admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-09 03:57:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-20T15:00:24.629989+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-20 15:00:28 +00:00
parent 9e9f1e7859
commit cba3207822
88 changed files with 1890 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-434xx/CVE-2022-43450.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43450",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:07.267",
"lastModified": "2023-12-19T22:15:07.267",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en XWP Stream. Este problema afecta a Stream: desde n/a hasta 3.9.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-00xx/CVE-2023-0011.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-0011",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-12-20T08:15:43.503",
"lastModified": "2023-12-20T08:15:43.503",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands.\n\n\n\n\nExploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well..\n\n\n\n\nThis issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280.\n\n"
},
{
"lang": "es",
"value": "Un fallo en la validaci\u00f3n de entrada en TOBY-L2 permite a un usuario ejecutar comandos arbitrarios del sistema operativo utilizando comandos AT espec\u00edficamente manipulados. Esta vulnerabilidad requiere acceso f\u00edsico a la interfaz serie del m\u00f3dulo o la capacidad de modificar el sistema o software que utiliza su interfaz serie para enviar comandos AT maliciosos. La explotaci\u00f3n de la vulnerabilidad otorga privilegios administrativos (root) completos al atacante para ejecutar cualquier comando del sistema operativo en TOBY-L2, lo que puede conducir a la modificaci\u00f3n del comportamiento del m\u00f3dulo en s\u00ed, as\u00ed como de los componentes conectados con \u00e9l (dependiendo de sus derechos en otros sistemas conectados). Adem\u00e1s, puede proporcionar la capacidad de leer archivos a nivel del sistema y tambi\u00e9n obstaculizar la disponibilidad del m\u00f3dulo. Este problema afecta a la serie TOBY-L2: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280."
}
],
"metrics": {

8
CVE-2023/CVE-2023-271xx/CVE-2023-27172.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27172",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-20T01:15:07.233",
"lastModified": "2023-12-20T01:15:07.233",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack."
},
{
"lang": "es",
"value": "Xpand IT Write-back Manager v2.3.1 utiliza claves secretas d\u00e9biles para firmar tokens JWT. Esto permite a los atacantes obtener f\u00e1cilmente la clave secreta utilizada para firmar tokens JWT mediante un ataque de fuerza bruta."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-340xx/CVE-2023-34027.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34027",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.140",
"lastModified": "2023-12-19T20:15:07.140",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:42.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Rajnish Arora Recently Viewed Products. Este problema afecta a Recently Viewed Products: desde n/a hasta 1.0.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-343xx/CVE-2023-34382.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34382",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.340",
"lastModified": "2023-12-19T20:15:07.340",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:42.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in weDevs Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy.This issue affects Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en weDevs Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy. Este problema afecta a Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy: desde n/a hasta 3.7 .19."
}
],
"metrics": {

8
CVE-2023/CVE-2023-358xx/CVE-2023-35883.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35883",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:07.687",
"lastModified": "2023-12-19T21:15:07.687",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza (\"Open Redirect\") en Magazine3 Core Web Vitals & PageSpeed Booster. Este problema afecta a Core Web Vitals & PageSpeed Booster: desde n/a hasta 1.0.12."
}
],
"metrics": {

8
CVE-2023/CVE-2023-375xx/CVE-2023-37544.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37544",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-20T09:15:07.007",
"lastModified": "2023-12-20T09:15:07.007",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication.\n\nThis issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0.\n\nThe known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature.\n\n2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5.\n2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2.\n3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1.\n3.1 Pulsar WebSocket Proxy users are unaffected.\nAny users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en Apache Pulsar WebSocket Proxy permite a un atacante conectarse al endpoint /pingpong sin autenticaci\u00f3n. Este problema afecta a Apache Pulsar WebSocket Proxy: desde 2.8.0 hasta 2.8.*, desde 2.9.0 hasta 2.9.*, desde 2.10.0 hasta 2.10.4, desde 2.11.0 hasta 2.11.1, 3.0.0. Los riesgos conocidos incluyen una denegaci\u00f3n de servicio debido a que WebSocket Proxy acepta cualquier conexi\u00f3n y una transferencia excesiva de datos debido al mal uso de la funci\u00f3n de ping/pong de WebSocket. 2.10 Los usuarios de Pulsar WebSocket Proxy deben actualizar al menos a 2.10.5. 2.11 Los usuarios de Pulsar WebSocket Proxy deben actualizar al menos a 2.11.2. 3.0 Los usuarios de Pulsar WebSocket Proxy deben actualizar al menos a 3.0.1. 3.1 Los usuarios de Pulsar WebSocket Proxy no se ven afectados. Cualquier usuario que ejecute Pulsar WebSocket Proxy para 2.8, 2.9 y versiones anteriores debe actualizar a una de las versiones parcheadas anteriores."
}
],
"metrics": {

55
CVE-2023/CVE-2023-378xx/CVE-2023-37871.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37871",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:19.550",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-gateway-gocardless/wordpress-woocommerce-gocardless-gateway-plugin-2-5-6-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-379xx/CVE-2023-37982.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37982",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:07.897",
"lastModified": "2023-12-19T21:15:07.897",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a sitio no confiable (\"Open Redirect\") en CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta a Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: desde n /a hasta 1.3.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-381xx/CVE-2023-38126.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38126",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-12-19T22:15:07.460",
"lastModified": "2023-12-19T22:15:07.460",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543."
},
{
"lang": "es",
"value": "Vulnerabilidad de Ejecuci\u00f3n Remota de C\u00f3digo de Directory Traversal de la restauraci\u00f3n de configuraci\u00f3n en Softing edgeAggregator. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Softing edgeAggregator. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. El fallo espec\u00edfico existe en el procesamiento de archivos zip de respaldo. El problema se debe a la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esto para ejecutar c\u00f3digo en el contexto del root. Era ZDI-CAN-20543."
}
],
"metrics": {

8
CVE-2023/CVE-2023-384xx/CVE-2023-38478.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38478",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.527",
"lastModified": "2023-12-19T20:15:07.527",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza (\"Open Redirect\") en CRM Perks Integration for WooCommerce and QuickBooks. Este problema afecta a Integration for WooCommerce and QuickBooks: desde n/a hasta 1.2.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-384xx/CVE-2023-38481.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38481",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.717",
"lastModified": "2023-12-19T20:15:07.717",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. Este problema afecta a Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: desde n /a antes de 1.3.7."
}
],
"metrics": {

55
CVE-2023/CVE-2023-385xx/CVE-2023-38513.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38513",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:19.797",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wplr-sync/wordpress-photo-engine-plugin-6-2-5-insecure-direct-object-references-idor?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-385xx/CVE-2023-38519.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38519",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:19.987",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard \u2013 WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard \u2013 WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mainwp/wordpress-mainwp-plugin-4-4-3-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-405xx/CVE-2023-40555.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40555",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:20.193",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/flatsome/wordpress-flatsome-theme-3-17-5-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-406xx/CVE-2023-40602.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40602",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:07.920",
"lastModified": "2023-12-19T20:15:07.920",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a sitio no confiable (\"Open Redirect\") en Doofinder Doofinder WP & WooCommerce Search. Este problema afecta a Doofinder WP & WooCommerce Search: desde n/a hasta 1.5.49."
}
],
"metrics": {

8
CVE-2023/CVE-2023-416xx/CVE-2023-41648.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41648",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:08.113",
"lastModified": "2023-12-19T20:15:08.113",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza ('Open Redirect') en Swapnil V. Patil Login and Logout Redirect. Este problema afecta a Login and Logout Redirect: desde n/a hasta 2.0.3."
}
],
"metrics": {

55
CVE-2023/CVE-2023-417xx/CVE-2023-41796.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41796",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:20.380",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-25-order-manipulation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-420xx/CVE-2023-42012.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42012",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T00:15:08.190",
"lastModified": "2023-12-20T00:15:08.190",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy Agent 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 instalado como un servicio de Windows en una ubicaci\u00f3n no est\u00e1ndar podr\u00eda estar sujeto a un ataque de denegaci\u00f3n de servicio por parte de cuentas locales. ID de IBM X-Force: 265509."
}
],
"metrics": {

8
CVE-2023/CVE-2023-420xx/CVE-2023-42013.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42013",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T00:15:08.383",
"lastModified": "2023-12-20T00:15:08.383",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 265510."
}
],
"metrics": {

212
CVE-2023/CVE-2023-427xx/CVE-2023-42799.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42799",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T17:15:07.257",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T14:46:20.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e."
},
{
"lang": "es",
"value": "Moonlight-common-c contiene el c\u00f3digo principal del cliente GameStream compartido entre los clientes Moonlight. Moonlight-common-c es vulnerable al desbordamiento del b\u00fafer a partir de el commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 debido al uso absoluto de funciones C inseguras y a una verificaci\u00f3n de los l\u00edmites inadecuada. Un servidor de transmisi\u00f3n de juegos malicioso podr\u00eda aprovechar una vulnerabilidad de desbordamiento del b\u00fafer para bloquear un cliente de luz nocturna o lograr la ejecuci\u00f3n remota de c\u00f3digo (RCE) en el cliente (con mitigaciones de explotaci\u00f3n insuficientes o si se pueden evitar las mitigaciones). El error se solucion\u00f3 en el commit 02b7742f4d19631024bd766bd2bb76715780004e."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,196 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight-common-c:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022-11-04",
"versionEndExcluding": "2023-10-06",
"matchCriteriaId": "EE5D99F2-FFB5-4239-855B-2CDAE0210FE3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:iphone_os:*:*",
"versionStartIncluding": "8.4.0",
"versionEndIncluding": "8.5.0",
"matchCriteriaId": "730ABEDB-A45B-487D-90E5-58188F33021E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:tvos:*:*",
"versionStartIncluding": "8.4.0",
"versionEndIncluding": "8.5.0",
"matchCriteriaId": "F8DC3BA3-941C-40D2-AD1B-AF7971D99672"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:android:*:*",
"versionStartIncluding": "10.10",
"versionEndIncluding": "11.0",
"matchCriteriaId": "6D8BB0A6-B219-4AFF-BE01-BC0546DAAF91"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight:0.10.22:*:*:*:*:chrome:*:*",
"matchCriteriaId": "E50A8A78-8606-49DD-8D95-3AE7DFBA3E87"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight_embedded:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F448D-0CFE-4DAE-A119-8AF4F8FD48EF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight_xbox:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndIncluding": "1.14.40",
"matchCriteriaId": "BFE72448-E647-43F9-A72C-F86118596EE3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight_tv:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5.4",
"versionEndIncluding": "1.5.27",
"matchCriteriaId": "38BDA766-E56D-496D-BC16-AD2026E04A7F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight_switch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.13",
"versionEndIncluding": "0.13.3",
"matchCriteriaId": "5FFADEE0-F587-4444-AE6F-323E20808042"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moonlight-stream:moonlight_vita:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.2",
"versionEndIncluding": "0.9.3",
"matchCriteriaId": "EFAF4088-233D-46FA-A031-ACCF0D7FF78F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-r8cf-45f4-vf8m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-429xx/CVE-2023-42940.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42940",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-19T22:15:07.630",
"lastModified": "2023-12-19T23:15:07.657",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de representaci\u00f3n de sesiones con un seguimiento de sesiones mejorado. Este problema se solucion\u00f3 en macOS Sonoma 14.2.1. Un usuario que comparte su pantalla puede compartir sin querer el contenido incorrecto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-438xx/CVE-2023-43826.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43826",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-19T20:15:08.300",
"lastModified": "2023-12-19T21:15:08.190",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n"
},
{
"lang": "es",
"value": "Apache Guacamole 1.5.3 y anteriores no garantizan sistem\u00e1ticamente que los valores recibidos de un servidor VNC no produzcan un desbordamiento de enteros. Si un usuario se conecta a un servidor VNC malicioso o comprometido, los datos especialmente manipulados podr\u00edan da\u00f1ar la memoria, permitiendo posiblemente que se ejecute c\u00f3digo arbitrario con los privilegios del proceso guacd en ejecuci\u00f3n. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.4, que soluciona este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-451xx/CVE-2023-45105.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45105",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T20:15:08.530",
"lastModified": "2023-12-19T20:15:08.530",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n/a through 3.3.9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio no confiable (\"Open Redirect\") en SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin. Este problema afecta a affiliate-toolkit \u2013 WordPress Affiliate Plugin: desde n/a hasta 3.3.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-451xx/CVE-2023-45172.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45172",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-19T23:15:07.707",
"lastModified": "2023-12-19T23:15:07.707",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970."
},
{
"lang": "es",
"value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en Windows AIX para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267970."
}
],
"metrics": {

8
CVE-2023/CVE-2023-458xx/CVE-2023-45887.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-20T00:15:08.613",
"lastModified": "2023-12-20T00:15:08.613",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message."
},
{
"lang": "es",
"value": "DS Wireless Communication (DWC) con DWC_VERSION_3 y DWC_VERSION_11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario en la m\u00e1quina de un cliente de juego a trav\u00e9s de un mensaje GPCM modificado."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-461xx/CVE-2023-46147.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46147",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:20.570",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-463xx/CVE-2023-46311.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46311",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:20.757",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments \u2013 wpDiscuz.This issue affects Comments \u2013 wpDiscuz: from n/a through 7.6.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-466xx/CVE-2023-46624.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46624",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:07.673",
"lastModified": "2023-12-19T22:15:07.673",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza (\"Open Redirect\") en Parcel Pro. Este problema afecta a Parcel Pro: desde n/a hasta 1.6.11."
}
],
"metrics": {

8
CVE-2023/CVE-2023-471xx/CVE-2023-47146.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47146",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-19T22:15:07.863",
"lastModified": "2023-12-19T22:15:07.863",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372."
},
{
"lang": "es",
"value": "IBM Qradar SIEM 7.5 podr\u00eda permitir a un usuario privilegiado obtener informaci\u00f3n confidencial del dominio debido a una identificaci\u00f3n err\u00f3nea de los datos. ID de IBM X-Force: 270372."
}
],
"metrics": {

8
CVE-2023/CVE-2023-471xx/CVE-2023-47161.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47161",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T00:15:08.670",
"lastModified": "2023-12-20T00:15:08.670",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 puede manejar mal la validaci\u00f3n de entrada de un archivo cargado, lo que lleva a una denegaci\u00f3n de servicio debido al agotamiento de los recursos. ID de IBM X-Force: 270799."
}
],
"metrics": {

55
CVE-2023/CVE-2023-472xx/CVE-2023-47236.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47236",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:20.953",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ipages-flipbook/wordpress-ipages-flipbook-for-wordpress-plugin-1-4-8-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-472xx/CVE-2023-47267.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T22:15:08.060",
"lastModified": "2023-12-19T22:15:08.060",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file."
},
{
"lang": "es",
"value": "Un problema descubierto en TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87 y Windows Enterprise VPN Client 6.87 permite a los atacantes obtener privilegios aumentados mediante cambios elaborados en el archivo asignado en memoria."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-475xx/CVE-2023-47507.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47507",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:21.143",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/masterslider/wordpress-master-slider-pro-plugin-3-6-5-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-477xx/CVE-2023-47702.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47702",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T02:15:43.970",
"lastModified": "2023-12-20T02:15:43.970",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196."
},
{
"lang": "es",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 podr\u00eda permitir que un atacante remoto atraviese directorios del sistema. Un atacante podr\u00eda enviar una solicitud URL especialmente manipulada que contenga secuencias de \"puntos\" (/../) para ver los archivos modificados en el sistema. ID de IBM X-Force: 271196."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47703.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47703",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T02:15:44.167",
"lastModified": "2023-12-20T02:15:44.167",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197."
},
{
"lang": "es",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 271197."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47704.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47704",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T01:15:07.363",
"lastModified": "2023-12-20T02:15:44.360",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220."
},
{
"lang": "es",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 contiene credenciales codificadas en texto plano u otros secretos en el repositorio de c\u00f3digo fuente. ID de IBM X-Force: 271220."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47705.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47705",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T02:15:44.437",
"lastModified": "2023-12-20T02:15:44.437",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228."
},
{
"lang": "es",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 podr\u00eda permitir que un usuario autenticado manipule los datos del nombre de usuario debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 271228."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47706.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47706",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T01:15:07.597",
"lastModified": "2023-12-20T01:15:07.597",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341."
},
{
"lang": "es",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 podr\u00eda permitir que un usuario autenticado cargue archivos de un tipo de archivo peligroso. ID de IBM X-Force: 271341."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47707.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47707",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-20T02:15:44.627",
"lastModified": "2023-12-20T02:15:44.627",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522."
},
{
"lang": "es",
"value": "IBM Security Guardium Key Lifecycle Manager 4.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 271522."
}
],
"metrics": {

66
CVE-2023/CVE-2023-480xx/CVE-2023-48049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48049",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T00:15:42.600",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T14:24:50.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Cybrosys Techno Solutions Website Blog Search (tambi\u00e9n conocido como website_search_blog) v. 13.0 a 13.0.1.0.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener privilegios a trav\u00e9s del par\u00e1metro de nombre en el componente controllers/main.py."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cybrosys:website_blog_search:*:*:*:*:*:odoo:*:*",
"versionStartIncluding": "13.0",
"versionEndIncluding": "13.0.1.0.1",
"matchCriteriaId": "B6E1D25C-DABC-47A0-A7CD-8335A5485E8B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/website_search_blog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-483xx/CVE-2023-48327.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48327",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.290",
"lastModified": "2023-12-19T21:15:08.290",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors \u2013 WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors \u2013 WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en WC Vendors WC Vendors: WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors. Este problema afecta a WC Vendors: WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors : desde n/a hasta 2.4.7."
}
],
"metrics": {

36
CVE-2023/CVE-2023-483xx/CVE-2023-48375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48375",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T08:15:45.000",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T13:45:25.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +60,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC0021-D5D9-4794-9ABE-DF8F1B21F6A2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-483xx/CVE-2023-48376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48376",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T08:15:45.277",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T13:44:44.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC0021-D5D9-4794-9ABE-DF8F1B21F6A2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-483xx/CVE-2023-48381.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48381",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:07.773",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T13:42:56.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*",
"versionEndExcluding": "230330",
"matchCriteriaId": "30D54AFA-951B-44FD-84F6-0C16F338E2CE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-487xx/CVE-2023-48738.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48738",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.527",
"lastModified": "2023-12-19T21:15:08.527",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Porto Theme Porto Theme - Functionality. Este problema afecta a Porto Theme - Functionality: desde n/a antes de 2.12.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48741",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.737",
"lastModified": "2023-12-19T21:15:08.737",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en QuantumCloud AI ChatBot. Este problema afecta a AI ChatBot: desde n/a hasta 4.7.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48764.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:08.943",
"lastModified": "2023-12-19T21:15:08.943",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection \u2013 Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection \u2013 Stop Brute Force Attacks: from n/a through 2.2.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en GuardGiant Brute Force Protection WordPress Brute Force Protection \u2013 Stop Brute Force Attacks. Este problema afecta a WordPress Brute Force Protection \u2013 Stop Brute Force Attacks: desde n/a hasta 2.2.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-490xx/CVE-2023-49004.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49004",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T22:15:08.103",
"lastModified": "2023-12-19T22:15:08.103",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter."
},
{
"lang": "es",
"value": "Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipualdo para el par\u00e1metro en."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-491xx/CVE-2023-49147.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49147",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T23:15:07.903",
"lastModified": "2023-12-19T23:15:07.903",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en PDF24 Creator 11.14.0. Se descubri\u00f3 que la configuraci\u00f3n del archivo de instalaci\u00f3n msi produce una ventana cmd.exe visible cuando se utiliza la funci\u00f3n de reparaci\u00f3n de msiexec.exe. Esto permite a un atacante local sin privilegios utilizar una cadena de acciones (por ejemplo, un bloqueo de operaci\u00f3n en faxPrnInst.log) para abrir un cmd.exe de SYSTEM."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-491xx/CVE-2023-49164.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49164",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:08.143",
"lastModified": "2023-12-19T22:15:08.143",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en OceanWP Ocean Extra. Este problema afecta a Ocean Extra: desde n/a hasta 2.2.2."
}
],
"metrics": {

51
CVE-2023/CVE-2023-491xx/CVE-2023-49178.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49178",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:08.857",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T13:38:50.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) permite XSS Reflejado. Este problema afecta a HDW Player Plugin (Video Player & Video Gallery): de n/a hasta 5.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hdwplayer:hdw_player:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.0",
"matchCriteriaId": "88280C2A-19A9-4FAC-957F-F1464F47A12F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hdw-player-video-player-video-gallery/wordpress-hdw-player-plugin-video-player-video-gallery-plugin-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49179.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49179",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T15:15:09.043",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T13:39:56.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en N.O.U.S. Open Useful and Simple Event post permite XSS almacenado. Este problema afecta a Event post: desde n/a hasta 5.8.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avecnous:event_post:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.8.6",
"matchCriteriaId": "DF0C15EA-7F1A-4E64-98B9-CAAEB1457953"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/event-post/wordpress-event-post-plugin-5-8-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-497xx/CVE-2023-49750.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49750",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.137",
"lastModified": "2023-12-19T21:15:09.137",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme. Este problema afecta a Couponis - Affiliate & Submitting Coupons WordPress Theme: desde n/a antes de 2.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-497xx/CVE-2023-49764.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.333",
"lastModified": "2023-12-19T21:15:09.333",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Younes JFR. Advanced Database Cleaner. Este problema afecta a Advanced Database Cleaner: desde n/a hasta 3.1.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-498xx/CVE-2023-49812.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T21:15:09.530",
"lastModified": "2023-12-19T21:15:09.530",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus. Este problema afecta a WP Photo Album Plus: desde n/a hasta 8.5.02.005."
}
],
"metrics": {

8
CVE-2023/CVE-2023-500xx/CVE-2023-50044.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50044",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-20T09:15:07.297",
"lastModified": "2023-12-20T09:15:07.297",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows attackers to execute arbitrary code, cause a denial of service (Dos), and obtain sensitive information via segmentation fault can occur in getprop_builtin_foreign when input string includes a name of Built-in APIs."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en Cesanta MJS versi\u00f3n 2.22.0 permite a los atacantes ejecutar c\u00f3digo arbitrario, provocar una denegaci\u00f3n de servicio (DoS) y obtener informaci\u00f3n confidencial a trav\u00e9s de un fallo de segmentaci\u00f3n que puede ocurrir en getprop_builtin_foreign cuando la cadena de entrada incluye un nombre de API integradas."
}
],
"metrics": {},

63
CVE-2023/CVE-2023-502xx/CVE-2023-50249.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-50249",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-20T14:15:21.350",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/getsentry/sentry-javascript/commit/fe24eb5eefa9d27b14b2b6f9ebd1debca1c208fb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/sentry-javascript/pull/9815",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-x3v3-8xg8-8v72",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-504xx/CVE-2023-50466.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50466",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T21:15:09.740",
"lastModified": "2023-12-19T21:15:09.740",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:37.240",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comando autenticada en Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 permite a los atacantes ejecutar c\u00f3digo arbitrario o acceder a informaci\u00f3n confidencial mediante la inyecci\u00f3n de un payload manipulado en el par\u00e1metro de nombre HMI."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-506xx/CVE-2023-50628.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50628",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-20T09:15:07.350",
"lastModified": "2023-12-20T09:15:07.350",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en libming versi\u00f3n 0.4.8 permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del componente parser.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-507xx/CVE-2023-50703.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50703",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-20T00:15:08.877",
"lastModified": "2023-12-20T00:15:08.877",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Un atacante con acceso a la red podr\u00eda realizar un ataque man-in-the-middle (MitM) y capturar informaci\u00f3n confidencial para obtener acceso no autorizado a la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-507xx/CVE-2023-50704.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50704",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-20T00:15:09.070",
"lastModified": "2023-12-20T00:15:09.070",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nAn attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Un atacante podr\u00eda construir una URL dentro de la aplicaci\u00f3n que provoque una redirecci\u00f3n a un dominio externo arbitrario y podr\u00eda aprovecharse para facilitar ataques de phishing contra los usuarios de la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-507xx/CVE-2023-50705.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50705",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-20T00:15:09.257",
"lastModified": "2023-12-20T00:15:09.257",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nAn attacker could create malicious requests to obtain sensitive information about the web server.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Un atacante podr\u00eda crear solicitudes maliciosas para obtener informaci\u00f3n confidencial sobre el servidor web."
}
],
"metrics": {

8
CVE-2023/CVE-2023-507xx/CVE-2023-50706.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50706",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-20T00:15:09.437",
"lastModified": "2023-12-20T00:15:09.437",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.\n\n\n\n"
},
{
"lang": "es",
"value": "Un usuario sin permisos de administrador con acceso al sistema Windows UC500 podr\u00eda realizar un volcado de memoria de los procesos en ejecuci\u00f3n y extraer credenciales claras o tokens de sesi\u00f3n v\u00e1lidos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-507xx/CVE-2023-50707.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50707",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-20T00:15:09.643",
"lastModified": "2023-12-20T00:15:09.643",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nThrough the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Mediante la explotaci\u00f3n de sesiones de usuarios activos, un atacante podr\u00eda enviar solicitudes personalizadas para provocar una condici\u00f3n de denegaci\u00f3n de servicio en el dispositivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-508xx/CVE-2023-50835.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50835",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T22:15:08.330",
"lastModified": "2023-12-19T22:15:08.330",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a through 0.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Praveen Goswami Advanced Category Template. Este problema afecta a Advanced Category Template: desde n/a hasta 0.1."
}
],
"metrics": {

6
CVE-2023/CVE-2023-509xx/CVE-2023-50917.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50917",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T17:15:12.840",
"lastModified": "2023-12-19T23:15:07.950",
"lastModified": "2023-12-20T14:15:21.533",
"vulnStatus": "Modified",
"descriptions": [
{
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/19",
"source": "cve@mitre.org"

55
CVE-2023/CVE-2023-514xx/CVE-2023-51457.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51457",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-20T14:15:21.607",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51458.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51458",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-20T14:15:21.853",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51459.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51459",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-20T14:15:22.043",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51460.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51460",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-20T14:15:22.240",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51461.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51461",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-20T14:15:22.417",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51462.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51462",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-20T14:15:22.603",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-65xx/CVE-2023-6562.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6562",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-20T13:15:07.260",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-g6qc-fhcq-vhf9",
"source": "cve-coordination@google.com"
}
]
}

8
CVE-2023/CVE-2023-66xx/CVE-2023-6689.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6689",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-20T00:15:09.850",
"lastModified": "2023-12-20T00:15:09.850",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nA successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.\n\n\n\n"
},
{
"lang": "es",
"value": "Un ataque CSRF exitoso podr\u00eda obligar al usuario a realizar solicitudes de cambio de estado en la aplicaci\u00f3n. Si la v\u00edctima es una cuenta administrativa, un ataque CSRF podr\u00eda comprometer toda la aplicaci\u00f3n web."
}
],
"metrics": {

4
CVE-2023/CVE-2023-67xx/CVE-2023-6768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6768",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-20T10:15:07.730",
"lastModified": "2023-12-20T10:15:07.730",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6769",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-20T10:15:08.087",
"lastModified": "2023-12-20T10:15:08.087",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-67xx/CVE-2023-6784.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6784",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-20T14:15:22.793",
"lastModified": "2023-12-20T14:33:33.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA malicious user could potentially use the Sitefinity system for the distribution of phishing emails.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/sitefinity-cms",
"source": "security@progress.com"
}
]
}

4
CVE-2023/CVE-2023-69xx/CVE-2023-6910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6910",
"sourceIdentifier": "security@m-files.com",
"published": "2023-12-20T10:15:08.373",
"lastModified": "2023-12-20T10:15:08.373",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-69xx/CVE-2023-6912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6912",
"sourceIdentifier": "security@m-files.com",
"published": "2023-12-20T10:15:08.703",
"lastModified": "2023-12-20T10:15:08.703",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-69xx/CVE-2023-6928.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6928",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-19T23:15:08.020",
"lastModified": "2023-12-19T23:15:08.020",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nEuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.\n\n\n\n\n"
},
{
"lang": "es",
"value": "EuroTel ETL3100 versiones v01c01 y v01x37 no limitan la cantidad de intentos de adivinar credenciales administrativas en ataques remotos de contrase\u00f1as para obtener el control total del sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6929.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6929",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-19T23:15:08.220",
"lastModified": "2023-12-19T23:15:08.220",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nEuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones v01c01 y v01x37 de EuroTel ETL3100 son vulnerables a referencias directas a objetos inseguros que ocurren cuando la aplicaci\u00f3n proporciona acceso directo a objetos seg\u00fan la entrada proporcionada por el usuario. Como resultado de esta vulnerabilidad, los atacantes pueden eludir la autorizaci\u00f3n, acceder a recursos ocultos en el sistema y ejecutar funcionalidades privilegiadas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6930.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6930",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-19T23:15:08.410",
"lastModified": "2023-12-19T23:15:08.410",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nEuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "EuroTel ETL3100 versiones v01c01 y v01x37 sufren de una configuraci\u00f3n no autenticada y una vulnerabilidad de descarga de registros. Esto permite al atacante revelar informaci\u00f3n confidencial y ayudar a evitar la autenticaci\u00f3n, escalar privilegios y acceder completamente al sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6974.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6974",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-20T06:15:45.160",
"lastModified": "2023-12-20T06:15:45.160",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine."
},
{
"lang": "es",
"value": "Un usuario malintencionado podr\u00eda utilizar este problema para acceder a servidores HTTP internos y, en el peor de los casos (es decir, instancia de AWS), podr\u00eda ser un abuso obtener una ejecuci\u00f3n remota de c\u00f3digo en la m\u00e1quina v\u00edctima."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6975.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6975",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-20T06:15:45.553",
"lastModified": "2023-12-20T06:15:45.553",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information."
},
{
"lang": "es",
"value": "Un usuario malintencionado podr\u00eda utilizar este problema para ejecutar comandos en la m\u00e1quina vulnerable y obtener acceso a informaci\u00f3n de datos y modelos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6976.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6976",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-20T06:15:45.730",
"lastModified": "2023-12-20T06:15:45.730",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process."
},
{
"lang": "es",
"value": "Esta vulnerabilidad es capaz de escribir archivos arbitrarios en ubicaciones arbitrarias en el sistema de archivos remoto en el contexto del proceso del servidor."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6977.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6977",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-20T06:15:45.907",
"lastModified": "2023-12-20T06:15:45.907",
"vulnStatus": "Received",
"lastModified": "2023-12-20T13:50:15.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability enables malicious users to read sensitive files on the server."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a usuarios malintencionados leer archivos confidenciales en el servidor."
}
],
"metrics": {

54
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-20T13:00:25.289314+00:00
2023-12-20T15:00:24.629989+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-20T12:15:49.627000+00:00
2023-12-20T14:46:20.553000+00:00
```
### Last Data Feed Release
@ -29,20 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233813
233831
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `18`
* [CVE-2023-6562](CVE-2023/CVE-2023-65xx/CVE-2023-6562.json) (`2023-12-20T13:15:07.260`)
* [CVE-2023-37871](CVE-2023/CVE-2023-378xx/CVE-2023-37871.json) (`2023-12-20T14:15:19.550`)
* [CVE-2023-38513](CVE-2023/CVE-2023-385xx/CVE-2023-38513.json) (`2023-12-20T14:15:19.797`)
* [CVE-2023-38519](CVE-2023/CVE-2023-385xx/CVE-2023-38519.json) (`2023-12-20T14:15:19.987`)
* [CVE-2023-40555](CVE-2023/CVE-2023-405xx/CVE-2023-40555.json) (`2023-12-20T14:15:20.193`)
* [CVE-2023-41796](CVE-2023/CVE-2023-417xx/CVE-2023-41796.json) (`2023-12-20T14:15:20.380`)
* [CVE-2023-46147](CVE-2023/CVE-2023-461xx/CVE-2023-46147.json) (`2023-12-20T14:15:20.570`)
* [CVE-2023-46311](CVE-2023/CVE-2023-463xx/CVE-2023-46311.json) (`2023-12-20T14:15:20.757`)
* [CVE-2023-47236](CVE-2023/CVE-2023-472xx/CVE-2023-47236.json) (`2023-12-20T14:15:20.953`)
* [CVE-2023-47507](CVE-2023/CVE-2023-475xx/CVE-2023-47507.json) (`2023-12-20T14:15:21.143`)
* [CVE-2023-50249](CVE-2023/CVE-2023-502xx/CVE-2023-50249.json) (`2023-12-20T14:15:21.350`)
* [CVE-2023-51457](CVE-2023/CVE-2023-514xx/CVE-2023-51457.json) (`2023-12-20T14:15:21.607`)
* [CVE-2023-51458](CVE-2023/CVE-2023-514xx/CVE-2023-51458.json) (`2023-12-20T14:15:21.853`)
* [CVE-2023-51459](CVE-2023/CVE-2023-514xx/CVE-2023-51459.json) (`2023-12-20T14:15:22.043`)
* [CVE-2023-51460](CVE-2023/CVE-2023-514xx/CVE-2023-51460.json) (`2023-12-20T14:15:22.240`)
* [CVE-2023-51461](CVE-2023/CVE-2023-514xx/CVE-2023-51461.json) (`2023-12-20T14:15:22.417`)
* [CVE-2023-51462](CVE-2023/CVE-2023-514xx/CVE-2023-51462.json) (`2023-12-20T14:15:22.603`)
* [CVE-2023-6784](CVE-2023/CVE-2023-67xx/CVE-2023-6784.json) (`2023-12-20T14:15:22.793`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `69`
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-20T12:15:49.627`)
* [CVE-2023-6689](CVE-2023/CVE-2023-66xx/CVE-2023-6689.json) (`2023-12-20T13:50:26.727`)
* [CVE-2023-38478](CVE-2023/CVE-2023-384xx/CVE-2023-38478.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-38481](CVE-2023/CVE-2023-384xx/CVE-2023-38481.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-40602](CVE-2023/CVE-2023-406xx/CVE-2023-40602.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-41648](CVE-2023/CVE-2023-416xx/CVE-2023-41648.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-43826](CVE-2023/CVE-2023-438xx/CVE-2023-43826.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-45105](CVE-2023/CVE-2023-451xx/CVE-2023-45105.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-35883](CVE-2023/CVE-2023-358xx/CVE-2023-35883.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-37982](CVE-2023/CVE-2023-379xx/CVE-2023-37982.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48327](CVE-2023/CVE-2023-483xx/CVE-2023-48327.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48738](CVE-2023/CVE-2023-487xx/CVE-2023-48738.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48741](CVE-2023/CVE-2023-487xx/CVE-2023-48741.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-48764](CVE-2023/CVE-2023-487xx/CVE-2023-48764.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-49750](CVE-2023/CVE-2023-497xx/CVE-2023-49750.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-49764](CVE-2023/CVE-2023-497xx/CVE-2023-49764.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-49812](CVE-2023/CVE-2023-498xx/CVE-2023-49812.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-50466](CVE-2023/CVE-2023-504xx/CVE-2023-50466.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-38126](CVE-2023/CVE-2023-381xx/CVE-2023-38126.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-42940](CVE-2023/CVE-2023-429xx/CVE-2023-42940.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-46624](CVE-2023/CVE-2023-466xx/CVE-2023-46624.json) (`2023-12-20T13:50:37.240`)
* [CVE-2023-34027](CVE-2023/CVE-2023-340xx/CVE-2023-34027.json) (`2023-12-20T13:50:42.097`)
* [CVE-2023-34382](CVE-2023/CVE-2023-343xx/CVE-2023-34382.json) (`2023-12-20T13:50:42.097`)
* [CVE-2023-50917](CVE-2023/CVE-2023-509xx/CVE-2023-50917.json) (`2023-12-20T14:15:21.533`)
* [CVE-2023-48049](CVE-2023/CVE-2023-480xx/CVE-2023-48049.json) (`2023-12-20T14:24:50.980`)
* [CVE-2023-42799](CVE-2023/CVE-2023-427xx/CVE-2023-42799.json) (`2023-12-20T14:46:20.553`)
## Download and Usage