", - "vulnStatus": "Modified", + "lastModified": "2024-01-04T18:04:15.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 8.1, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.2, "impactScore": 5.9 } ] @@ -157,7 +157,10 @@ }, { "url": "https://security.gentoo.org/glsa/202311-09", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20231020-0001/", diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42436.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42436.json index 3612d36c130..4d7c1cc1d52 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42436.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42436.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42436", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:09.637", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:08:27.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Existe una vulnerabilidad de cross-site scripting almacenado en la funci\u00f3n de presentaci\u00f3n de las versiones de GROWI anteriores a la v3.4.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.4.0", + "matchCriteriaId": "D901AB34-3DCE-4839-80CD-3FEC49A4A54D" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45737.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45737.json index 5ab0bbcd300..ea7de778a85 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45737.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45737.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45737", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:09.907", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:13:57.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Existe una vulnerabilidad de cross-site scripting almacenado en la p\u00e1gina App Settings (/admin/app) y en la p\u00e1gina Markdown Settings (/admin/markdown) de las versiones de GROWI anteriores a la v3.5.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0", + "matchCriteriaId": "740F997E-C5AB-460E-ABF3-A81A61BFE75F" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45740.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45740.json index f6d544800a3..e340ddcf6c7 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45740.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45740.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45740", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:10.010", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:11:01.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La vulnerabilidad de cross-site scripting almacenado al procesar im\u00e1genes de perfil existe en las versiones de GROWI anteriores a la v4.1.3. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.3", + "matchCriteriaId": "2A391DBE-7AF1-4D74-9AA0-DBA4B971D298" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json index 9591a452c43..9123e678624 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45871", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-15T01:15:09.027", - "lastModified": "2023-12-28T16:18:15.007", + "lastModified": "2024-01-04T18:04:09.773", "vulnStatus": "Analyzed", "descriptions": [ { @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 1.6, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46699.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46699.json index 9c3e5aaec6f..c2f1b0aed06 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46699.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46699.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46699", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:10.407", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:09:09.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La vulnerabilidad de Cross-site request forgery (CSRF) existe en la p\u00e1gina User settings (/me) de las versiones de GROWI anteriores a la v6.0.0. Si un usuario ve una p\u00e1gina maliciosa mientras inicia sesi\u00f3n, la configuraci\u00f3n puede cambiarse sin la intenci\u00f3n del usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.0", + "matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46989.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46989.json index e87571d1424..abf38f4d3d0 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46989.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46989.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46989", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T06:15:44.227", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:14:27.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Innovadeluxe Quick Order para PrestaShop anterior a v.1.4.0, permite a atacantes locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n getProducts() en el archivo productlist.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:innovadeluxe:quick_order:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "1.4.0", + "matchCriteriaId": "17E3F176-B73F-4222-9429-AED82553EC5C" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/12/12/idxquickorder.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4641.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4641.json index 58572b20e5d..c7b0b18f903 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4641.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4641.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4641", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-27T16:15:13.363", - "lastModified": "2023-12-27T18:24:09.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:06:55.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Shadow-Utils. Al solicitar una nueva contrase\u00f1a, Shadow-Utils la solicita dos veces. Si la contrase\u00f1a falla en el segundo intento, Shadow-Utils no logra limpiar el b\u00fafer utilizado para almacenar la primera entrada. Esto puede permitir que un atacante con suficiente acceso recupere la contrase\u00f1a de la memoria." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,22 +80,142 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shadow-maint:shadow-utils:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.14.0", + "matchCriteriaId": "484C918F-130D-4D52-85EF-F7DCD276CC36" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2ABBAA9E-CCBA-480B-ABB5-454448D91262" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "910C9542-26FC-4635-9351-128727971830" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "55CF7208-4D36-4C35-92BC-F6EA2C8DEDE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "F791F846-7762-40E0-9056-032FD10F2046" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "7B3D7389-35C1-48C4-A9EC-2564842723C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6B528C5D-0F72-4685-8516-257597E94AE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:6632", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7112", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4641", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48114.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48114.json index 2cc176fca6d..4375b9df37b 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48114.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48114.json @@ -2,23 +2,88 @@ "id": "CVE-2023-48114", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T15:15:09.587", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:52:42.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name." + }, + { + "lang": "es", + "value": "SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite XSS almacenado usando image/svg+xml y un documento SVG cargado. Esto ocurre porque la aplicaci\u00f3n intenta permitir las URL de youtube.com, pero en realidad permite youtube.com seguido de un car\u00e1cter @ y un nombre de dominio controlado por el atacante." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0.8495", + "versionEndExcluding": "16.0.8747", + "matchCriteriaId": "71542879-0A2F-4646-A8E1-54DF2347F4FB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.smartertools.com/smartermail/release-notes/current", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48115.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48115.json index 56ae3d77ad5..e847394bf31 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48115.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48115.json @@ -2,23 +2,88 @@ "id": "CVE-2023-48115", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T15:15:09.637", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:52:28.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request." + }, + { + "lang": "es", + "value": "SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite DOM XSS almacenado porque se omite un mecanismo de protecci\u00f3n XSS cuando messageHTML y messagePlainText se configuran en la misma solicitud." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0.8495", + "versionEndExcluding": "16.0.8747", + "matchCriteriaId": "71542879-0A2F-4646-A8E1-54DF2347F4FB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.smartertools.com/smartermail/release-notes/current", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48116.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48116.json index de1badeb77a..3e5d5eb4a6b 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48116.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48116.json @@ -2,23 +2,88 @@ "id": "CVE-2023-48116", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T15:15:09.697", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:52:20.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment." + }, + { + "lang": "es", + "value": "SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite almacenar XSS a trav\u00e9s de una descripci\u00f3n manipulada de una cita del Calendario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0.8495", + "versionEndExcluding": "16.0.8747", + "matchCriteriaId": "71542879-0A2F-4646-A8E1-54DF2347F4FB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.smartertools.com/smartermail/release-notes/current", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json index 46c139dc460..4b9d3e52180 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49000.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49000", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T22:15:16.653", - "lastModified": "2023-12-28T15:09:59.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:45:41.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Un problema en ArtistScope ArtisBrowser v.34.1.5 y anteriores permite a un atacante omitir las restricciones de acceso previstas mediante la interacci\u00f3n con el componente com.artis.browser.IntentReceiverActivity." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artistscope:artisbrowser:*:*:*:*:*:*:*:*", + "versionEndIncluding": "34.1.5", + "matchCriteriaId": "AD17DF57-D7E8-42AE-970B-9FD4BE38982F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/actuator/cve/blob/main/CVE-2023-49000", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49001.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49001.json index 50d2db2da65..43c4b2517d4 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49001.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49001", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T22:15:16.700", - "lastModified": "2023-12-28T15:09:59.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:45:26.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,73 @@ "value": "Un problema en Indi Browser (aka kvbrowser) v.12.11.23 permite a un atacante omitir las restricciones de acceso previstas mediante la interacci\u00f3n con el componente com.example.gurry.kvbrowswer.webview." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:indibrowser:indi_browser:12.11.23:*:*:*:*:*:*:*", + "matchCriteriaId": "34065821-EF9B-48F5-AC74-29206CFDCBD5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/actuator/com.gurry.kvbrowser/blob/main/CWE-94.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/actuator/cve/blob/main/CVE-2023-49001", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49003.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49003.json index 6747b067dbb..3fc66f693b5 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49003.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49003.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49003", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T22:15:16.790", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:36:38.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,73 @@ "value": "Un problema en simplemobiletools Simple Dialer 5.18.1 permite a un atacante omitirlas restricciones de acceso previstas mediante la interacci\u00f3n con com.simplemobiletools.dialer.activities.DialerActivity." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplemobiletools:simple_dialer:5.18.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2D66FA02-CDAC-43D2-B453-3FFA457834E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/actuator/com.simplemobiletools.dialer/blob/main/CWE-928.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/actuator/cve/blob/main/CVE-2023-49003", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49228.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49228.json index 6970f7d4f3f..308778a4580 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49228.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49228.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49228", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T04:15:08.023", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:54:01.673", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,87 @@ "value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. La autenticaci\u00f3n del puerto de consola utiliza credenciales codificadas, lo que permite a un atacante con acceso f\u00edsico y conocimiento suficiente ejecutar comandos arbitrarios como root." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.4.0", + "matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49230.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49230.json index 5848fdbfccf..87813d3124c 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49230.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49230.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49230", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T04:15:08.150", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:17:22.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,87 @@ "value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. Una verificaci\u00f3n de autorizaci\u00f3n faltante en portales cautivos permite a los atacantes modificar las configuraciones de los portales sin autenticaci\u00f3n previa." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.4.0", + "matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49469.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49469.json index a7603057497..8436017b078 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49469.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49469.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49469", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T06:15:44.340", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:14:07.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Vulnerabilidad reflejada de Cross Site Scripting (XSS) en Shaarli v0.12.2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de etiqueta de b\u00fasqueda." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shaarli_project:shaarli:0.12.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3FB9DCA3-CDAD-4047-9EEB-D35772A5B4F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/shaarli/Shaarli/issues/2038", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/shaarli/Shaarli/releases/tag/v0.13.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49949.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49949.json index d251053e244..e93999eb842 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49949.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49949.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49949", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-26T14:15:07.277", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:32:10.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Passwork anterior a 6.2.0 permite a los usuarios autenticados remotamente omitir 2FA enviando un mill\u00f3n de c\u00f3digos de 6 d\u00edgitos posibles." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:passwork:passwork:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.2.0", + "matchCriteriaId": "861369D4-3EB5-4EF5-BB22-3B043204AA9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://acribia.ru/articles/2fa_bypass_passwork", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://passwork.ru/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50255.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50255.json index 56a0b5d29c3..18c8e46923b 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50255.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50255.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50255", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-27T17:15:07.847", - "lastModified": "2023-12-27T18:24:09.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:03:20.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n" + }, + { + "lang": "es", + "value": "Deepin-Compressor es el administrador de archivos predeterminado del sistema operativo Deepin Linux. Antes de la versi\u00f3n 5.12.21, hab\u00eda una vulnerabilidad de path traversal en deepin-compressor que se pod\u00eda explotar para lograr la ejecuci\u00f3n remota de comandos en el sistema de destino al abrir archivos manipulados. Se recomienda a los usuarios que actualicen a la versi\u00f3n 5.12.21, que soluciona el problema. No se conocen workarounds para esta vulnerabilidad. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -54,14 +78,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deepin:deepin-compressor:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.12.21", + "matchCriteriaId": "4B8C269F-A8B9-4677-B050-5C9F7DD7D4FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50428.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50428.json index c0f14e9eb4c..794c4fc98c1 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50428.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50428.json @@ -2,12 +2,12 @@ "id": "CVE-2023-50428", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-09T19:15:07.977", - "lastModified": "2023-12-11T17:50:29.823", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-04T17:15:08.690", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023." + "value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\"" }, { "lang": "es", @@ -84,6 +84,10 @@ "Third Party Advisory" ] }, + { + "url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53", + "source": "cve@mitre.org" + }, { "url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json index 6e8b47353a5..9662f8cfb97 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50732", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-21T20:15:07.900", - "lastModified": "2023-12-22T12:18:32.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:55:32.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +80,58 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.3", + "versionEndExcluding": "14.10.7", + "matchCriteriaId": "BCBC97DA-9B2B-4A24-A5CB-DD15CBDD301B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F1AD4421-AE75-43F7-9B8F-F0A739D166C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Mitigation", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20625", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50760.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50760.json index 23b5a818f26..4bd22956131 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50760.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50760.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50760", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:09.387", - "lastModified": "2024-01-04T15:15:09.387", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50862.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50862.json index bab3d4c8e11..0a1b561e64b 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50862.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50862", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:09.593", - "lastModified": "2024-01-04T15:15:09.593", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50863.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50863.json index 3dd5cfdb1bf..dd2023e7abf 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50863.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50863", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:09.800", - "lastModified": "2024-01-04T15:15:09.800", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50864.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50864.json index 60bf98c8749..58a9943849a 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50864.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50864.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50864", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:10.003", - "lastModified": "2024-01-04T15:15:10.003", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50865.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50865.json index ffa9fd03a8e..cb5ad6f3cda 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50865.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50865.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50865", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:10.217", - "lastModified": "2024-01-04T15:15:10.217", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50866.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50866.json index 101a0754f52..441245974e6 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50866.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50866.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50866", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:10.417", - "lastModified": "2024-01-04T15:15:10.417", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50867.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50867.json index a067dee0c3c..d288d5976ba 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50867.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50867.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50867", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:10.623", - "lastModified": "2024-01-04T15:15:10.623", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51080.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51080.json index e456fc74458..0cd7c8d27bf 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51080.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51080.json @@ -2,19 +2,80 @@ "id": "CVE-2023-51080", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T21:15:08.397", - "lastModified": "2023-12-27T21:37:15.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:46:45.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el m\u00e9todo NumberUtil.toBigDecimal en hutool-core v5.8.23 conten\u00eda un desbordamiento de pila." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hutool:hutool:5.8.23:*:*:*:*:*:*:*", + "matchCriteriaId": "E06EB61A-4250-4F44-9743-3108FF70C157" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/dromara/hutool/issues/3423", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51084.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51084.json index 12b9b0e4dc3..030e4837a14 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51084.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51084.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51084", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T21:15:08.450", - "lastModified": "2023-12-27T21:37:15.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:46:23.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que hyavijava v6.0.07.1 conten\u00eda un desbordamiento de pila mediante el m\u00e9todo ResultConverter.convert2Xml." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yavijava:yavijava:6.0.07.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2B65B9D4-F712-40E8-9651-B632DBD5EFDC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/PoppingSnack/VulReport/issues/12", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json index 3dd32f524a6..09fcd17dbd2 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51764", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T05:15:08.273", - "lastModified": "2023-12-29T02:15:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:15:08.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -51,6 +51,10 @@ { "url": "https://www.postfix.org/smtp-smuggling.html", "source": "cve@mitre.org" + }, + { + "url": "https://www.youtube.com/watch?v=V8KPV96g1To", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json index be0d8c1f0c3..a9822826ce2 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51765", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T06:15:07.527", - "lastModified": "2023-12-30T18:15:40.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:15:08.607", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -71,6 +71,10 @@ { "url": "https://www.openwall.com/lists/oss-security/2023/12/22/7", "source": "cve@mitre.org" + }, + { + "url": "https://www.youtube.com/watch?v=V8KPV96g1To", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json index 18c224006e9..dd229939d7a 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51766", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T06:15:07.673", - "lastModified": "2024-01-04T16:23:05.490", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-04T18:15:08.680", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -221,6 +221,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.youtube.com/watch?v=V8KPV96g1To", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5644.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5644.json index c0aa51da9fe..8f7e5da7771 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5644.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5644.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5644", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:07.843", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:12:49.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users." + }, + { + "lang": "es", + "value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no autoriza correctamente sus endpoint de API REST, lo que permite a los usuarios con el rol de Colaborador ver y eliminar datos a los que solo deber\u00edan tener acceso los usuarios administradores." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.3", + "matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/08f1d623-0453-4103-a9aa-2d0ddb6eb69e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5645.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5645.json index 0aa849a0c4b..5fa5a6a37f9 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5645.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5645.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5645", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:07.890", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:13:05.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor." + }, + { + "lang": "es", + "value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que lleva a una inyecci\u00f3n SQL explotable por usuarios con un rol tan bajo como Colaborador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.3", + "matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/e392fb53-66e9-4c43-9e4f-f4ea7c561551", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5672.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5672.json index 51257788794..d46a3538620 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5672.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5672.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5672", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:07.937", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:08:45.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files." + }, + { + "lang": "es", + "value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no valida correctamente los par\u00e1metros de ruta de archivo al adjuntar archivos a correos electr\u00f3nicos, lo que provoca la inclusi\u00f3n de archivos locales y permite que un atacante filtre el contenido de archivos arbitrarios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.3", + "matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5673.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5673.json index 7edf89a484b..6ca36382e75 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5673.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5673.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5673", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:07.980", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:09:37.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution." + }, + { + "lang": "es", + "value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no valida correctamente las extensiones de archivo que cargan archivos para adjuntarlos a correos electr\u00f3nicos, lo que permite a los atacantes cargar archivos PHP, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.3", + "matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5674.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5674.json index 21c8e6c3549..d2d04fb83cb 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5674.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5674.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5674", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.023", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:49:34.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor." + }, + { + "lang": "es", + "value": "El complemento WP Mail Log WordPress anterior a 1.1.3 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que lleva a una inyecci\u00f3n SQL explotable por usuarios con un rol tan bajo como Colaborador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.3", + "matchCriteriaId": "0DB6599D-1AF5-4662-B350-8389E2D4988E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5931.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5931.json index ed8f50c9479..c93e22c14c0 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5931.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5931.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5931", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.077", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:45:49.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server" + }, + { + "lang": "es", + "value": "El complemento rtMedia para WordPress, BuddyPress y bbPress WordPress anterior a 4.6.16 no valida los archivos que se cargar\u00e1n, lo que podr\u00eda permitir a atacantes con una cuenta con pocos privilegios (por ejemplo, suscriptores) cargar archivos arbitrarios como PHP en el servidor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rtcamp:rtmedia:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.6.16", + "matchCriteriaId": "76F051CB-D2C0-4BC3-AEC7-556534B3A627" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5939.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5939.json index 0283297536d..f5abdbc66d1 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5939.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5939.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5939", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.120", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:41:13.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users." + }, + { + "lang": "es", + "value": "El complemento rtMedia para WordPress, BuddyPress y bbPress WordPress anterior a 4.6.16 carga el contenido del archivo de importaci\u00f3n de forma insegura, lo que provoca la ejecuci\u00f3n remota de c\u00f3digo por parte de usuarios privilegiados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rtcamp:rtmedia:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.6.16", + "matchCriteriaId": "76F051CB-D2C0-4BC3-AEC7-556534B3A627" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6270.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6270.json new file mode 100644 index 00000000000..4ec60776d49 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6270.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6270", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-04T17:15:08.803", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6270", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256786", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6551.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6551.json index 7bd3e9c8650..e94e9246901 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6551.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6551.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6551", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-04T16:15:09.380", - "lastModified": "2024-01-04T16:15:09.380", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7047.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7047.json index 70765c71263..99f72989d4c 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7047.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7047.json @@ -2,19 +2,91 @@ "id": "CVE-2023-7047", "sourceIdentifier": "security@devolutions.net", "published": "2023-12-21T15:15:14.427", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:37:04.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nInadequate validation of permissions when employing remote tools and \nmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and \nearlier permits a user to initiate a connection without proper execution\n rights via the remote tools feature. This affects only SQL data sources.\n" + }, + { + "lang": "es", + "value": "La validaci\u00f3n inadecuada de permisos al emplear herramientas remotas y macros a trav\u00e9s del men\u00fa contextual dentro de las versiones 2023.3.31 y anteriores de Devolutions Remote Desktop Manager permite a un usuario iniciar una conexi\u00f3n sin los derechos de ejecuci\u00f3n adecuados a trav\u00e9s de la funci\u00f3n de herramientas remotas. Esto afecta s\u00f3lo a las fuentes de datos SQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.3.31.0", + "matchCriteriaId": "54C810F3-599E-44AD-ABF9-B63C828D2868" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0024/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7116.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7116.json index 2b0623bbaac..1198bcbd4de 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7116.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7116.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7116", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-27T16:15:13.580", - "lastModified": "2023-12-27T18:24:09.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T17:04:33.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249086 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en WeiYe-Jing datax-web 2.1.2 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /api/log/killJob del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ProcessId conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249086 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:datax-web_project:datax-web:2.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "16F7D48B-A5CC-48B9-89C0-A6E6A86A6318" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@2839549219ljk/rec-vulnerability-e8f2e1033b1f", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.249086", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.249086", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7123.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7123.json index d3a3010edd8..521705b4102 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7123.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7123.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7123", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T00:15:12.310", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:35:57.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom:medicine_tracker_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F48F1E41-C4C8-4AC2-9FA8-FEBC30E278E1" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@2839549219ljk/medicine-tracking-system-sql-injection-7b0dde3a82a4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.249095", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.249095", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7124.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7124.json index 68ead073dae..7861a535655 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7124.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7124.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7124", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T03:15:08.070", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T18:33:58.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:e-commerce_site:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1E87EFAB-5254-4878-B8E2-5FC6A8775CA2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/E-commerce_Site/E-commerce_Site-Reflected_Cross_Site_Scripting.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.249096", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.249096", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21625.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21625.json index 0a09a12bcb7..f50c6465c74 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21625.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21625.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21625", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-04T15:15:11.030", - "lastModified": "2024-01-04T15:15:11.030", - "vulnStatus": "Received", + "lastModified": "2024-01-04T18:46:53.270", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index c78450696cf..53780dfb355 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-04T17:00:24.382538+00:00 +2024-01-04T19:00:25.444381+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-04T16:57:57.387000+00:00 +2024-01-04T18:53:13.777000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234877 +234878 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `1` -* [CVE-2023-3726](CVE-2023/CVE-2023-37xx/CVE-2023-3726.json) (`2024-01-04T15:15:09.117`) -* [CVE-2023-50760](CVE-2023/CVE-2023-507xx/CVE-2023-50760.json) (`2024-01-04T15:15:09.387`) -* [CVE-2023-50862](CVE-2023/CVE-2023-508xx/CVE-2023-50862.json) (`2024-01-04T15:15:09.593`) -* [CVE-2023-50863](CVE-2023/CVE-2023-508xx/CVE-2023-50863.json) (`2024-01-04T15:15:09.800`) -* [CVE-2023-50864](CVE-2023/CVE-2023-508xx/CVE-2023-50864.json) (`2024-01-04T15:15:10.003`) -* [CVE-2023-50865](CVE-2023/CVE-2023-508xx/CVE-2023-50865.json) (`2024-01-04T15:15:10.217`) -* [CVE-2023-50866](CVE-2023/CVE-2023-508xx/CVE-2023-50866.json) (`2024-01-04T15:15:10.417`) -* [CVE-2023-50867](CVE-2023/CVE-2023-508xx/CVE-2023-50867.json) (`2024-01-04T15:15:10.623`) -* [CVE-2023-6551](CVE-2023/CVE-2023-65xx/CVE-2023-6551.json) (`2024-01-04T16:15:09.380`) -* [CVE-2024-21625](CVE-2024/CVE-2024-216xx/CVE-2024-21625.json) (`2024-01-04T15:15:11.030`) +* [CVE-2023-6270](CVE-2023/CVE-2023-62xx/CVE-2023-6270.json) (`2024-01-04T17:15:08.803`) ### CVEs modified in the last Commit -Recently modified CVEs: `15` +Recently modified CVEs: `51` -* [CVE-2022-2389](CVE-2022/CVE-2022-23xx/CVE-2022-2389.json) (`2024-01-04T15:17:19.940`) -* [CVE-2023-6093](CVE-2023/CVE-2023-60xx/CVE-2023-6093.json) (`2024-01-04T15:15:10.880`) -* [CVE-2023-6094](CVE-2023/CVE-2023-60xx/CVE-2023-6094.json) (`2024-01-04T15:15:10.963`) -* [CVE-2023-28616](CVE-2023/CVE-2023-286xx/CVE-2023-28616.json) (`2024-01-04T15:28:24.317`) -* [CVE-2023-5180](CVE-2023/CVE-2023-51xx/CVE-2023-5180.json) (`2024-01-04T15:43:40.260`) -* [CVE-2023-50297](CVE-2023/CVE-2023-502xx/CVE-2023-50297.json) (`2024-01-04T15:57:56.167`) -* [CVE-2023-51654](CVE-2023/CVE-2023-516xx/CVE-2023-51654.json) (`2024-01-04T16:09:42.810`) -* [CVE-2023-43481](CVE-2023/CVE-2023-434xx/CVE-2023-43481.json) (`2024-01-04T16:15:04.757`) -* [CVE-2023-52075](CVE-2023/CVE-2023-520xx/CVE-2023-52075.json) (`2024-01-04T16:16:36.747`) -* [CVE-2023-40038](CVE-2023/CVE-2023-400xx/CVE-2023-40038.json) (`2024-01-04T16:18:01.263`) -* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-04T16:23:05.490`) -* [CVE-2023-51714](CVE-2023/CVE-2023-517xx/CVE-2023-51714.json) (`2024-01-04T16:36:01.253`) -* [CVE-2023-51700](CVE-2023/CVE-2023-517xx/CVE-2023-51700.json) (`2024-01-04T16:55:39.650`) -* [CVE-2023-51664](CVE-2023/CVE-2023-516xx/CVE-2023-51664.json) (`2024-01-04T16:57:12.717`) -* [CVE-2023-51443](CVE-2023/CVE-2023-514xx/CVE-2023-51443.json) (`2024-01-04T16:57:57.387`) +* [CVE-2023-7123](CVE-2023/CVE-2023-71xx/CVE-2023-7123.json) (`2024-01-04T18:35:57.930`) +* [CVE-2023-49003](CVE-2023/CVE-2023-490xx/CVE-2023-49003.json) (`2024-01-04T18:36:38.453`) +* [CVE-2023-7047](CVE-2023/CVE-2023-70xx/CVE-2023-7047.json) (`2024-01-04T18:37:04.157`) +* [CVE-2023-5939](CVE-2023/CVE-2023-59xx/CVE-2023-5939.json) (`2024-01-04T18:41:13.330`) +* [CVE-2023-49001](CVE-2023/CVE-2023-490xx/CVE-2023-49001.json) (`2024-01-04T18:45:26.187`) +* [CVE-2023-49000](CVE-2023/CVE-2023-490xx/CVE-2023-49000.json) (`2024-01-04T18:45:41.737`) +* [CVE-2023-5931](CVE-2023/CVE-2023-59xx/CVE-2023-5931.json) (`2024-01-04T18:45:49.370`) +* [CVE-2023-51084](CVE-2023/CVE-2023-510xx/CVE-2023-51084.json) (`2024-01-04T18:46:23.653`) +* [CVE-2023-51080](CVE-2023/CVE-2023-510xx/CVE-2023-51080.json) (`2024-01-04T18:46:45.783`) +* [CVE-2023-3726](CVE-2023/CVE-2023-37xx/CVE-2023-3726.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-50760](CVE-2023/CVE-2023-507xx/CVE-2023-50760.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-50862](CVE-2023/CVE-2023-508xx/CVE-2023-50862.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-50863](CVE-2023/CVE-2023-508xx/CVE-2023-50863.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-50864](CVE-2023/CVE-2023-508xx/CVE-2023-50864.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-50865](CVE-2023/CVE-2023-508xx/CVE-2023-50865.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-50866](CVE-2023/CVE-2023-508xx/CVE-2023-50866.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-50867](CVE-2023/CVE-2023-508xx/CVE-2023-50867.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-6551](CVE-2023/CVE-2023-65xx/CVE-2023-6551.json) (`2024-01-04T18:46:53.270`) +* [CVE-2023-5674](CVE-2023/CVE-2023-56xx/CVE-2023-5674.json) (`2024-01-04T18:49:34.613`) +* [CVE-2023-0011](CVE-2023/CVE-2023-00xx/CVE-2023-0011.json) (`2024-01-04T18:50:39.487`) +* [CVE-2023-37544](CVE-2023/CVE-2023-375xx/CVE-2023-37544.json) (`2024-01-04T18:52:01.020`) +* [CVE-2023-48116](CVE-2023/CVE-2023-481xx/CVE-2023-48116.json) (`2024-01-04T18:52:20.000`) +* [CVE-2023-48115](CVE-2023/CVE-2023-481xx/CVE-2023-48115.json) (`2024-01-04T18:52:28.027`) +* [CVE-2023-48114](CVE-2023/CVE-2023-481xx/CVE-2023-48114.json) (`2024-01-04T18:52:42.640`) +* [CVE-2024-21625](CVE-2024/CVE-2024-216xx/CVE-2024-21625.json) (`2024-01-04T18:46:53.270`) ## Download and Usage