admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-04T17:00:24.382538+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-04 17:00:28 +00:00
parent b02f574c66
commit cdc9db6105
26 changed files with 1521 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-23xx/CVE-2022-2389.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2389",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-08-22T15:15:14.953",
"lastModified": "2023-06-30T18:53:44.690",
"lastModified": "2024-01-04T15:17:19.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -77,9 +77,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildwoofunnels:autonami:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.2",
"matchCriteriaId": "B4ACF0A1-0422-4C71-BAEC-3706CF6099B2"
"matchCriteriaId": "9D669159-8AFE-45E5-8A09-F12E16E0B690"
}
]
}

77
CVE-2023/CVE-2023-286xx/CVE-2023-28616.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28616",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T04:15:07.790",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T15:28:24.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contrase\u00f1a tiene un signo igual o un espacio. El proceso serverd registra dichas contrase\u00f1as en texto plano y potencialmente env\u00eda estos registros al componente Syslog."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "4.3.17",
"matchCriteriaId": "C2ED1896-6DA3-413F-B5A1-AC1EE41470A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.0",
"versionEndExcluding": "4.6.4",
"matchCriteriaId": "601A3438-4E6E-46B6-B596-082C6EA8B1D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:network_security:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CEA8D81-9EC9-4285-9A9F-B60CE3A12ABA"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.stormshield.eu/2023-006",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-37xx/CVE-2023-3726.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3726",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.117",
"lastModified": "2024-01-04T15:15:09.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/creed/",
"source": "help@fluidattacks.com"
},
{
"url": "https://ocsinventory-ng.org/",
"source": "help@fluidattacks.com"
}
]
}

111
CVE-2023/CVE-2023-400xx/CVE-2023-40038.json
View File

@ -2,23 +2,124 @@
"id": "CVE-2023-40038",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T20:15:19.230",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:18:01.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)"
},
{
"lang": "es",
"value": "Los dispositivos Arris DG860A y DG1670A tienen PSK WPA2 predeterminados predecibles que podr\u00edan provocar un acceso remoto no autorizado. (Usan los primeros 6 caracteres del SSID y los \u00faltimos 6 caracteres del BSSID, disminuyendo el \u00faltimo d\u00edgito)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arris:dg860a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0F8212-DAB2-4A13-9268-2201EF2AB1F3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arris:dg860a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244A5CC6-DA00-4E1D-AECD-4E446E6FE9E8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arris:dg1670a_firmware:ts0901203b6_020420_16xx.gw_pc20_tw:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC53589-0DA8-4342-B2FE-520B8D1CDF3A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arris:dg1670a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD31D71D-6794-4497-ADB6-389BF0771147"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

67
CVE-2023/CVE-2023-434xx/CVE-2023-43481.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-43481",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:07.990",
"lastModified": "2023-12-27T22:15:16.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:15:04.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component."
},
{
"lang": "es",
"value": "Un problema en Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp permite a un atacante remoto ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente com.tcl.browser.portal.browse.activity.BrowsePageActivity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tcl:browser_tv_web_-_browsehere:6.65.022_dab24cc6_231221_gp:*:*:*:*:android:*:*",
"matchCriteriaId": "B3A6573E-8BEB-4F20-8121-9CEA047BB6D8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.tcl.browser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

83
CVE-2023/CVE-2023-502xx/CVE-2023-50297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50297",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T06:15:07.473",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T15:57:56.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Vulnerabilidad de redireccionamiento abierto en PowerCMS (Series 6, 5 Series y 4 Series) permite que un atacante remoto no autenticado redirija a los usuarios a sitios web arbitrarios a trav\u00e9s de una URL especialmente manipulada. Tenga en cuenta que todas las versiones de PowerCMS Serie 3 y anteriores que no son compatibles (End-of-Life, EOL) tambi\u00e9n se ven afectadas por esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.55",
"matchCriteriaId": "418BFF70-45BC-4F69-85DB-7C935B80CCEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.25",
"matchCriteriaId": "4394A42A-9BE5-4927-93D7-74D99542D7D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndIncluding": "6.31",
"matchCriteriaId": "AEA525B4-37C1-4D8B-9755-740FD4665D0A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN32646742/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.powercms.jp/news/release-powercms-202312.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-507xx/CVE-2023-50760.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50760",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.387",
"lastModified": "2024-01-04T15:15:09.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/arrau/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-508xx/CVE-2023-50862.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50862",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.593",
"lastModified": "2024-01-04T15:15:09.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-508xx/CVE-2023-50863.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50863",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:09.800",
"lastModified": "2024-01-04T15:15:09.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-508xx/CVE-2023-50864.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50864",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.003",
"lastModified": "2024-01-04T15:15:10.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-508xx/CVE-2023-50865.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50865",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.217",
"lastModified": "2024-01-04T15:15:10.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-508xx/CVE-2023-50866.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50866",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.417",
"lastModified": "2024-01-04T15:15:10.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-508xx/CVE-2023-50867.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50867",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-04T15:15:10.623",
"lastModified": "2024-01-04T15:15:10.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/evans/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

57
CVE-2023/CVE-2023-514xx/CVE-2023-51443.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51443",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T17:15:08.093",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:57:57.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check."
},
{
"lang": "es",
"value": "FreeSWITCH es un Software Defined Telecom Stack que permite la transformaci\u00f3n digital de conmutadores de telecomunicaciones propietarios a una implementaci\u00f3n de software que se ejecuta en cualquier hardware b\u00e1sico. Antes de la versi\u00f3n 1.10.11, cuando se maneja DTLS-SRTP para la configuraci\u00f3n de medios, FreeSWITCH es susceptible a una denegaci\u00f3n de servicio debido a una condici\u00f3n de ejecuci\u00f3n en la fase de handshake del protocolo DTLS. Este ataque se puede realizar de forma continua, negando as\u00ed nuevas llamadas cifradas DTLS-SRTP durante el ataque. Si un atacante logra enviar un mensaje DTLS ClientHello con un CipherSuite no v\u00e1lido (como `TLS_NULL_WITH_NULL_NULL`) al puerto en el servidor FreeSWITCH que espera paquetes de la persona que llama, se genera un error DTLS. Esto da como resultado la cancelaci\u00f3n de la sesi\u00f3n de medios, a la que sigue tambi\u00e9n la cancelaci\u00f3n a nivel de se\u00f1alizaci\u00f3n (SIP). El abuso de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio masiva en servidores FreeSWITCH vulnerables para llamadas que dependen de DTLS-SRTP. Para abordar esta vulnerabilidad, actualice FreeSWITCH a 1.10.11, que incluye la soluci\u00f3n de seguridad. La soluci\u00f3n implementada es descartar todos los paquetes de direcciones que no hayan sido validadas por una verificaci\u00f3n ICE."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.11",
"matchCriteriaId": "D602178F-BD2F-4B3D-97D9-7555182A7015"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/signalwire/freeswitch/commit/86cbda90b84ba186e508fbc7bfae469270a97d11",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-516xx/CVE-2023-51654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51654",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T06:15:07.530",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:09:42.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Existe un problema de resoluci\u00f3n de enlace incorrecta antes del acceso al archivo (\"Seguimiento de enlace\") en iPrint&Scan Desktop for Windows para las versiones 11.0.0 y anteriores. Un ataque de enlace simb\u00f3lico por parte de un usuario malintencionado puede provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en la PC."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brother:iprint\\&scan:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "11.0.0",
"matchCriteriaId": "89417C3B-AB46-4EA7-9D10-D09EF6BFC76C"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97943829/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-516xx/CVE-2023-51664.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51664",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T17:15:08.340",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:57:12.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade."
},
{
"lang": "es",
"value": "tj-actions/changed-files es una acci\u00f3n de Github para recuperar todos los archivos y directorios. Antes de 41.0.0, el workflow `tj-actions/changed-files` permit\u00eda la inyecci\u00f3n de comandos en nombres de archivos modificados, lo que permit\u00eda a un atacante ejecutar c\u00f3digo arbitrario y potencialmente filtrar secretos. Este problema puede provocar la ejecuci\u00f3n de comandos arbitrarios en GitHub Runner. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 41.0.0. Se recomienda a los usuarios que actualicen."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +84,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tj-actions:changed-files:*:*:*:*:*:*:*:*",
"versionEndExcluding": "41.0.0",
"matchCriteriaId": "ADB03E6A-6453-465B-9CC2-5E3EB68046AF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tj-actions/changed-files/commit/0102c07446a3cad972f4afcbd0ee4dbc4b6d2d1b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tj-actions/changed-files/commit/ff2f6e6b91913a7be42be1b5917330fe442f2ede",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tj-actions/changed-files/security/advisories/GHSA-mcph-m25j-8j63",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-517xx/CVE-2023-51700.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51700",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T18:15:23.700",
"lastModified": "2023-12-27T18:24:09.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:55:39.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts.\n"
},
{
"lang": "es",
"value": "La integraci\u00f3n no oficial de Mobile BankID para WordPress permite a los usuarios emplear Mobile BankID para autenticarse en su sitio de WordPress. Antes de la versi\u00f3n 1.0.1, WP-Mobile-BankID-Integration se ve afectado por una vulnerabilidad clasificada como vulnerabilidad de deserializaci\u00f3n de datos no confiables, que afecta espec\u00edficamente escenarios en los que un atacante puede manipular la base de datos. Si actores no autorizados obtienen acceso a la base de datos, podr\u00edan aprovechar esta vulnerabilidad para ejecutar ataques de inyecci\u00f3n de objetos. Esto podr\u00eda dar lugar a la ejecuci\u00f3n de c\u00f3digo no autorizado, manipulaci\u00f3n de datos o filtraci\u00f3n de datos dentro del entorno de WordPress. Los usuarios del complemento deben actualizar a la versi\u00f3n 1.0.1 (o posterior), donde la serializaci\u00f3n y deserializaci\u00f3n de los objetos OrderResponse se cambiaron a una matriz almacenada como JSON. Una posible soluci\u00f3n para los usuarios que no pueden actualizar inmediatamente es aplicar controles de acceso m\u00e1s estrictos a la base de datos, garantizando que solo las entidades autorizadas y de confianza puedan modificar los datos. Adem\u00e1s, implementar herramientas de monitoreo para detectar actividades inusuales en la base de datos podr\u00eda ayudar a identificar y mitigar posibles intentos de explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jamieblomerus:unofficial_mobile_bankid_integration:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.1",
"matchCriteriaId": "4BC13A72-3F9F-43DA-8F3B-1E8A6BFD42CF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/commit/8251c6298a995ccf4f26c43f03ed11a275dd0c5f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/security/advisories/GHSA-pqwp-qrp7-grg4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-517xx/CVE-2023-51714.json
View File

@ -2,23 +2,109 @@
"id": "CVE-2023-51714",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T21:15:25.470",
"lastModified": "2023-12-25T03:08:09.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:36:01.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la implementaci\u00f3n de HTTP2 en Qt antes de 5.15.17, 6.x antes de 6.2.11, 6.3.x hasta 6.5.x antes de 6.5.4 y 6.6.x antes de 6.6.2. network/access/http2/hpacktable.cpp tiene una comprobaci\u00f3n de desbordamiento de enteros HPack incorrecta."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.17",
"matchCriteriaId": "06B844AA-8325-4FBB-8B65-56C09DEE08A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.11",
"matchCriteriaId": "3793E806-D388-440B-A9FE-9F3F38DA53C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndExcluding": "6.5.4",
"matchCriteriaId": "E200056B-1895-4D3A-809F-B8B70067240B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.0",
"versionEndExcluding": "6.6.2",
"matchCriteriaId": "1AD7C249-EF02-4DD7-A5E2-FFCFD373C888"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Product"
]
}
]
}

182
CVE-2023/CVE-2023-517xx/CVE-2023-51766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.673",
"lastModified": "2024-01-02T01:15:07.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:23:05.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,67 +14,213 @@
"value": "Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. Los atacantes remotos pueden utilizar una t\u00e9cnica de explotaci\u00f3n publicada para inyectar mensajes de correo electr\u00f3nico que parecen originarse en el servidor Exim, permitiendo omitir un mecanismo de protecci\u00f3n SPF. Esto ocurre porque Exim admite . pero algunos otros servidores de correo electr\u00f3nico populares no lo hacen."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.97.1",
"matchCriteriaId": "95F6F151-E57F-4DB2-9CCD-3336B887A07B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C30C1AC-01E4-4D7C-B03A-8EEEF3FC8C2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/24/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/25/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/29/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/01/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/01/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/01/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://bugs.exim.org/show_bug.cgi?id=3063",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255852",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://exim.org/static/doc/security/CVE-2023-51766.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/23/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-51xx/CVE-2023-5180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5180",
"sourceIdentifier": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
"published": "2023-12-26T09:15:07.197",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T15:43:40.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.12",
"matchCriteriaId": "0DFA8267-F3BE-470D-8077-A46EAD298F27"
}
]
}
]
}
],
"references": [
{
"url": "https://www.opendesign.com/security-advisories",
"source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea"
"source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-520xx/CVE-2023-52075.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52075",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-27T20:15:19.300",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-04T16:16:36.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching.\n"
},
{
"lang": "es",
"value": "Las solicitudes de proxy de API de ReVanced son necesarias para alimentar con datos al ReVanced Manage y al sitio web. Hasta el commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2 incluida, la API ReVanced carece de almacenamiento en cach\u00e9 de errores, lo que provoca que se active el l\u00edmite de velocidad, lo que aumenta la carga del servidor. Esto provoca una denegaci\u00f3n de servicio para todos los usuarios que utilizan la API. Se recomienda implementar un almacenamiento en cach\u00e9 de errores adecuado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:revanced:revanced:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-11-25",
"matchCriteriaId": "2EA2A9F8-C844-4F67-A698-3BA4374B6329"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ReVanced/revanced-api/security/advisories/GHSA-852x-grxp-8p3q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-60xx/CVE-2023-6093.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6093",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-12-31T10:15:08.570",
"lastModified": "2024-01-01T02:12:45.130",
"lastModified": "2024-01-04T15:15:10.880",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability result from incorrectly restricts frame objects, which lead to user confusion about which interface the user is interacting with.\n\nThis vulnerability may lead attacker to trick user into interacting with the application.\n\n\n\n"
"value": "A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application.\n\n"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad es el resultado de restringir incorrectamente los objetos del marco, lo que genera confusi\u00f3n en el usuario sobre con qu\u00e9 interfaz est\u00e1 interactuando. Esta vulnerabilidad puede llevar al atacante a enga\u00f1ar al usuario para que interact\u00fae con la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2023/CVE-2023-60xx/CVE-2023-6094.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6094",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-12-31T10:15:08.787",
"lastModified": "2024-01-01T02:12:45.130",
"lastModified": "2024-01-04T15:15:10.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from a lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. \n\nThis type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.\n\n\n\n"
"value": "A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.\n\n"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad se debe a la falta de protecci\u00f3n de la informaci\u00f3n confidencial durante la transmisi\u00f3n. Un atacante que escuche el tr\u00e1fico entre el navegador web y el servidor puede obtener informaci\u00f3n confidencial. Este tipo de ataque podr\u00eda ejecutarse para recopilar informaci\u00f3n confidencial o para facilitar un ataque posterior contra el objetivo."
}
],
"metrics": {

36
CVE-2023/CVE-2023-65xx/CVE-2023-6551.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-6551",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-04T16:15:09.380",
"lastModified": "2024-01-04T16:15:09.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. \n\n\nDevelopers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. \n\n\nThe README has been updated to include these guidelines.\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6551",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-6551",
"source": "cvd@cert.pl"
}
]
}

55
CVE-2024/CVE-2024-216xx/CVE-2024-21625.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21625",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-04T15:15:11.030",
"lastModified": "2024-01-04T15:15:11.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7",
"source": "security-advisories@github.com"
}
]
}

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-04T15:00:24.432233+00:00
2024-01-04T17:00:24.382538+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-04T14:58:23.450000+00:00
2024-01-04T16:57:57.387000+00:00
```
### Last Data Feed Release
@ -29,55 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234867
234877
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `10`
* [CVE-2023-49622](CVE-2023/CVE-2023-496xx/CVE-2023-49622.json) (`2024-01-04T14:15:39.593`)
* [CVE-2023-49624](CVE-2023/CVE-2023-496xx/CVE-2023-49624.json) (`2024-01-04T14:15:39.817`)
* [CVE-2023-49625](CVE-2023/CVE-2023-496xx/CVE-2023-49625.json) (`2024-01-04T14:15:40.037`)
* [CVE-2023-49633](CVE-2023/CVE-2023-496xx/CVE-2023-49633.json) (`2024-01-04T14:15:40.243`)
* [CVE-2023-49639](CVE-2023/CVE-2023-496xx/CVE-2023-49639.json) (`2024-01-04T14:15:40.440`)
* [CVE-2023-49658](CVE-2023/CVE-2023-496xx/CVE-2023-49658.json) (`2024-01-04T14:15:40.657`)
* [CVE-2023-49665](CVE-2023/CVE-2023-496xx/CVE-2023-49665.json) (`2024-01-04T14:15:40.860`)
* [CVE-2023-49666](CVE-2023/CVE-2023-496xx/CVE-2023-49666.json) (`2024-01-04T14:15:41.067`)
* [CVE-2023-50743](CVE-2023/CVE-2023-507xx/CVE-2023-50743.json) (`2024-01-04T14:15:41.270`)
* [CVE-2023-50752](CVE-2023/CVE-2023-507xx/CVE-2023-50752.json) (`2024-01-04T14:15:41.473`)
* [CVE-2023-50753](CVE-2023/CVE-2023-507xx/CVE-2023-50753.json) (`2024-01-04T14:15:41.680`)
* [CVE-2023-3726](CVE-2023/CVE-2023-37xx/CVE-2023-3726.json) (`2024-01-04T15:15:09.117`)
* [CVE-2023-50760](CVE-2023/CVE-2023-507xx/CVE-2023-50760.json) (`2024-01-04T15:15:09.387`)
* [CVE-2023-50862](CVE-2023/CVE-2023-508xx/CVE-2023-50862.json) (`2024-01-04T15:15:09.593`)
* [CVE-2023-50863](CVE-2023/CVE-2023-508xx/CVE-2023-50863.json) (`2024-01-04T15:15:09.800`)
* [CVE-2023-50864](CVE-2023/CVE-2023-508xx/CVE-2023-50864.json) (`2024-01-04T15:15:10.003`)
* [CVE-2023-50865](CVE-2023/CVE-2023-508xx/CVE-2023-50865.json) (`2024-01-04T15:15:10.217`)
* [CVE-2023-50866](CVE-2023/CVE-2023-508xx/CVE-2023-50866.json) (`2024-01-04T15:15:10.417`)
* [CVE-2023-50867](CVE-2023/CVE-2023-508xx/CVE-2023-50867.json) (`2024-01-04T15:15:10.623`)
* [CVE-2023-6551](CVE-2023/CVE-2023-65xx/CVE-2023-6551.json) (`2024-01-04T16:15:09.380`)
* [CVE-2024-21625](CVE-2024/CVE-2024-216xx/CVE-2024-21625.json) (`2024-01-04T15:15:11.030`)
### CVEs modified in the last Commit
Recently modified CVEs: `30`
Recently modified CVEs: `15`
* [CVE-2023-5594](CVE-2023/CVE-2023-55xx/CVE-2023-5594.json) (`2024-01-04T13:50:12.723`)
* [CVE-2023-51442](CVE-2023/CVE-2023-514xx/CVE-2023-51442.json) (`2024-01-04T14:12:46.563`)
* [CVE-2023-40058](CVE-2023/CVE-2023-400xx/CVE-2023-40058.json) (`2024-01-04T14:15:39.237`)
* [CVE-2023-3742](CVE-2023/CVE-2023-37xx/CVE-2023-3742.json) (`2024-01-04T14:30:34.803`)
* [CVE-2023-29487](CVE-2023/CVE-2023-294xx/CVE-2023-29487.json) (`2024-01-04T14:36:00.723`)
* [CVE-2023-5989](CVE-2023/CVE-2023-59xx/CVE-2023-5989.json) (`2024-01-04T14:40:49.677`)
* [CVE-2023-5988](CVE-2023/CVE-2023-59xx/CVE-2023-5988.json) (`2024-01-04T14:43:29.267`)
* [CVE-2023-39251](CVE-2023/CVE-2023-392xx/CVE-2023-39251.json) (`2024-01-04T14:53:31.367`)
* [CVE-2023-43088](CVE-2023/CVE-2023-430xx/CVE-2023-43088.json) (`2024-01-04T14:53:55.977`)
* [CVE-2023-42940](CVE-2023/CVE-2023-429xx/CVE-2023-42940.json) (`2024-01-04T14:56:32.530`)
* [CVE-2023-6498](CVE-2023/CVE-2023-64xx/CVE-2023-6498.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-6733](CVE-2023/CVE-2023-67xx/CVE-2023-6733.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-6738](CVE-2023/CVE-2023-67xx/CVE-2023-6738.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-29962](CVE-2023/CVE-2023-299xx/CVE-2023-29962.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-52322](CVE-2023/CVE-2023-523xx/CVE-2023-52322.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-41784](CVE-2023/CVE-2023-417xx/CVE-2023-41784.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-50082](CVE-2023/CVE-2023-500xx/CVE-2023-50082.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-50630](CVE-2023/CVE-2023-506xx/CVE-2023-50630.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-6944](CVE-2023/CVE-2023-69xx/CVE-2023-6944.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-7044](CVE-2023/CVE-2023-70xx/CVE-2023-7044.json) (`2024-01-04T14:58:23.450`)
* [CVE-2023-6992](CVE-2023/CVE-2023-69xx/CVE-2023-6992.json) (`2024-01-04T14:58:23.450`)
* [CVE-2024-0222](CVE-2024/CVE-2024-02xx/CVE-2024-0222.json) (`2024-01-04T14:58:23.450`)
* [CVE-2024-0223](CVE-2024/CVE-2024-02xx/CVE-2024-0223.json) (`2024-01-04T14:58:23.450`)
* [CVE-2024-0224](CVE-2024/CVE-2024-02xx/CVE-2024-0224.json) (`2024-01-04T14:58:23.450`)
* [CVE-2024-0225](CVE-2024/CVE-2024-02xx/CVE-2024-0225.json) (`2024-01-04T14:58:23.450`)
* [CVE-2022-2389](CVE-2022/CVE-2022-23xx/CVE-2022-2389.json) (`2024-01-04T15:17:19.940`)
* [CVE-2023-6093](CVE-2023/CVE-2023-60xx/CVE-2023-6093.json) (`2024-01-04T15:15:10.880`)
* [CVE-2023-6094](CVE-2023/CVE-2023-60xx/CVE-2023-6094.json) (`2024-01-04T15:15:10.963`)
* [CVE-2023-28616](CVE-2023/CVE-2023-286xx/CVE-2023-28616.json) (`2024-01-04T15:28:24.317`)
* [CVE-2023-5180](CVE-2023/CVE-2023-51xx/CVE-2023-5180.json) (`2024-01-04T15:43:40.260`)
* [CVE-2023-50297](CVE-2023/CVE-2023-502xx/CVE-2023-50297.json) (`2024-01-04T15:57:56.167`)
* [CVE-2023-51654](CVE-2023/CVE-2023-516xx/CVE-2023-51654.json) (`2024-01-04T16:09:42.810`)
* [CVE-2023-43481](CVE-2023/CVE-2023-434xx/CVE-2023-43481.json) (`2024-01-04T16:15:04.757`)
* [CVE-2023-52075](CVE-2023/CVE-2023-520xx/CVE-2023-52075.json) (`2024-01-04T16:16:36.747`)
* [CVE-2023-40038](CVE-2023/CVE-2023-400xx/CVE-2023-40038.json) (`2024-01-04T16:18:01.263`)
* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-04T16:23:05.490`)
* [CVE-2023-51714](CVE-2023/CVE-2023-517xx/CVE-2023-51714.json) (`2024-01-04T16:36:01.253`)
* [CVE-2023-51700](CVE-2023/CVE-2023-517xx/CVE-2023-51700.json) (`2024-01-04T16:55:39.650`)
* [CVE-2023-51664](CVE-2023/CVE-2023-516xx/CVE-2023-51664.json) (`2024-01-04T16:57:12.717`)
* [CVE-2023-51443](CVE-2023/CVE-2023-514xx/CVE-2023-51443.json) (`2024-01-04T16:57:57.387`)
## Download and Usage