admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-20T17:00:25.397408+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-20 17:00:29 +00:00
parent cba3207822
commit c2e15d26fa
40 changed files with 2579 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

376
CVE-2016/CVE-2016-101xx/CVE-2016-10165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-10165",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-02-03T19:59:00.177",
"lastModified": "2018-10-30T16:27:32.030",
"vulnStatus": "Modified",
"lastModified": "2023-12-20T16:43:35.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,7 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "136B7EFE-BB8B-42B3-BD81-4E25BEE19041"
"versionEndIncluding": "2.8",
"matchCriteriaId": "FA7EC7D5-DF9C-4AD2-BA4F-05895AE73E25"
}
]
}
@ -97,6 +98,26 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
@ -120,6 +141,283 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "7.3",
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"versionStartIncluding": "9.5",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*",
"matchCriteriaId": "76181AF5-D035-4372-AAD4-FDD37AC3C071"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*",
"matchCriteriaId": "FE940E30-17B5-4973-A5CA-D3E714B153BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*",
"matchCriteriaId": "3275348E-0FAF-4DC1-94A6-B53014659D49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF71C49-ADEF-4EE2-802C-6159ADD51355"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*",
"matchCriteriaId": "24377899-5389-4BDC-AC82-0E4186F4DE53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*",
"matchCriteriaId": "23FE83DE-AE7C-4313-88E3-886110C31302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*",
"matchCriteriaId": "490B327B-AC20-419B-BB76-8AB6971304BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA74E8B-51E2-4A7C-8A98-0583D31134A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B64AB37-A1D9-4163-A51B-4C780361F1F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE9C9D7-9CED-4184-A190-1024A6FB8C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B73D4C3C-A511-4E14-B19F-91F561ACB1B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*",
"matchCriteriaId": "039C3790-5AA2-4895-AEAE-CC84A71DB907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4592238-D1F2-43D6-9BAB-2F63ECF9C965"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA78068-80E9-4E49-9056-88EAB7E3682C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*",
"matchCriteriaId": "092F366C-E8B0-4BE5-B106-0B7A73B08D34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7992E92-B159-4810-B895-01A9B944058A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "BA71C0C3-CC74-4AB8-BD5B-A0553DC10418"
}
]
}
]
}
],
"references": [
@ -132,11 +430,17 @@
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2017/dsa-3774",
@ -165,7 +469,10 @@
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://www.securityfocus.com/bid/95808",
@ -177,31 +484,53 @@
},
{
"url": "http://www.securitytracker.com/id/1039596",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2999",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:3046",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:3264",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:3267",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:3268",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:3453",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2",
@ -214,15 +543,24 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/3770-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/3770-2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2020/CVE-2020-174xx/CVE-2020-17483.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2020-17483",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-16T01:15:07.200",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:39:34.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del GPS Tracker de Uffizio que conduce a la divulgaci\u00f3n de informaci\u00f3n confidencial de todos los dispositivos conectados. Al visitar el host vulnerable en el puerto 9000, vemos que responde con un cuerpo JSON que tiene todos los detalles sobre los dispositivos que se han implementado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.uffizio.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

73
CVE-2020/CVE-2020-174xx/CVE-2020-17484.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2020-17484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-16T01:15:07.253",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:47:28.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de redirecci\u00f3n abierta en todas las versiones del GPS Tracker de Uffizio que permite a un atacante construir una URL dentro de la aplicaci\u00f3n que provoca una redirecci\u00f3n a un dominio externo arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.uffizio.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

73
CVE-2020/CVE-2020-174xx/CVE-2020-17485.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2020-17485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-16T01:15:07.300",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:39:09.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en todas las versiones del GPS Tracker de Uffizio. El servidor web puede verse comprometido al cargar y ejecutar un shell web/inverso. Luego, un atacante podr\u00eda ejecutar comandos, explorar archivos del sistema y explorar recursos locales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.uffizio.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

91
CVE-2021/CVE-2021-427xx/CVE-2021-42794.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-42794",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-16T01:15:07.367",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:16:11.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones R2020 y anteriores de AVEVA Edge (anteriormente InduSoft Web Studio). La aplicaci\u00f3n permite a un cliente proporcionar una cadena de conexi\u00f3n maliciosa que podr\u00eda permitir a un adversario escanear puertos de la LAN, dependiendo de las respuestas de los hosts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,18 +58,75 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "1838ED5C-E082-4087-A55D-8038A308510C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:edge:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "AF8F7975-0BF0-446E-A33C-306D9045BE5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:edge:2020:r2:-:*:*:*:*:*",
"matchCriteriaId": "F6A6358A-9F55-452A-8378-5BF05473EDFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:edge:2020:r2:sp1:*:*:*:*:*",
"matchCriteriaId": "D5080C65-4773-4AF2-B385-9FD02BAD5237"
}
]
}
]
}
],
"references": [
{
"url": "https://www.aveva.com/en/products/edge/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.exploit-db.com/docs/english/17254-connection-string-parameter-pollution-attacks.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

77
CVE-2023/CVE-2023-280xx/CVE-2023-28022.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28022",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-12-15T23:15:07.373",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:47:18.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.\n"
},
{
"lang": "es",
"value": "HCL Connections es afectado por una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que podr\u00eda permitir a un usuario obtener informaci\u00f3n confidencial a la que no tiene derecho, causada por un manejo inadecuado de los datos de la solicitud."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "217197F0-089E-463E-904D-BDB31F929FE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D30E64-F094-4692-A882-CAAA3AFE8C1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E0F2F-7C8D-4334-8B8D-CCF88431F6DF"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108433",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28782.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28782",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T15:15:07.880",
"lastModified": "2023-12-20T16:47:25.890",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gravityforms/wordpress-gravity-forms-plugin-2-7-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31092.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31092",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:07.503",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-bet/wordpress-easy-bet-plugin-1-0-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32128.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32128",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:07.717",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box \u2013 Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box \u2013 Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cryptocurrency-donation-box/wordpress-cryptocurrency-payment-donation-box-plugin-2-2-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32590.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32590",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T15:15:08.120",
"lastModified": "2023-12-20T16:47:25.890",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel S\u00f6derstr\u00f6m / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/subscribe-to-category/wordpress-subscribe-to-category-plugin-2-7-4-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-327xx/CVE-2023-32743.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32743",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:07.927",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/automatewoo/wordpress-automatewoo-plugin-5-7-1-shop-manager-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-332xx/CVE-2023-33209.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33209",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:08.130",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor \u2013 Track Website Changes.This issue affects SEO Change Monitor \u2013 Track Website Changes: from n/a through 1.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/seo-change-monitor/wordpress-seo-change-monitor-plugin-1-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-333xx/CVE-2023-33330.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33330",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:08.320",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-50-follow-up-emails-manager-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-358xx/CVE-2023-35876.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35876",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T15:15:08.347",
"lastModified": "2023-12-20T16:47:25.890",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-square/wordpress-woocommerce-square-plugin-3-8-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-358xx/CVE-2023-35895.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35895",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T15:15:08.560",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259116",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7099762",
"source": "psirt@us.ibm.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35914.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35914",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:08.527",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-subscriptions/wordpress-woocommerce-subscriptions-plugin-5-1-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35915.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35915",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:08.727",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-payments/wordpress-woocommerce-payments-plugin-5-9-0-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35916.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35916",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:08.930",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-payments/wordpress-woocommerce-payments-plugin-5-9-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36520.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36520",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T15:15:08.760",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/editorial-calendar/wordpress-editorial-calendar-plugin-3-7-12-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

220
CVE-2023/CVE-2023-374xx/CVE-2023-37457.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37457",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T20:15:52.260",
"lastModified": "2023-12-14T22:44:49.057",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:32:10.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; as\u00ed como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de 'actualizaci\u00f3n' de la funci\u00f3n de dialplan PJSIP_HEADER puede exceder el espacio de b\u00fafer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan est\u00e9 escrito expl\u00edcitamente para actualizar un encabezado en funci\u00f3n de datos de una fuente externa. Si no se utiliza la funcionalidad de 'actualizaci\u00f3n', la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +68,202 @@
"value": "CWE-120"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"versionEndIncluding": "18.20.0",
"matchCriteriaId": "2AD913C8-79A0-4FE9-9BBD-52BD3260AB2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0.0",
"versionEndIncluding": "20.5.0",
"matchCriteriaId": "DA2E162A-E994-4F25-AE13-D7C889394AC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-37xx/CVE-2023-3742.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-3742",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-20T16:15:09.120",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1443292",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1443292",
"source": "chrome-cve-admin@google.com"
}
]
}

14
CVE-2023/CVE-2023-394xx/CVE-2023-39417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39417",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.870",
"lastModified": "2023-12-13T22:15:42.847",
"lastModified": "2023-12-20T15:15:08.953",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -228,6 +228,18 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7785",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7883",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7884",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7885",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39417",
"source": "secalert@redhat.com",

14
CVE-2023/CVE-2023-394xx/CVE-2023-39418.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39418",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.963",
"lastModified": "2023-12-13T22:15:43.083",
"lastModified": "2023-12-20T15:15:09.200",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -114,6 +114,18 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7785",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7883",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7884",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7885",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39418",
"source": "secalert@redhat.com",

55
CVE-2023/CVE-2023-400xx/CVE-2023-40010.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40010",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T15:15:09.310",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in realmag777 HUSKY \u2013 Products Filter for WooCommerce Professional.This issue affects HUSKY \u2013 Products Filter for WooCommerce Professional: from n/a through 1.3.4.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-4-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

68
CVE-2023/CVE-2023-458xx/CVE-2023-45894.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-45894",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T20:15:52.687",
"lastModified": "2023-12-14T22:44:49.057",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:44:29.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques."
},
{
"lang": "es",
"value": "El servidor de aplicaciones remotas en Parallels RAS anterior a 19.2.23975 no segmenta las aplicaciones virtualizadas del servidor, lo que permite a un atacante remoto lograr la ejecuci\u00f3n remota de c\u00f3digo mediante t\u00e9cnicas de ruptura de quiosco est\u00e1ndar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:parallels:remote_application_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.2.23975",
"matchCriteriaId": "C0E83665-7889-4861-857B-231D3197AFFE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/blob/main/Parallels%20Remote%20Server/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47852.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47852",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T15:15:09.500",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/link-whisper/wordpress-link-whisper-free-plugin-0-6-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

213
CVE-2023/CVE-2023-492xx/CVE-2023-49294.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T20:15:52.730",
"lastModified": "2023-12-14T22:44:49.057",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T16:47:03.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,197 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.20.1",
"matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0.0",
"versionEndExcluding": "20.5.1",
"matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49772.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:09.170",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/genesis-simple-love/wordpress-genesis-simple-love-plugin-2-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49773.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:09.360",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bcorp-shortcodes/wordpress-bcorp-shortcodes-plugin-0-23-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49776.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49776",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:09.550",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49825.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49825",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T16:15:09.743",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-contributor-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5007.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5007",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-20T16:15:09.987",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/kissin/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5010.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5010",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-20T16:15:10.197",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/kissin/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5011.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5011",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-20T16:15:10.400",
"lastModified": "2023-12-20T16:47:19.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/kissin/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

14
CVE-2023/CVE-2023-58xx/CVE-2023-5868.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5868",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.163",
"lastModified": "2023-12-13T22:15:43.837",
"lastModified": "2023-12-20T15:15:09.690",
"vulnStatus": "Modified",
"descriptions": [
{
@ -422,6 +422,18 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7785",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7883",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7884",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7885",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5868",
"source": "secalert@redhat.com",

14
CVE-2023/CVE-2023-58xx/CVE-2023-5869.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5869",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.410",
"lastModified": "2023-12-19T10:15:08.640",
"lastModified": "2023-12-20T15:15:09.873",
"vulnStatus": "Modified",
"descriptions": [
{
@ -498,6 +498,18 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7878",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7883",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7884",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7885",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5869",
"source": "secalert@redhat.com",

14
CVE-2023/CVE-2023-58xx/CVE-2023-5870.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5870",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.643",
"lastModified": "2023-12-13T22:15:44.153",
"lastModified": "2023-12-20T15:15:10.080",
"vulnStatus": "Modified",
"descriptions": [
{
@ -422,6 +422,18 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7785",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7883",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7884",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7885",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5870",
"source": "secalert@redhat.com",

8
CVE-2023/CVE-2023-63xx/CVE-2023-6377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6377",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:30.030",
"lastModified": "2023-12-19T03:15:08.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T15:15:10.243",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -55,6 +55,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7886",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6377",
"source": "secalert@redhat.com"

8
CVE-2023/CVE-2023-64xx/CVE-2023-6478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6478",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:31.213",
"lastModified": "2023-12-19T03:15:08.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T15:15:10.347",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -55,6 +55,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7886",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6478",
"source": "secalert@redhat.com"

92
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-20T15:00:24.629989+00:00
2023-12-20T17:00:25.397408+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-20T14:46:20.553000+00:00
2023-12-20T16:47:28.567000+00:00
```
### Last Data Feed Release
@ -29,62 +29,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233831
233854
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `23`
* [CVE-2023-6562](CVE-2023/CVE-2023-65xx/CVE-2023-6562.json) (`2023-12-20T13:15:07.260`)
* [CVE-2023-37871](CVE-2023/CVE-2023-378xx/CVE-2023-37871.json) (`2023-12-20T14:15:19.550`)
* [CVE-2023-38513](CVE-2023/CVE-2023-385xx/CVE-2023-38513.json) (`2023-12-20T14:15:19.797`)
* [CVE-2023-38519](CVE-2023/CVE-2023-385xx/CVE-2023-38519.json) (`2023-12-20T14:15:19.987`)
* [CVE-2023-40555](CVE-2023/CVE-2023-405xx/CVE-2023-40555.json) (`2023-12-20T14:15:20.193`)
* [CVE-2023-41796](CVE-2023/CVE-2023-417xx/CVE-2023-41796.json) (`2023-12-20T14:15:20.380`)
* [CVE-2023-46147](CVE-2023/CVE-2023-461xx/CVE-2023-46147.json) (`2023-12-20T14:15:20.570`)
* [CVE-2023-46311](CVE-2023/CVE-2023-463xx/CVE-2023-46311.json) (`2023-12-20T14:15:20.757`)
* [CVE-2023-47236](CVE-2023/CVE-2023-472xx/CVE-2023-47236.json) (`2023-12-20T14:15:20.953`)
* [CVE-2023-47507](CVE-2023/CVE-2023-475xx/CVE-2023-47507.json) (`2023-12-20T14:15:21.143`)
* [CVE-2023-50249](CVE-2023/CVE-2023-502xx/CVE-2023-50249.json) (`2023-12-20T14:15:21.350`)
* [CVE-2023-51457](CVE-2023/CVE-2023-514xx/CVE-2023-51457.json) (`2023-12-20T14:15:21.607`)
* [CVE-2023-51458](CVE-2023/CVE-2023-514xx/CVE-2023-51458.json) (`2023-12-20T14:15:21.853`)
* [CVE-2023-51459](CVE-2023/CVE-2023-514xx/CVE-2023-51459.json) (`2023-12-20T14:15:22.043`)
* [CVE-2023-51460](CVE-2023/CVE-2023-514xx/CVE-2023-51460.json) (`2023-12-20T14:15:22.240`)
* [CVE-2023-51461](CVE-2023/CVE-2023-514xx/CVE-2023-51461.json) (`2023-12-20T14:15:22.417`)
* [CVE-2023-51462](CVE-2023/CVE-2023-514xx/CVE-2023-51462.json) (`2023-12-20T14:15:22.603`)
* [CVE-2023-6784](CVE-2023/CVE-2023-67xx/CVE-2023-6784.json) (`2023-12-20T14:15:22.793`)
* [CVE-2023-35895](CVE-2023/CVE-2023-358xx/CVE-2023-35895.json) (`2023-12-20T15:15:08.560`)
* [CVE-2023-36520](CVE-2023/CVE-2023-365xx/CVE-2023-36520.json) (`2023-12-20T15:15:08.760`)
* [CVE-2023-40010](CVE-2023/CVE-2023-400xx/CVE-2023-40010.json) (`2023-12-20T15:15:09.310`)
* [CVE-2023-47852](CVE-2023/CVE-2023-478xx/CVE-2023-47852.json) (`2023-12-20T15:15:09.500`)
* [CVE-2023-31092](CVE-2023/CVE-2023-310xx/CVE-2023-31092.json) (`2023-12-20T16:15:07.503`)
* [CVE-2023-32128](CVE-2023/CVE-2023-321xx/CVE-2023-32128.json) (`2023-12-20T16:15:07.717`)
* [CVE-2023-32743](CVE-2023/CVE-2023-327xx/CVE-2023-32743.json) (`2023-12-20T16:15:07.927`)
* [CVE-2023-33209](CVE-2023/CVE-2023-332xx/CVE-2023-33209.json) (`2023-12-20T16:15:08.130`)
* [CVE-2023-33330](CVE-2023/CVE-2023-333xx/CVE-2023-33330.json) (`2023-12-20T16:15:08.320`)
* [CVE-2023-35914](CVE-2023/CVE-2023-359xx/CVE-2023-35914.json) (`2023-12-20T16:15:08.527`)
* [CVE-2023-35915](CVE-2023/CVE-2023-359xx/CVE-2023-35915.json) (`2023-12-20T16:15:08.727`)
* [CVE-2023-35916](CVE-2023/CVE-2023-359xx/CVE-2023-35916.json) (`2023-12-20T16:15:08.930`)
* [CVE-2023-3742](CVE-2023/CVE-2023-37xx/CVE-2023-3742.json) (`2023-12-20T16:15:09.120`)
* [CVE-2023-49772](CVE-2023/CVE-2023-497xx/CVE-2023-49772.json) (`2023-12-20T16:15:09.170`)
* [CVE-2023-49773](CVE-2023/CVE-2023-497xx/CVE-2023-49773.json) (`2023-12-20T16:15:09.360`)
* [CVE-2023-49776](CVE-2023/CVE-2023-497xx/CVE-2023-49776.json) (`2023-12-20T16:15:09.550`)
* [CVE-2023-49825](CVE-2023/CVE-2023-498xx/CVE-2023-49825.json) (`2023-12-20T16:15:09.743`)
* [CVE-2023-5007](CVE-2023/CVE-2023-50xx/CVE-2023-5007.json) (`2023-12-20T16:15:09.987`)
* [CVE-2023-5010](CVE-2023/CVE-2023-50xx/CVE-2023-5010.json) (`2023-12-20T16:15:10.197`)
* [CVE-2023-5011](CVE-2023/CVE-2023-50xx/CVE-2023-5011.json) (`2023-12-20T16:15:10.400`)
* [CVE-2023-28782](CVE-2023/CVE-2023-287xx/CVE-2023-28782.json) (`2023-12-20T15:15:07.880`)
* [CVE-2023-32590](CVE-2023/CVE-2023-325xx/CVE-2023-32590.json) (`2023-12-20T15:15:08.120`)
* [CVE-2023-35876](CVE-2023/CVE-2023-358xx/CVE-2023-35876.json) (`2023-12-20T15:15:08.347`)
### CVEs modified in the last Commit
Recently modified CVEs: `69`
Recently modified CVEs: `16`
* [CVE-2023-6689](CVE-2023/CVE-2023-66xx/CVE-2023-6689.json) (`2023-12-20T13:50:26.727`)
* [CVE-2023-38478](CVE-2023/CVE-2023-384xx/CVE-2023-38478.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-38481](CVE-2023/CVE-2023-384xx/CVE-2023-38481.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-40602](CVE-2023/CVE-2023-406xx/CVE-2023-40602.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-41648](CVE-2023/CVE-2023-416xx/CVE-2023-41648.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-43826](CVE-2023/CVE-2023-438xx/CVE-2023-43826.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-45105](CVE-2023/CVE-2023-451xx/CVE-2023-45105.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-35883](CVE-2023/CVE-2023-358xx/CVE-2023-35883.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-37982](CVE-2023/CVE-2023-379xx/CVE-2023-37982.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48327](CVE-2023/CVE-2023-483xx/CVE-2023-48327.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48738](CVE-2023/CVE-2023-487xx/CVE-2023-48738.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48741](CVE-2023/CVE-2023-487xx/CVE-2023-48741.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48764](CVE-2023/CVE-2023-487xx/CVE-2023-48764.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-49750](CVE-2023/CVE-2023-497xx/CVE-2023-49750.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-49764](CVE-2023/CVE-2023-497xx/CVE-2023-49764.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-49812](CVE-2023/CVE-2023-498xx/CVE-2023-49812.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-50466](CVE-2023/CVE-2023-504xx/CVE-2023-50466.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-38126](CVE-2023/CVE-2023-381xx/CVE-2023-38126.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-42940](CVE-2023/CVE-2023-429xx/CVE-2023-42940.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-46624](CVE-2023/CVE-2023-466xx/CVE-2023-46624.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-34027](CVE-2023/CVE-2023-340xx/CVE-2023-34027.json) (`2023-12-20T13:50:42.097`)
* [CVE-2023-34382](CVE-2023/CVE-2023-343xx/CVE-2023-34382.json) (`2023-12-20T13:50:42.097`)
* [CVE-2023-50917](CVE-2023/CVE-2023-509xx/CVE-2023-50917.json) (`2023-12-20T14:15:21.533`)
* [CVE-2023-48049](CVE-2023/CVE-2023-480xx/CVE-2023-48049.json) (`2023-12-20T14:24:50.980`)
* [CVE-2023-42799](CVE-2023/CVE-2023-427xx/CVE-2023-42799.json) (`2023-12-20T14:46:20.553`)
* [CVE-2016-10165](CVE-2016/CVE-2016-101xx/CVE-2016-10165.json) (`2023-12-20T16:43:35.940`)
* [CVE-2020-17485](CVE-2020/CVE-2020-174xx/CVE-2020-17485.json) (`2023-12-20T16:39:09.107`)
* [CVE-2020-17483](CVE-2020/CVE-2020-174xx/CVE-2020-17483.json) (`2023-12-20T16:39:34.913`)
* [CVE-2020-17484](CVE-2020/CVE-2020-174xx/CVE-2020-17484.json) (`2023-12-20T16:47:28.567`)
* [CVE-2021-42794](CVE-2021/CVE-2021-427xx/CVE-2021-42794.json) (`2023-12-20T16:16:11.980`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-20T15:15:08.953`)
* [CVE-2023-39418](CVE-2023/CVE-2023-394xx/CVE-2023-39418.json) (`2023-12-20T15:15:09.200`)
* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2023-12-20T15:15:09.690`)
* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-20T15:15:09.873`)
* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2023-12-20T15:15:10.080`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-20T15:15:10.243`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-20T15:15:10.347`)
* [CVE-2023-37457](CVE-2023/CVE-2023-374xx/CVE-2023-37457.json) (`2023-12-20T16:32:10.833`)
* [CVE-2023-45894](CVE-2023/CVE-2023-458xx/CVE-2023-45894.json) (`2023-12-20T16:44:29.960`)
* [CVE-2023-49294](CVE-2023/CVE-2023-492xx/CVE-2023-49294.json) (`2023-12-20T16:47:03.007`)
* [CVE-2023-28022](CVE-2023/CVE-2023-280xx/CVE-2023-28022.json) (`2023-12-20T16:47:18.203`)
## Download and Usage