admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-14T19:00:25.136410+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-14 19:00:28 +00:00
parent 23111aeecb
commit d16e351b94
75 changed files with 2702 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
CVE-2023/CVE-2023-411xx/CVE-2023-41118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41118",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T07:15:45.220",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:54:25.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,95 @@
"value": "Se descubri\u00f3 un problema en EnterpriseDB Postgres Advanced Server (EPAS) antes de 11.21.32, 12.x antes de 12.16.20, 13.x antes de 13.12.16, 14.x antes de 14.9.0 y 15.x antes de 15.4.0. Puede permitir que un usuario autenticado omita los requisitos de autorizaci\u00f3n y acceda a funciones de implementaci\u00f3n subyacentes. Cuando un superusuario ha configurado ubicaciones de archivos usando CREATE DIRECTORY, estas funciones permiten a los usuarios realizar una amplia gama de acciones, incluidas leer, escribir, copiar, cambiar nombre y eliminar."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.21.32",
"matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.16.20",
"matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.12.17",
"matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.9.0",
"matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.4.0",
"matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.enterprisedb.com/docs/security/advisories/cve202341118/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-416xx/CVE-2023-41623.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-41623",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T09:15:07.520",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:01:27.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que la versi\u00f3n pro2.1.14 de Emlog conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro uid en /admin/media.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*",
"matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41623",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-427xx/CVE-2023-42799.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-42799",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T17:15:07.257",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-r8cf-45f4-vf8m",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-428xx/CVE-2023-42800.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-42800",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T17:15:07.463",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-428xx/CVE-2023-42801.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-42801",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T17:15:07.657",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/blob/c1744de06938b5a5c8897a705be1bc6508dc7580/src/Misc.c#L82-L88",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/b2497a3918a6d79808d9fd0c04734786e70d5954",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/commit/f57bd745b4cbed577ea654fad4701bea4d38b44c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-f3h8-j898-5h5v",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-442xx/CVE-2023-44278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44278",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:45.490",
"lastModified": "2023-12-14T16:15:45.490",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-442xx/CVE-2023-44279.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44279",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:46.017",
"lastModified": "2023-12-14T16:15:46.017",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-442xx/CVE-2023-44284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44284",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:46.880",
"lastModified": "2023-12-14T16:15:46.880",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-442xx/CVE-2023-44285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44285",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:47.617",
"lastModified": "2023-12-14T16:15:47.617",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-442xx/CVE-2023-44286.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44286",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:48.200",
"lastModified": "2023-12-14T16:15:48.200",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

94
CVE-2023/CVE-2023-453xx/CVE-2023-45316.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45316",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:07.740",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:58:08.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a\u00a0CSRF attack.\n\n"
},
{
"lang": "es",
"value": "Mattermost no logra validar si se pasa una ruta relativa en /plugins/playbooks/api/v0/telemetry/run/ como ID de ejecuci\u00f3n de telemetr\u00eda, lo que permite a un atacante usar un payload de path traversal que apunta a un endpoint diferente que conduce a un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +84,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.14",
"matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.5",
"matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.3",
"matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.1",
"versionEndIncluding": "9.1.2",
"matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.1",
"matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-455xx/CVE-2023-45539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45539",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T20:15:07.817",
"lastModified": "2023-12-04T19:32:37.217",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-14T17:15:07.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -76,6 +76,10 @@
"Broken Link"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html",
"source": "cve@mitre.org",

90
CVE-2023/CVE-2023-458xx/CVE-2023-45847.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45847",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:07.983",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:20:40.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin\n\n"
},
{
"lang": "es",
"value": "Mattermost no verifica la longitud al configurar el t\u00edtulo en una lista de verificaci\u00f3n de ejecuci\u00f3n en Playbooks, lo que permite a un atacante enviar una solicitud especialmente manipulada y bloquear el complemento de Playbooks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.14",
"matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.5",
"matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.3",
"matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.1",
"versionEndIncluding": "9.1.2",
"matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.1",
"matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-467xx/CVE-2023-46701.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46701",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:08.180",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:07:27.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID\n\n"
},
{
"lang": "es",
"value": "Mattermost no realiza comprobaciones de autorizaci\u00f3n en el endpoint /plugins/playbooks/api/v0/runs/add-to-timeline-dialog del complemento Playbooks, lo que permite a un atacante obtener informaci\u00f3n limitada sobre una publicaci\u00f3n si conoce el ID de la publicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.14",
"matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.5",
"matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.3",
"matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.1",
"versionEndIncluding": "9.1.2",
"matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.1",
"matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-472xx/CVE-2023-47261.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47261",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T17:15:07.933",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled."
}
],
"metrics": {},
"references": [
{
"url": "https://h3x0s3.github.io/CVE2023~47261/",
"source": "cve@mitre.org"
},
{
"url": "https://www.dokmee.com/Support-Learn/Updates-Change-Log",
"source": "cve@mitre.org"
}
]
}

81
CVE-2023/CVE-2023-486xx/CVE-2023-48642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48642",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T08:15:07.980",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:38:31.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,84 @@
"value": "Archer Platform 6.x anterior a 6.13 P2 (6.13.0.2) contiene una vulnerabilidad de inyecci\u00f3n de contenido HTML autenticado. Un usuario malicioso de Archer autenticado remotamente podr\u00eda explotar esto para almacenar c\u00f3digo HTML malicioso en un almac\u00e9n de datos de aplicaciones confiable. Cuando los usuarios v\u00edctimas acceden al almac\u00e9n de datos a trav\u00e9s de sus navegadores, el navegador web ejecuta el c\u00f3digo malicioso en el contexto de la aplicaci\u00f3n vulnerable. 6.14 (6.14.0) tambi\u00e9n es una versi\u00f3n corregida."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.14.0",
"matchCriteriaId": "66B9F878-44F1-4616-AB60-287DB663ADC0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.0.2",
"matchCriteriaId": "482FB7B5-DE33-47C5-8506-23ACD023F902"
}
]
}
]
}
],
"references": [
{
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-486xx/CVE-2023-48660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48660",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:48.823",
"lastModified": "2023-12-14T16:15:48.823",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48661",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.023",
"lastModified": "2023-12-14T16:15:49.023",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48662",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.227",
"lastModified": "2023-12-14T16:15:49.227",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:58.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48663",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.433",
"lastModified": "2023-12-14T16:15:49.433",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48664.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48664",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.640",
"lastModified": "2023-12-14T16:15:49.640",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48665",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.847",
"lastModified": "2023-12-14T16:15:49.847",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48667.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48667",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:50.040",
"lastModified": "2023-12-14T16:15:50.040",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48668",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:50.257",
"lastModified": "2023-12-14T16:15:50.257",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-486xx/CVE-2023-48671.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48671",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T17:15:07.987",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

65
CVE-2023/CVE-2023-486xx/CVE-2023-48677.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-48677",
"sourceIdentifier": "security@acronis.com",
"published": "2023-12-12T09:15:08.383",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:32:23.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilaci\u00f3n 40901."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -46,10 +72,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "40901",
"matchCriteriaId": "B290A506-C8A3-4C17-826A-D7ED623299B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5620",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48756.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48756",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:08.187",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jet-blocks/wordpress-jetblocks-for-elementor-plugin-1-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48767.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:08.380",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mytube/wordpress-mytube-playlist-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48770.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48770",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:08.570",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/aparat/wordpress-aparat-plugin-1-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48771.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48771",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:08.763",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno \"Aesqe\" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/file-gallery/wordpress-file-gallery-plugin-1-8-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48780.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48780",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:08.953",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-catalogue/wordpress-wp-catalogue-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

131
CVE-2023/CVE-2023-490xx/CVE-2023-49058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49058",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T01:15:12.840",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:56:27.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,14 +70,117 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*",
"matchCriteriaId": "21F2D97C-922D-420D-8B1C-689D2C20FEB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*",
"matchCriteriaId": "FD747826-9538-4A22-AFA8-BB5CFBDE6BF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CBD8D-BC8E-496A-A17C-0E2413D02FC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF73CAE-700A-4663-BC79-CAB6CCE936F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*",
"matchCriteriaId": "4E09AA46-4347-4B6C-8BE1-B943B19ECB5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*",
"matchCriteriaId": "4222EE28-3865-4943-8F7A-2A656293FEAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*",
"matchCriteriaId": "17AD00E5-3EED-433C-8341-EF3535C0A316"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*",
"matchCriteriaId": "725B3570-302B-4B4E-93BD-4A99488D1B2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*",
"matchCriteriaId": "325FE86D-E0E6-46B3-8BBB-ED93A34E17C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*",
"matchCriteriaId": "B86D04DD-5013-4769-9E62-32A1C4A7F9A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:802:*:*:*:*:*:*:*",
"matchCriteriaId": "7895D7F0-A62E-469B-8FE6-7967D74AE202"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:803:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5AB22A-7906-40EE-A613-09C43B1B4D63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:804:*:*:*:*:*:*:*",
"matchCriteriaId": "1833975C-797D-45E1-984D-E1900553FFBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:805:*:*:*:*:*:*:*",
"matchCriteriaId": "02340ACE-A07B-40FC-B253-17A64F4D8328"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:806:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD28E7-6576-470F-8421-CEA4E2B89D18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:807:*:*:*:*:*:*:*",
"matchCriteriaId": "36F5BCA7-C447-425B-A828-D59FCDEBA136"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:808:*:*:*:*:*:*:*",
"matchCriteriaId": "93C11998-6A74-44E0-8CCF-4A48B71AF3C7"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3363690",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49149.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49149",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.143",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/currency-converter-calculator/wordpress-currency-converter-calculator-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49150.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49150",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.337",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/crypto-converter-widget/wordpress-crypto-converter-widget-plugin-1-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49151.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49151",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.450",
"lastModified": "2023-12-14T18:15:44.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar \u2013 Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar \u2013 Google Calendar Plugin: from n/a through 3.2.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49152.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49152",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.683",
"lastModified": "2023-12-14T18:15:44.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/credit-tracker/wordpress-credit-tracker-plugin-1-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49157.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49157",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.877",
"lastModified": "2023-12-14T18:15:44.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas M\u00fcnch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multiple-post-passwords/wordpress-multiple-post-passwords-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-491xx/CVE-2023-49171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49171",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:50.487",
"lastModified": "2023-12-14T16:15:50.487",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-491xx/CVE-2023-49172.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49172",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:50.807",
"lastModified": "2023-12-14T16:15:50.807",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-491xx/CVE-2023-49173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49173",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:51.013",
"lastModified": "2023-12-14T16:15:51.013",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-491xx/CVE-2023-49195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49195",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:51.227",
"lastModified": "2023-12-14T16:15:51.227",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

68
CVE-2023/CVE-2023-495xx/CVE-2023-49563.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-49563",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T09:15:08.600",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:30:37.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver."
},
{
"lang": "es",
"value": "Cross Site Scripting (XSS) en Voltronic Power SNMP Web Pro v.1.1 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado dentro de una solicitud al servidor web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:voltronicpower:snmp_web_pro:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6059B1DE-C7AB-4C17-B714-438F37EEAA3C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ph4nt0mbyt3/b237bfb06b2bff405ab47e4ea52c0bd2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-496xx/CVE-2023-49607.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49607",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:08.757",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:29:44.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to validate the type of the \"reminder\" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.\n\n"
},
{
"lang": "es",
"value": "Mattermost no logra validar el tipo de par\u00e1metro de solicitud del cuerpo \"recordatorio\", lo que permite a un atacante bloquear el complemento Playbook al actualizar el cuadro de di\u00e1logo de estado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.14",
"matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.5",
"matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.3",
"matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.2",
"matchCriteriaId": "D31448D3-0970-47A8-A4A5-E7FB05B929EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.1",
"matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90D81EBE-C0B1-40B7-8BE5-8F4598D81814"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-497xx/CVE-2023-49766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:51.447",
"lastModified": "2023-12-14T16:15:51.447",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-497xx/CVE-2023-49770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49770",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:51.660",
"lastModified": "2023-12-14T16:15:51.660",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-497xx/CVE-2023-49771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49771",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:51.863",
"lastModified": "2023-12-14T16:15:51.863",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-498xx/CVE-2023-49809.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49809",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:09.110",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:45:03.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.\u00a0\n\n"
},
{
"lang": "es",
"value": "Mattermost no logra manejar un cuerpo de solicitud nulo en el endpoint /add, lo que permite que un miembro simple env\u00ede una solicitud con un cuerpo de solicitud nulo a ese endpoint y haga que falle. Despu\u00e9s de algunas repeticiones, el complemento se desactiva."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.5",
"matchCriteriaId": "6FA74D02-6508-49A3-960F-22B84B6E5B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.1.0",
"matchCriteriaId": "D0882E48-E077-4E4E-9A76-ACDAEEFC6573"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-498xx/CVE-2023-49813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49813",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:52.080",
"lastModified": "2023-12-14T16:15:52.080",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-498xx/CVE-2023-49820.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49820",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:52.323",
"lastModified": "2023-12-14T16:15:52.323",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-498xx/CVE-2023-49841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49841",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:52.540",
"lastModified": "2023-12-14T16:15:52.540",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-498xx/CVE-2023-49842.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49842",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.533",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rocket-maintenance-mode/wordpress-rocket-maintenance-mode-coming-soon-page-plugin-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49860.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49860",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.727",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

90
CVE-2023/CVE-2023-498xx/CVE-2023-49874.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49874",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:09.310",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T18:51:59.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a\u00a0guest to update the tasks of a private playbook run if they know the run ID.\n\n"
},
{
"lang": "es",
"value": "Mattermost no verifica si un usuario es un invitado al actualizar las tareas de una ejecuci\u00f3n de un playbook privado, lo que permite a un invitado actualizar las tareas de una ejecuci\u00f3n de un playbook privado si conoce el ID de la ejecuci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.8.14",
"matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.1.5",
"matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.3",
"matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.1",
"versionEndIncluding": "9.1.2",
"matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.1",
"matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-501xx/CVE-2023-50100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50100",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T16:15:52.750",
"lastModified": "2023-12-14T16:15:52.750",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-501xx/CVE-2023-50101.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50101",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T16:15:52.800",
"lastModified": "2023-12-14T16:15:52.800",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-501xx/CVE-2023-50102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T16:15:52.850",
"lastModified": "2023-12-14T16:15:52.850",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-501xx/CVE-2023-50137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50137",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T16:15:52.897",
"lastModified": "2023-12-14T16:15:52.897",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

53
CVE-2023/CVE-2023-502xx/CVE-2023-50245.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50245",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-11T23:15:08.280",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:57:33.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:afichet:openexr_viewer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.6.1",
"matchCriteriaId": "395A1F99-2C73-4A59-B31D-C4B2155C5C7C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/afichet/openexr-viewer/security/advisories/GHSA-99jg-r3f4-rpxj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-502xx/CVE-2023-50269.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-50269",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T18:15:45.070",
"lastModified": "2023-12-14T18:15:45.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch",
"source": "security-advisories@github.com"
},
{
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3",
"source": "security-advisories@github.com"
}
]
}

72
CVE-2023/CVE-2023-504xx/CVE-2023-50423.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50423",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.797",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:48:27.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,30 +70,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.0",
"matchCriteriaId": "16F8EF4D-E500-4F8D-8F74-549EB05A8BB4"
}
]
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/SAP/cloud-pysec/",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://pypi.org/project/sap-xssec/",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-504xx/CVE-2023-50424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50424",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T03:15:07.100",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:44:34.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,30 +70,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.17.0",
"matchCriteriaId": "9C630555-6CC1-475D-A296-8C39B59C4AF1"
}
]
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/SAP/cloud-security-client-go",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://pkg.go.dev/github.com/sap/cloud-security-client-go@v0.17.0",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-507xx/CVE-2023-50710.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-50710",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T18:15:45.270",
"lastModified": "2023-12-14T18:15:45.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/honojs/hono/releases/tag/v3.11.7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq",
"source": "security-advisories@github.com"
}
]
}

43
CVE-2023/CVE-2023-57xx/CVE-2023-5769.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-5769",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-14T17:15:09.920",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to user input being improperly sanitized.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

4
CVE-2023/CVE-2023-63xx/CVE-2023-6364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6364",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:52.957",
"lastModified": "2023-12-14T16:15:52.957",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:54.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-63xx/CVE-2023-6365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6365",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:53.163",
"lastModified": "2023-12-14T16:15:53.163",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-63xx/CVE-2023-6366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6366",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:53.383",
"lastModified": "2023-12-14T16:15:53.383",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-63xx/CVE-2023-6367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6367",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:53.593",
"lastModified": "2023-12-14T16:15:53.593",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-63xx/CVE-2023-6368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6368",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:54.103",
"lastModified": "2023-12-14T16:15:54.103",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-65xx/CVE-2023-6538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6538",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-11T18:15:30.250",
"lastModified": "2023-12-12T17:15:08.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:02:15.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitachi:system_management_unit_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.8.7825.01",
"matchCriteriaId": "7DBFB3A6-CDAB-4988-8471-23B6C147F797"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitachi:system_management_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97B0CC62-7F81-4A12-880B-9954CF9EA323"
}
]
}
]
}
],
"references": [
{
"url": "https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data.",
"source": "security.vulnerabilities@hitachivantara.com"
"source": "security.vulnerabilities@hitachivantara.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-65xx/CVE-2023-6563.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6563",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-14T18:15:45.540",
"lastModified": "2023-12-14T18:15:45.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the \"consents\" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6563",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253308",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/keycloak/keycloak/issues/13340",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2023/CVE-2023-65xx/CVE-2023-6595.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6595",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:54.453",
"lastModified": "2023-12-14T16:15:54.453",
"vulnStatus": "Received",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-66xx/CVE-2023-6647.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6647",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T07:15:44.100",
"lastModified": "2023-12-10T11:50:56.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:22:19.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en AMTT HiBOS 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida es afectada por este problema. La manipulaci\u00f3n del argumento Type conduce a la inyecci\u00f3n SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247340. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amttgroup:hibos:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7B4E54-4BE0-4F4D-915A-600EB71968D7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gatsby2003/Sqlinjection/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247340",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.247340",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2023/CVE-2023-66xx/CVE-2023-6654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6654",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T15:15:07.160",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:17:26.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpems:phpems:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA60F966-C229-4373-87CD-7A806A46CB19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpems:phpems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19458FB-F999-42AA-B2F9-E9CFEF361F41"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/jw4Hp9cq7T69",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.247357",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.247357",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2023/CVE-2023-66xx/CVE-2023-6655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6655",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T16:15:07.067",
"lastModified": "2023-12-11T12:20:50.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T17:08:27.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hrp2000:e-hr:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDCA40C-36D7-4418-B7BC-DB1B3D5F05BE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/willchen0011/cve/blob/main/HongJing-sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247358",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.247358",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

103
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-14T17:00:25.161603+00:00
2023-12-14T19:00:25.136410+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-14T16:55:32.230000+00:00
2023-12-14T18:58:08.837000+00:00
```
### Last Data Feed Release
@ -29,66 +29,65 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233190
233211
```
### CVEs added in the last Commit
Recently added CVEs: `49`
Recently added CVEs: `21`
* [CVE-2023-48663](CVE-2023/CVE-2023-486xx/CVE-2023-48663.json) (`2023-12-14T16:15:49.433`)
* [CVE-2023-48664](CVE-2023/CVE-2023-486xx/CVE-2023-48664.json) (`2023-12-14T16:15:49.640`)
* [CVE-2023-48665](CVE-2023/CVE-2023-486xx/CVE-2023-48665.json) (`2023-12-14T16:15:49.847`)
* [CVE-2023-48667](CVE-2023/CVE-2023-486xx/CVE-2023-48667.json) (`2023-12-14T16:15:50.040`)
* [CVE-2023-48668](CVE-2023/CVE-2023-486xx/CVE-2023-48668.json) (`2023-12-14T16:15:50.257`)
* [CVE-2023-49171](CVE-2023/CVE-2023-491xx/CVE-2023-49171.json) (`2023-12-14T16:15:50.487`)
* [CVE-2023-49172](CVE-2023/CVE-2023-491xx/CVE-2023-49172.json) (`2023-12-14T16:15:50.807`)
* [CVE-2023-49173](CVE-2023/CVE-2023-491xx/CVE-2023-49173.json) (`2023-12-14T16:15:51.013`)
* [CVE-2023-49195](CVE-2023/CVE-2023-491xx/CVE-2023-49195.json) (`2023-12-14T16:15:51.227`)
* [CVE-2023-49766](CVE-2023/CVE-2023-497xx/CVE-2023-49766.json) (`2023-12-14T16:15:51.447`)
* [CVE-2023-49770](CVE-2023/CVE-2023-497xx/CVE-2023-49770.json) (`2023-12-14T16:15:51.660`)
* [CVE-2023-49771](CVE-2023/CVE-2023-497xx/CVE-2023-49771.json) (`2023-12-14T16:15:51.863`)
* [CVE-2023-49813](CVE-2023/CVE-2023-498xx/CVE-2023-49813.json) (`2023-12-14T16:15:52.080`)
* [CVE-2023-49820](CVE-2023/CVE-2023-498xx/CVE-2023-49820.json) (`2023-12-14T16:15:52.323`)
* [CVE-2023-49841](CVE-2023/CVE-2023-498xx/CVE-2023-49841.json) (`2023-12-14T16:15:52.540`)
* [CVE-2023-50100](CVE-2023/CVE-2023-501xx/CVE-2023-50100.json) (`2023-12-14T16:15:52.750`)
* [CVE-2023-50101](CVE-2023/CVE-2023-501xx/CVE-2023-50101.json) (`2023-12-14T16:15:52.800`)
* [CVE-2023-50102](CVE-2023/CVE-2023-501xx/CVE-2023-50102.json) (`2023-12-14T16:15:52.850`)
* [CVE-2023-50137](CVE-2023/CVE-2023-501xx/CVE-2023-50137.json) (`2023-12-14T16:15:52.897`)
* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-14T16:15:52.957`)
* [CVE-2023-6365](CVE-2023/CVE-2023-63xx/CVE-2023-6365.json) (`2023-12-14T16:15:53.163`)
* [CVE-2023-6366](CVE-2023/CVE-2023-63xx/CVE-2023-6366.json) (`2023-12-14T16:15:53.383`)
* [CVE-2023-6367](CVE-2023/CVE-2023-63xx/CVE-2023-6367.json) (`2023-12-14T16:15:53.593`)
* [CVE-2023-6368](CVE-2023/CVE-2023-63xx/CVE-2023-6368.json) (`2023-12-14T16:15:54.103`)
* [CVE-2023-6595](CVE-2023/CVE-2023-65xx/CVE-2023-6595.json) (`2023-12-14T16:15:54.453`)
* [CVE-2023-42799](CVE-2023/CVE-2023-427xx/CVE-2023-42799.json) (`2023-12-14T17:15:07.257`)
* [CVE-2023-42800](CVE-2023/CVE-2023-428xx/CVE-2023-42800.json) (`2023-12-14T17:15:07.463`)
* [CVE-2023-42801](CVE-2023/CVE-2023-428xx/CVE-2023-42801.json) (`2023-12-14T17:15:07.657`)
* [CVE-2023-47261](CVE-2023/CVE-2023-472xx/CVE-2023-47261.json) (`2023-12-14T17:15:07.933`)
* [CVE-2023-48671](CVE-2023/CVE-2023-486xx/CVE-2023-48671.json) (`2023-12-14T17:15:07.987`)
* [CVE-2023-48756](CVE-2023/CVE-2023-487xx/CVE-2023-48756.json) (`2023-12-14T17:15:08.187`)
* [CVE-2023-48767](CVE-2023/CVE-2023-487xx/CVE-2023-48767.json) (`2023-12-14T17:15:08.380`)
* [CVE-2023-48770](CVE-2023/CVE-2023-487xx/CVE-2023-48770.json) (`2023-12-14T17:15:08.570`)
* [CVE-2023-48771](CVE-2023/CVE-2023-487xx/CVE-2023-48771.json) (`2023-12-14T17:15:08.763`)
* [CVE-2023-48780](CVE-2023/CVE-2023-487xx/CVE-2023-48780.json) (`2023-12-14T17:15:08.953`)
* [CVE-2023-49149](CVE-2023/CVE-2023-491xx/CVE-2023-49149.json) (`2023-12-14T17:15:09.143`)
* [CVE-2023-49150](CVE-2023/CVE-2023-491xx/CVE-2023-49150.json) (`2023-12-14T17:15:09.337`)
* [CVE-2023-49842](CVE-2023/CVE-2023-498xx/CVE-2023-49842.json) (`2023-12-14T17:15:09.533`)
* [CVE-2023-49860](CVE-2023/CVE-2023-498xx/CVE-2023-49860.json) (`2023-12-14T17:15:09.727`)
* [CVE-2023-5769](CVE-2023/CVE-2023-57xx/CVE-2023-5769.json) (`2023-12-14T17:15:09.920`)
* [CVE-2023-49151](CVE-2023/CVE-2023-491xx/CVE-2023-49151.json) (`2023-12-14T18:15:44.450`)
* [CVE-2023-49152](CVE-2023/CVE-2023-491xx/CVE-2023-49152.json) (`2023-12-14T18:15:44.683`)
* [CVE-2023-49157](CVE-2023/CVE-2023-491xx/CVE-2023-49157.json) (`2023-12-14T18:15:44.877`)
* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2023-12-14T18:15:45.070`)
* [CVE-2023-50710](CVE-2023/CVE-2023-507xx/CVE-2023-50710.json) (`2023-12-14T18:15:45.270`)
* [CVE-2023-6563](CVE-2023/CVE-2023-65xx/CVE-2023-6563.json) (`2023-12-14T18:15:45.540`)
### CVEs modified in the last Commit
Recently modified CVEs: `22`
Recently modified CVEs: `53`
* [CVE-2013-0150](CVE-2013/CVE-2013-01xx/CVE-2013-0150.json) (`2023-12-14T16:08:02.297`)
* [CVE-2020-12613](CVE-2020/CVE-2020-126xx/CVE-2020-12613.json) (`2023-12-14T16:37:11.820`)
* [CVE-2021-21220](CVE-2021/CVE-2021-212xx/CVE-2021-21220.json) (`2023-12-14T16:15:43.700`)
* [CVE-2021-3187](CVE-2021/CVE-2021-31xx/CVE-2021-3187.json) (`2023-12-14T16:48:20.417`)
* [CVE-2023-37858](CVE-2023/CVE-2023-378xx/CVE-2023-37858.json) (`2023-12-14T15:15:07.630`)
* [CVE-2023-39167](CVE-2023/CVE-2023-391xx/CVE-2023-39167.json) (`2023-12-14T15:15:07.807`)
* [CVE-2023-39169](CVE-2023/CVE-2023-391xx/CVE-2023-39169.json) (`2023-12-14T15:15:07.950`)
* [CVE-2023-36649](CVE-2023/CVE-2023-366xx/CVE-2023-36649.json) (`2023-12-14T15:34:02.853`)
* [CVE-2023-49587](CVE-2023/CVE-2023-495xx/CVE-2023-49587.json) (`2023-12-14T15:41:25.777`)
* [CVE-2023-49796](CVE-2023/CVE-2023-497xx/CVE-2023-49796.json) (`2023-12-14T15:59:56.653`)
* [CVE-2023-49802](CVE-2023/CVE-2023-498xx/CVE-2023-49802.json) (`2023-12-14T16:14:49.267`)
* [CVE-2023-32028](CVE-2023/CVE-2023-320xx/CVE-2023-32028.json) (`2023-12-14T16:15:44.833`)
* [CVE-2023-36403](CVE-2023/CVE-2023-364xx/CVE-2023-36403.json) (`2023-12-14T16:15:45.183`)
* [CVE-2023-3079](CVE-2023/CVE-2023-30xx/CVE-2023-3079.json) (`2023-12-14T16:15:45.310`)
* [CVE-2023-45292](CVE-2023/CVE-2023-452xx/CVE-2023-45292.json) (`2023-12-14T16:26:54.007`)
* [CVE-2023-41115](CVE-2023/CVE-2023-411xx/CVE-2023-41115.json) (`2023-12-14T16:41:55.570`)
* [CVE-2023-49795](CVE-2023/CVE-2023-497xx/CVE-2023-49795.json) (`2023-12-14T16:46:43.917`)
* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-12-14T16:48:23.877`)
* [CVE-2023-41114](CVE-2023/CVE-2023-411xx/CVE-2023-41114.json) (`2023-12-14T16:48:42.467`)
* [CVE-2023-41113](CVE-2023/CVE-2023-411xx/CVE-2023-41113.json) (`2023-12-14T16:48:48.550`)
* [CVE-2023-41116](CVE-2023/CVE-2023-411xx/CVE-2023-41116.json) (`2023-12-14T16:51:52.863`)
* [CVE-2023-41117](CVE-2023/CVE-2023-411xx/CVE-2023-41117.json) (`2023-12-14T16:55:32.230`)
* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-14T17:17:54.510`)
* [CVE-2023-44278](CVE-2023/CVE-2023-442xx/CVE-2023-44278.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44279](CVE-2023/CVE-2023-442xx/CVE-2023-44279.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44284](CVE-2023/CVE-2023-442xx/CVE-2023-44284.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44285](CVE-2023/CVE-2023-442xx/CVE-2023-44285.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44286](CVE-2023/CVE-2023-442xx/CVE-2023-44286.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-48660](CVE-2023/CVE-2023-486xx/CVE-2023-48660.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-48661](CVE-2023/CVE-2023-486xx/CVE-2023-48661.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-48662](CVE-2023/CVE-2023-486xx/CVE-2023-48662.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-6647](CVE-2023/CVE-2023-66xx/CVE-2023-6647.json) (`2023-12-14T17:22:19.353`)
* [CVE-2023-50424](CVE-2023/CVE-2023-504xx/CVE-2023-50424.json) (`2023-12-14T17:44:34.810`)
* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-14T17:48:27.037`)
* [CVE-2023-41118](CVE-2023/CVE-2023-411xx/CVE-2023-41118.json) (`2023-12-14T17:54:25.937`)
* [CVE-2023-50245](CVE-2023/CVE-2023-502xx/CVE-2023-50245.json) (`2023-12-14T17:57:33.607`)
* [CVE-2023-41623](CVE-2023/CVE-2023-416xx/CVE-2023-41623.json) (`2023-12-14T18:01:27.260`)
* [CVE-2023-46701](CVE-2023/CVE-2023-467xx/CVE-2023-46701.json) (`2023-12-14T18:07:27.107`)
* [CVE-2023-45847](CVE-2023/CVE-2023-458xx/CVE-2023-45847.json) (`2023-12-14T18:20:40.697`)
* [CVE-2023-49607](CVE-2023/CVE-2023-496xx/CVE-2023-49607.json) (`2023-12-14T18:29:44.217`)
* [CVE-2023-49563](CVE-2023/CVE-2023-495xx/CVE-2023-49563.json) (`2023-12-14T18:30:37.733`)
* [CVE-2023-48677](CVE-2023/CVE-2023-486xx/CVE-2023-48677.json) (`2023-12-14T18:32:23.603`)
* [CVE-2023-48642](CVE-2023/CVE-2023-486xx/CVE-2023-48642.json) (`2023-12-14T18:38:31.893`)
* [CVE-2023-49809](CVE-2023/CVE-2023-498xx/CVE-2023-49809.json) (`2023-12-14T18:45:03.083`)
* [CVE-2023-49874](CVE-2023/CVE-2023-498xx/CVE-2023-49874.json) (`2023-12-14T18:51:59.960`)
* [CVE-2023-49058](CVE-2023/CVE-2023-490xx/CVE-2023-49058.json) (`2023-12-14T18:56:27.277`)
* [CVE-2023-45316](CVE-2023/CVE-2023-453xx/CVE-2023-45316.json) (`2023-12-14T18:58:08.837`)
## Download and Usage