diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41118.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41118.json index 023058fadbf..6dfac0178eb 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41118.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41118.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41118", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T07:15:45.220", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:54:25.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,95 @@ "value": "Se descubri\u00f3 un problema en EnterpriseDB Postgres Advanced Server (EPAS) antes de 11.21.32, 12.x antes de 12.16.20, 13.x antes de 13.12.16, 14.x antes de 14.9.0 y 15.x antes de 15.4.0. Puede permitir que un usuario autenticado omita los requisitos de autorizaci\u00f3n y acceda a funciones de implementaci\u00f3n subyacentes. Cuando un superusuario ha configurado ubicaciones de archivos usando CREATE DIRECTORY, estas funciones permiten a los usuarios realizar una amplia gama de acciones, incluidas leer, escribir, copiar, cambiar nombre y eliminar." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.21.32", + "matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.16.20", + "matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.12.17", + "matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "14.9.0", + "matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0.0", + "versionEndExcluding": "15.4.0", + "matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.enterprisedb.com/docs/security/advisories/cve202341118/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41623.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41623.json index af8324c61fe..d656d981fac 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41623.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41623.json @@ -2,19 +2,79 @@ "id": "CVE-2023-41623", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T09:15:07.520", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:01:27.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que la versi\u00f3n pro2.1.14 de Emlog conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro uid en /admin/media.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*", + "matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41623", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42799.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42799.json new file mode 100644 index 00000000000..7541f4546f9 --- /dev/null +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42799.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-42799", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T17:15:07.257", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-r8cf-45f4-vf8m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42800.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42800.json new file mode 100644 index 00000000000..a096b298b00 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42800.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42800", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T17:15:07.463", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42801.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42801.json new file mode 100644 index 00000000000..8d44fc0cfed --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42801.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42801", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T17:15:07.657", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/blob/c1744de06938b5a5c8897a705be1bc6508dc7580/src/Misc.c#L82-L88", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/b2497a3918a6d79808d9fd0c04734786e70d5954", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/f57bd745b4cbed577ea654fad4701bea4d38b44c", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-f3h8-j898-5h5v", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44278.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44278.json index b5d0f336566..133a0b1e547 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44278.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44278.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44278", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:45.490", - "lastModified": "2023-12-14T16:15:45.490", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44279.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44279.json index 2a4bdcf0676..9f74323470d 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44279.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44279.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44279", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:46.017", - "lastModified": "2023-12-14T16:15:46.017", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44284.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44284.json index 3255f46f0f3..d7915c66e31 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44284.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44284.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44284", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:46.880", - "lastModified": "2023-12-14T16:15:46.880", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44285.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44285.json index dd821ec4692..f9c66911703 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44285.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44285.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44285", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:47.617", - "lastModified": "2023-12-14T16:15:47.617", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44286.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44286.json index 0868ee4871e..32f095e62e9 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44286.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44286.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44286", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:48.200", - "lastModified": "2023-12-14T16:15:48.200", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45316.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45316.json index 179931f3146..72cea794951 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45316.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45316.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45316", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-12-12T09:15:07.740", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:58:08.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a\u00a0CSRF attack.\n\n" + }, + { + "lang": "es", + "value": "Mattermost no logra validar si se pasa una ruta relativa en /plugins/playbooks/api/v0/telemetry/run/ como ID de ejecuci\u00f3n de telemetr\u00eda, lo que permite a un atacante usar un payload de path traversal que apunta a un endpoint diferente que conduce a un ataque CSRF." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +59,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + }, + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +84,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.14", + "matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.5", + "matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.3", + "matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.1", + "versionEndIncluding": "9.1.2", + "matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.1", + "matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45539.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45539.json index f20d8ea37e5..ffa2b4c3b2c 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45539.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45539.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45539", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-28T20:15:07.817", - "lastModified": "2023-12-04T19:32:37.217", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T17:15:07.860", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -76,6 +76,10 @@ "Broken Link" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45847.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45847.json index cc13668ca99..323f17df273 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45847.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45847.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45847", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-12-12T09:15:07.983", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:20:40.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin\n\n" + }, + { + "lang": "es", + "value": "Mattermost no verifica la longitud al configurar el t\u00edtulo en una lista de verificaci\u00f3n de ejecuci\u00f3n en Playbooks, lo que permite a un atacante enviar una solicitud especialmente manipulada y bloquear el complemento de Playbooks." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +80,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.14", + "matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.5", + "matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.3", + "matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.1", + "versionEndIncluding": "9.1.2", + "matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.1", + "matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46701.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46701.json index f122da98a45..58095935ada 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46701.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46701.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46701", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-12-12T09:15:08.180", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:07:27.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID\n\n" + }, + { + "lang": "es", + "value": "Mattermost no realiza comprobaciones de autorizaci\u00f3n en el endpoint /plugins/playbooks/api/v0/runs/add-to-timeline-dialog del complemento Playbooks, lo que permite a un atacante obtener informaci\u00f3n limitada sobre una publicaci\u00f3n si conoce el ID de la publicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +80,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.14", + "matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.5", + "matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.3", + "matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.1", + "versionEndIncluding": "9.1.2", + "matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.1", + "matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47261.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47261.json new file mode 100644 index 00000000000..c69962f7a22 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47261.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-47261", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T17:15:07.933", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://h3x0s3.github.io/CVE2023~47261/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dokmee.com/Support-Learn/Updates-Change-Log", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48642.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48642.json index 096a11f7791..16327439140 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48642.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48642.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48642", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T08:15:07.980", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:38:31.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,84 @@ "value": "Archer Platform 6.x anterior a 6.13 P2 (6.13.0.2) contiene una vulnerabilidad de inyecci\u00f3n de contenido HTML autenticado. Un usuario malicioso de Archer autenticado remotamente podr\u00eda explotar esto para almacenar c\u00f3digo HTML malicioso en un almac\u00e9n de datos de aplicaciones confiable. Cuando los usuarios v\u00edctimas acceden al almac\u00e9n de datos a trav\u00e9s de sus navegadores, el navegador web ejecuta el c\u00f3digo malicioso en el contexto de la aplicaci\u00f3n vulnerable. 6.14 (6.14.0) tambi\u00e9n es una versi\u00f3n corregida." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.14.0", + "matchCriteriaId": "66B9F878-44F1-4616-AB60-287DB663ADC0" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.13.0.2", + "matchCriteriaId": "482FB7B5-DE33-47C5-8506-23ACD023F902" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json index 45a6d7f31dd..9fa33c0e435 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48660", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:48.823", - "lastModified": "2023-12-14T16:15:48.823", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json index 0cad3d07429..3bd9267f127 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48661", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.023", - "lastModified": "2023-12-14T16:15:49.023", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json index 203c086a506..d4c92b57fcc 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48662", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.227", - "lastModified": "2023-12-14T16:15:49.227", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:58.157", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48663.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48663.json index 81d3d44cd7a..45975fb1744 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48663.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48663.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48663", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.433", - "lastModified": "2023-12-14T16:15:49.433", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json index 1c5cc2efa00..c4c31c04ee2 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48664.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48664", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.640", - "lastModified": "2023-12-14T16:15:49.640", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json index 83922336807..40831b4a7dd 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48665.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48665", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.847", - "lastModified": "2023-12-14T16:15:49.847", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48667.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48667.json index 2c3ac39e5e0..e3181a1916a 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48667.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48667.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48667", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:50.040", - "lastModified": "2023-12-14T16:15:50.040", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48668.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48668.json index 0e65e55738a..38e8cae1121 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48668.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48668.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48668", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:50.257", - "lastModified": "2023-12-14T16:15:50.257", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48671.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48671.json new file mode 100644 index 00000000000..51d18b31760 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48671.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48671", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-12-14T17:15:07.987", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nDell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48677.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48677.json index ebd601027df..20e1168a8d4 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48677.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48677.json @@ -2,15 +2,41 @@ "id": "CVE-2023-48677", "sourceIdentifier": "security@acronis.com", "published": "2023-12-12T09:15:08.383", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:32:23.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901." + }, + { + "lang": "es", + "value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilaci\u00f3n 40901." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -46,10 +72,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*", + "versionEndExcluding": "40901", + "matchCriteriaId": "B290A506-C8A3-4C17-826A-D7ED623299B5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5620", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48756.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48756.json new file mode 100644 index 00000000000..f39b8127a5d --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48756.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48756", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:08.187", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/jet-blocks/wordpress-jetblocks-for-elementor-plugin-1-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48767.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48767.json new file mode 100644 index 00000000000..e8e11edbfa3 --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48767.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48767", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:08.380", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mytube/wordpress-mytube-playlist-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48770.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48770.json new file mode 100644 index 00000000000..043264c341a --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48770.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48770", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:08.570", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/aparat/wordpress-aparat-plugin-1-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48771.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48771.json new file mode 100644 index 00000000000..1b6580a44ab --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48771.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48771", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:08.763", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno \"Aesqe\" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/file-gallery/wordpress-file-gallery-plugin-1-8-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48780.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48780.json new file mode 100644 index 00000000000..73bde4457c6 --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48780.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48780", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:08.953", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-catalogue/wordpress-wp-catalogue-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49058.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49058.json index 55639013d41..beb56bc6e6a 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49058.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49058.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49058", "sourceIdentifier": "cna@sap.com", "published": "2023-12-12T01:15:12.840", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:56:27.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -50,14 +70,117 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*", + "matchCriteriaId": "21F2D97C-922D-420D-8B1C-689D2C20FEB3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*", + "matchCriteriaId": "FD747826-9538-4A22-AFA8-BB5CFBDE6BF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*", + "matchCriteriaId": "FD6CBD8D-BC8E-496A-A17C-0E2413D02FC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*", + "matchCriteriaId": "3DF73CAE-700A-4663-BC79-CAB6CCE936F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*", + "matchCriteriaId": "4E09AA46-4347-4B6C-8BE1-B943B19ECB5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*", + "matchCriteriaId": "4222EE28-3865-4943-8F7A-2A656293FEAE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*", + "matchCriteriaId": "17AD00E5-3EED-433C-8341-EF3535C0A316" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*", + "matchCriteriaId": "725B3570-302B-4B4E-93BD-4A99488D1B2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*", + "matchCriteriaId": "325FE86D-E0E6-46B3-8BBB-ED93A34E17C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*", + "matchCriteriaId": "B86D04DD-5013-4769-9E62-32A1C4A7F9A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:802:*:*:*:*:*:*:*", + "matchCriteriaId": "7895D7F0-A62E-469B-8FE6-7967D74AE202" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:803:*:*:*:*:*:*:*", + "matchCriteriaId": "9F5AB22A-7906-40EE-A613-09C43B1B4D63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:804:*:*:*:*:*:*:*", + "matchCriteriaId": "1833975C-797D-45E1-984D-E1900553FFBA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:805:*:*:*:*:*:*:*", + "matchCriteriaId": "02340ACE-A07B-40FC-B253-17A64F4D8328" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:806:*:*:*:*:*:*:*", + "matchCriteriaId": "E6CD28E7-6576-470F-8421-CEA4E2B89D18" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:807:*:*:*:*:*:*:*", + "matchCriteriaId": "36F5BCA7-C447-425B-A828-D59FCDEBA136" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:master_data_governance:808:*:*:*:*:*:*:*", + "matchCriteriaId": "93C11998-6A74-44E0-8CCF-4A48B71AF3C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3363690", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49149.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49149.json new file mode 100644 index 00000000000..ee910b71c76 --- /dev/null +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49149.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49149", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:09.143", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/currency-converter-calculator/wordpress-currency-converter-calculator-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49150.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49150.json new file mode 100644 index 00000000000..3c93f1dd53e --- /dev/null +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49150.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49150", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:09.337", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/crypto-converter-widget/wordpress-crypto-converter-widget-plugin-1-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49151.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49151.json new file mode 100644 index 00000000000..1879fe8a6ba --- /dev/null +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49151.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49151", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T18:15:44.450", + "lastModified": "2023-12-14T18:15:44.450", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar \u2013 Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar \u2013 Google Calendar Plugin: from n/a through 3.2.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49152.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49152.json new file mode 100644 index 00000000000..5dda37e11d7 --- /dev/null +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49152.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49152", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T18:15:44.683", + "lastModified": "2023-12-14T18:15:44.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/credit-tracker/wordpress-credit-tracker-plugin-1-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49157.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49157.json new file mode 100644 index 00000000000..d892c84c6a6 --- /dev/null +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49157.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49157", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T18:15:44.877", + "lastModified": "2023-12-14T18:15:44.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas M\u00fcnch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/multiple-post-passwords/wordpress-multiple-post-passwords-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49171.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49171.json index 1141c0abc62..a80c120d477 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49171.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49171.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49171", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:50.487", - "lastModified": "2023-12-14T16:15:50.487", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49172.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49172.json index b14bcc0a2dd..181c6ab31d7 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49172.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49172.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49172", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:50.807", - "lastModified": "2023-12-14T16:15:50.807", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49173.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49173.json index 86132e461b5..d49db456b5e 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49173.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49173.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49173", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:51.013", - "lastModified": "2023-12-14T16:15:51.013", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49195.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49195.json index 34981501b83..c684d2570e0 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49195.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49195.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49195", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:51.227", - "lastModified": "2023-12-14T16:15:51.227", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49563.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49563.json index 2291efbf2c1..742651b4fda 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49563.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49563.json @@ -2,19 +2,79 @@ "id": "CVE-2023-49563", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T09:15:08.600", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:30:37.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver." + }, + { + "lang": "es", + "value": "Cross Site Scripting (XSS) en Voltronic Power SNMP Web Pro v.1.1 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado dentro de una solicitud al servidor web." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:voltronicpower:snmp_web_pro:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6059B1DE-C7AB-4C17-B714-438F37EEAA3C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/ph4nt0mbyt3/b237bfb06b2bff405ab47e4ea52c0bd2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49607.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49607.json index 641c1b3b500..9626a78696f 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49607.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49607.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49607", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-12-12T09:15:08.757", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:29:44.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mattermost fails to validate the type of the \"reminder\" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.\n\n" + }, + { + "lang": "es", + "value": "Mattermost no logra validar el tipo de par\u00e1metro de solicitud del cuerpo \"recordatorio\", lo que permite a un atacante bloquear el complemento Playbook al actualizar el cuadro de di\u00e1logo de estado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +80,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.14", + "matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.5", + "matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.3", + "matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.0", + "versionEndIncluding": "9.1.2", + "matchCriteriaId": "D31448D3-0970-47A8-A4A5-E7FB05B929EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.1", + "matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:9.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "90D81EBE-C0B1-40B7-8BE5-8F4598D81814" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49766.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49766.json index af96be619e9..eb1375b9739 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49766.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49766", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:51.447", - "lastModified": "2023-12-14T16:15:51.447", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json index 5703299dbe9..db710a583a9 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49770.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49770", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:51.660", - "lastModified": "2023-12-14T16:15:51.660", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49771.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49771.json index 36294ad6ac6..f01237a0579 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49771.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49771.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49771", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:51.863", - "lastModified": "2023-12-14T16:15:51.863", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49809.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49809.json index 709b884f5ce..b871278ebda 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49809.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49809.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49809", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-12-12T09:15:09.110", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:45:03.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.\u00a0\n\n" + }, + { + "lang": "es", + "value": "Mattermost no logra manejar un cuerpo de solicitud nulo en el endpoint /add, lo que permite que un miembro simple env\u00ede una solicitud con un cuerpo de solicitud nulo a ese endpoint y haga que falle. Despu\u00e9s de algunas repeticiones, el complemento se desactiva." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.5", + "matchCriteriaId": "6FA74D02-6508-49A3-960F-22B84B6E5B51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.1.0", + "matchCriteriaId": "D0882E48-E077-4E4E-9A76-ACDAEEFC6573" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49813.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49813.json index c7fe74e4079..b4c2d9e5b37 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49813.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49813.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49813", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:52.080", - "lastModified": "2023-12-14T16:15:52.080", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49820.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49820.json index 45bae6f0317..e42297d3891 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49820.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49820.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49820", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:52.323", - "lastModified": "2023-12-14T16:15:52.323", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49841.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49841.json index b2b4b1448ae..b78c158ea42 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49841.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49841.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49841", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T16:15:52.540", - "lastModified": "2023-12-14T16:15:52.540", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49842.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49842.json new file mode 100644 index 00000000000..9e9f4f25aca --- /dev/null +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49842.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49842", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:09.533", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/rocket-maintenance-mode/wordpress-rocket-maintenance-mode-coming-soon-page-plugin-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49860.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49860.json new file mode 100644 index 00000000000..8156e31d988 --- /dev/null +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49860.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49860", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-14T17:15:09.727", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49874.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49874.json index 7283df27404..ee7b49c7f56 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49874.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49874.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49874", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-12-12T09:15:09.310", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T18:51:59.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a\u00a0guest to update the tasks of a private playbook run if they know the run ID.\n\n" + }, + { + "lang": "es", + "value": "Mattermost no verifica si un usuario es un invitado al actualizar las tareas de una ejecuci\u00f3n de un playbook privado, lo que permite a un invitado actualizar las tareas de una ejecuci\u00f3n de un playbook privado si conoce el ID de la ejecuci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +80,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.8.14", + "matchCriteriaId": "367753A5-CE5B-4EA7-8539-6ACFBC9ACABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.1.5", + "matchCriteriaId": "553B4894-FB79-4996-BDEC-273EF6E96D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.3", + "matchCriteriaId": "0856C685-4154-4549-B60A-4251C9E6B916" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.1", + "versionEndIncluding": "9.1.2", + "matchCriteriaId": "9AB6EA21-B7ED-487D-B131-FA200023179E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.1", + "matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50100.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50100.json index 194f4b45d87..4c638faad1b 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50100.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50100.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50100", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T16:15:52.750", - "lastModified": "2023-12-14T16:15:52.750", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50101.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50101.json index f420b1c7a66..f3a514e962a 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50101.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50101.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50101", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T16:15:52.800", - "lastModified": "2023-12-14T16:15:52.800", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50102.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50102.json index 8746fc54158..0edfec7e56f 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50102.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50102.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50102", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T16:15:52.850", - "lastModified": "2023-12-14T16:15:52.850", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50137.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50137.json index 5cd20621f23..5e236d0b5aa 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50137.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50137.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50137", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T16:15:52.897", - "lastModified": "2023-12-14T16:15:52.897", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50245.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50245.json index f7ded20344e..385965a57e1 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50245.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50245.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50245", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-11T23:15:08.280", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:57:33.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:afichet:openexr_viewer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.6.1", + "matchCriteriaId": "395A1F99-2C73-4A59-B31D-C4B2155C5C7C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/afichet/openexr-viewer/security/advisories/GHSA-99jg-r3f4-rpxj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json new file mode 100644 index 00000000000..f84170db479 --- /dev/null +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50269", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T18:15:45.070", + "lastModified": "2023-12-14T18:15:45.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + } + ], + "references": [ + { + "url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", + "source": "security-advisories@github.com" + }, + { + "url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50423.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50423.json index e506f028629..45b74a8eb09 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50423.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50423.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50423", "sourceIdentifier": "cna@sap.com", "published": "2023-12-12T02:15:08.797", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:48:27.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -50,30 +70,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.0", + "matchCriteriaId": "16F8EF4D-E500-4F8D-8F74-549EB05A8BB4" + } + ] + } + ] + } + ], "references": [ { "url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/SAP/cloud-pysec/", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://me.sap.com/notes/3411067", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://pypi.org/project/sap-xssec/", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50424.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50424.json index 5ad9c4f3905..fba58bad015 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50424.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50424.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50424", "sourceIdentifier": "cna@sap.com", "published": "2023-12-12T03:15:07.100", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:44:34.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -50,30 +70,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.17.0", + "matchCriteriaId": "9C630555-6CC1-475D-A296-8C39B59C4AF1" + } + ] + } + ] + } + ], "references": [ { "url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/SAP/cloud-security-client-go", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://me.sap.com/notes/3411067", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://pkg.go.dev/github.com/sap/cloud-security-client-go@v0.17.0", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50710.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50710.json new file mode 100644 index 00000000000..391ff3c0101 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50710.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50710", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T18:15:45.270", + "lastModified": "2023-12-14T18:15:45.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/honojs/hono/releases/tag/v3.11.7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5769.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5769.json new file mode 100644 index 00000000000..1e81be22dda --- /dev/null +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5769.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-5769", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-12-14T17:15:09.920", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to user input being improperly sanitized.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json index 64b529c60d6..086796bf962 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6364", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:52.957", - "lastModified": "2023-12-14T16:15:52.957", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:54.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json index 33acd087224..f8a872fcc1a 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6365.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6365", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:53.163", - "lastModified": "2023-12-14T16:15:53.163", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6366.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6366.json index 6e7d0a13574..983b3212cf1 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6366.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6366.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6366", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:53.383", - "lastModified": "2023-12-14T16:15:53.383", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6367.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6367.json index 40b00920347..0118ecc0c07 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6367.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6367.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6367", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:53.593", - "lastModified": "2023-12-14T16:15:53.593", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6368.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6368.json index 2648bc0cfac..d6d5353f8b9 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6368.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6368.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6368", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:54.103", - "lastModified": "2023-12-14T16:15:54.103", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6538.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6538.json index 93b5fa62a13..7e6fdb3ab4e 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6538.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6538.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6538", "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "published": "2023-12-11T18:15:30.250", - "lastModified": "2023-12-12T17:15:08.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:02:15.203", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary", @@ -50,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hitachi:system_management_unit_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.8.7825.01", + "matchCriteriaId": "7DBFB3A6-CDAB-4988-8471-23B6C147F797" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hitachi:system_management_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97B0CC62-7F81-4A12-880B-9954CF9EA323" + } + ] + } + ] + } + ], "references": [ { "url": "https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data.", - "source": "security.vulnerabilities@hitachivantara.com" + "source": "security.vulnerabilities@hitachivantara.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json new file mode 100644 index 00000000000..c27e7d4fb5d --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-6563", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-14T18:15:45.540", + "lastModified": "2023-12-14T18:15:45.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the \"consents\" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6563", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253308", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/keycloak/keycloak/issues/13340", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6595.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6595.json index 1c47ea23914..07a3ca933b7 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6595.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6595.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6595", "sourceIdentifier": "security@progress.com", "published": "2023-12-14T16:15:54.453", - "lastModified": "2023-12-14T16:15:54.453", - "vulnStatus": "Received", + "lastModified": "2023-12-14T17:17:50.580", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6647.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6647.json index 3aca6eaa600..70ac7e94abb 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6647.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6647.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6647", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-10T07:15:44.100", - "lastModified": "2023-12-10T11:50:56.433", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:22:19.353", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en AMTT HiBOS 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida es afectada por este problema. La manipulaci\u00f3n del argumento Type conduce a la inyecci\u00f3n SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247340. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:amttgroup:hibos:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AF7B4E54-4BE0-4F4D-915A-600EB71968D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gatsby2003/Sqlinjection/blob/main/sql.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.247340", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.247340", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6654.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6654.json index 66a56a5a9db..2fa9c7c3ea9 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6654.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6654.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6654", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-10T15:15:07.160", - "lastModified": "2023-12-11T12:20:50.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:17:26.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpems:phpems:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EA60F966-C229-4373-87CD-7A806A46CB19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpems:phpems:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A19458FB-F999-42AA-B2F9-E9CFEF361F41" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/jw4Hp9cq7T69", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?ctiid.247357", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.247357", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6655.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6655.json index 95eb7f4f5b7..44684c36f7b 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6655.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6655.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6655", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-10T16:15:07.067", - "lastModified": "2023-12-11T12:20:50.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T17:08:27.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hrp2000:e-hr:2020:*:*:*:*:*:*:*", + "matchCriteriaId": "BBDCA40C-36D7-4418-B7BC-DB1B3D5F05BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/willchen0011/cve/blob/main/HongJing-sql.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.247358", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.247358", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index b50bddf22c5..dc46e4b607a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-14T17:00:25.161603+00:00 +2023-12-14T19:00:25.136410+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-14T16:55:32.230000+00:00 +2023-12-14T18:58:08.837000+00:00 ``` ### Last Data Feed Release @@ -29,66 +29,65 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233190 +233211 ``` ### CVEs added in the last Commit -Recently added CVEs: `49` +Recently added CVEs: `21` -* [CVE-2023-48663](CVE-2023/CVE-2023-486xx/CVE-2023-48663.json) (`2023-12-14T16:15:49.433`) -* [CVE-2023-48664](CVE-2023/CVE-2023-486xx/CVE-2023-48664.json) (`2023-12-14T16:15:49.640`) -* [CVE-2023-48665](CVE-2023/CVE-2023-486xx/CVE-2023-48665.json) (`2023-12-14T16:15:49.847`) -* [CVE-2023-48667](CVE-2023/CVE-2023-486xx/CVE-2023-48667.json) (`2023-12-14T16:15:50.040`) -* [CVE-2023-48668](CVE-2023/CVE-2023-486xx/CVE-2023-48668.json) (`2023-12-14T16:15:50.257`) -* [CVE-2023-49171](CVE-2023/CVE-2023-491xx/CVE-2023-49171.json) (`2023-12-14T16:15:50.487`) -* [CVE-2023-49172](CVE-2023/CVE-2023-491xx/CVE-2023-49172.json) (`2023-12-14T16:15:50.807`) -* [CVE-2023-49173](CVE-2023/CVE-2023-491xx/CVE-2023-49173.json) (`2023-12-14T16:15:51.013`) -* [CVE-2023-49195](CVE-2023/CVE-2023-491xx/CVE-2023-49195.json) (`2023-12-14T16:15:51.227`) -* [CVE-2023-49766](CVE-2023/CVE-2023-497xx/CVE-2023-49766.json) (`2023-12-14T16:15:51.447`) -* [CVE-2023-49770](CVE-2023/CVE-2023-497xx/CVE-2023-49770.json) (`2023-12-14T16:15:51.660`) -* [CVE-2023-49771](CVE-2023/CVE-2023-497xx/CVE-2023-49771.json) (`2023-12-14T16:15:51.863`) -* [CVE-2023-49813](CVE-2023/CVE-2023-498xx/CVE-2023-49813.json) (`2023-12-14T16:15:52.080`) -* [CVE-2023-49820](CVE-2023/CVE-2023-498xx/CVE-2023-49820.json) (`2023-12-14T16:15:52.323`) -* [CVE-2023-49841](CVE-2023/CVE-2023-498xx/CVE-2023-49841.json) (`2023-12-14T16:15:52.540`) -* [CVE-2023-50100](CVE-2023/CVE-2023-501xx/CVE-2023-50100.json) (`2023-12-14T16:15:52.750`) -* [CVE-2023-50101](CVE-2023/CVE-2023-501xx/CVE-2023-50101.json) (`2023-12-14T16:15:52.800`) -* [CVE-2023-50102](CVE-2023/CVE-2023-501xx/CVE-2023-50102.json) (`2023-12-14T16:15:52.850`) -* [CVE-2023-50137](CVE-2023/CVE-2023-501xx/CVE-2023-50137.json) (`2023-12-14T16:15:52.897`) -* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-14T16:15:52.957`) -* [CVE-2023-6365](CVE-2023/CVE-2023-63xx/CVE-2023-6365.json) (`2023-12-14T16:15:53.163`) -* [CVE-2023-6366](CVE-2023/CVE-2023-63xx/CVE-2023-6366.json) (`2023-12-14T16:15:53.383`) -* [CVE-2023-6367](CVE-2023/CVE-2023-63xx/CVE-2023-6367.json) (`2023-12-14T16:15:53.593`) -* [CVE-2023-6368](CVE-2023/CVE-2023-63xx/CVE-2023-6368.json) (`2023-12-14T16:15:54.103`) -* [CVE-2023-6595](CVE-2023/CVE-2023-65xx/CVE-2023-6595.json) (`2023-12-14T16:15:54.453`) +* [CVE-2023-42799](CVE-2023/CVE-2023-427xx/CVE-2023-42799.json) (`2023-12-14T17:15:07.257`) +* [CVE-2023-42800](CVE-2023/CVE-2023-428xx/CVE-2023-42800.json) (`2023-12-14T17:15:07.463`) +* [CVE-2023-42801](CVE-2023/CVE-2023-428xx/CVE-2023-42801.json) (`2023-12-14T17:15:07.657`) +* [CVE-2023-47261](CVE-2023/CVE-2023-472xx/CVE-2023-47261.json) (`2023-12-14T17:15:07.933`) +* [CVE-2023-48671](CVE-2023/CVE-2023-486xx/CVE-2023-48671.json) (`2023-12-14T17:15:07.987`) +* [CVE-2023-48756](CVE-2023/CVE-2023-487xx/CVE-2023-48756.json) (`2023-12-14T17:15:08.187`) +* [CVE-2023-48767](CVE-2023/CVE-2023-487xx/CVE-2023-48767.json) (`2023-12-14T17:15:08.380`) +* [CVE-2023-48770](CVE-2023/CVE-2023-487xx/CVE-2023-48770.json) (`2023-12-14T17:15:08.570`) +* [CVE-2023-48771](CVE-2023/CVE-2023-487xx/CVE-2023-48771.json) (`2023-12-14T17:15:08.763`) +* [CVE-2023-48780](CVE-2023/CVE-2023-487xx/CVE-2023-48780.json) (`2023-12-14T17:15:08.953`) +* [CVE-2023-49149](CVE-2023/CVE-2023-491xx/CVE-2023-49149.json) (`2023-12-14T17:15:09.143`) +* [CVE-2023-49150](CVE-2023/CVE-2023-491xx/CVE-2023-49150.json) (`2023-12-14T17:15:09.337`) +* [CVE-2023-49842](CVE-2023/CVE-2023-498xx/CVE-2023-49842.json) (`2023-12-14T17:15:09.533`) +* [CVE-2023-49860](CVE-2023/CVE-2023-498xx/CVE-2023-49860.json) (`2023-12-14T17:15:09.727`) +* [CVE-2023-5769](CVE-2023/CVE-2023-57xx/CVE-2023-5769.json) (`2023-12-14T17:15:09.920`) +* [CVE-2023-49151](CVE-2023/CVE-2023-491xx/CVE-2023-49151.json) (`2023-12-14T18:15:44.450`) +* [CVE-2023-49152](CVE-2023/CVE-2023-491xx/CVE-2023-49152.json) (`2023-12-14T18:15:44.683`) +* [CVE-2023-49157](CVE-2023/CVE-2023-491xx/CVE-2023-49157.json) (`2023-12-14T18:15:44.877`) +* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2023-12-14T18:15:45.070`) +* [CVE-2023-50710](CVE-2023/CVE-2023-507xx/CVE-2023-50710.json) (`2023-12-14T18:15:45.270`) +* [CVE-2023-6563](CVE-2023/CVE-2023-65xx/CVE-2023-6563.json) (`2023-12-14T18:15:45.540`) ### CVEs modified in the last Commit -Recently modified CVEs: `22` +Recently modified CVEs: `53` -* [CVE-2013-0150](CVE-2013/CVE-2013-01xx/CVE-2013-0150.json) (`2023-12-14T16:08:02.297`) -* [CVE-2020-12613](CVE-2020/CVE-2020-126xx/CVE-2020-12613.json) (`2023-12-14T16:37:11.820`) -* [CVE-2021-21220](CVE-2021/CVE-2021-212xx/CVE-2021-21220.json) (`2023-12-14T16:15:43.700`) -* [CVE-2021-3187](CVE-2021/CVE-2021-31xx/CVE-2021-3187.json) (`2023-12-14T16:48:20.417`) -* [CVE-2023-37858](CVE-2023/CVE-2023-378xx/CVE-2023-37858.json) (`2023-12-14T15:15:07.630`) -* [CVE-2023-39167](CVE-2023/CVE-2023-391xx/CVE-2023-39167.json) (`2023-12-14T15:15:07.807`) -* [CVE-2023-39169](CVE-2023/CVE-2023-391xx/CVE-2023-39169.json) (`2023-12-14T15:15:07.950`) -* [CVE-2023-36649](CVE-2023/CVE-2023-366xx/CVE-2023-36649.json) (`2023-12-14T15:34:02.853`) -* [CVE-2023-49587](CVE-2023/CVE-2023-495xx/CVE-2023-49587.json) (`2023-12-14T15:41:25.777`) -* [CVE-2023-49796](CVE-2023/CVE-2023-497xx/CVE-2023-49796.json) (`2023-12-14T15:59:56.653`) -* [CVE-2023-49802](CVE-2023/CVE-2023-498xx/CVE-2023-49802.json) (`2023-12-14T16:14:49.267`) -* [CVE-2023-32028](CVE-2023/CVE-2023-320xx/CVE-2023-32028.json) (`2023-12-14T16:15:44.833`) -* [CVE-2023-36403](CVE-2023/CVE-2023-364xx/CVE-2023-36403.json) (`2023-12-14T16:15:45.183`) -* [CVE-2023-3079](CVE-2023/CVE-2023-30xx/CVE-2023-3079.json) (`2023-12-14T16:15:45.310`) -* [CVE-2023-45292](CVE-2023/CVE-2023-452xx/CVE-2023-45292.json) (`2023-12-14T16:26:54.007`) -* [CVE-2023-41115](CVE-2023/CVE-2023-411xx/CVE-2023-41115.json) (`2023-12-14T16:41:55.570`) -* [CVE-2023-49795](CVE-2023/CVE-2023-497xx/CVE-2023-49795.json) (`2023-12-14T16:46:43.917`) -* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-12-14T16:48:23.877`) -* [CVE-2023-41114](CVE-2023/CVE-2023-411xx/CVE-2023-41114.json) (`2023-12-14T16:48:42.467`) -* [CVE-2023-41113](CVE-2023/CVE-2023-411xx/CVE-2023-41113.json) (`2023-12-14T16:48:48.550`) -* [CVE-2023-41116](CVE-2023/CVE-2023-411xx/CVE-2023-41116.json) (`2023-12-14T16:51:52.863`) -* [CVE-2023-41117](CVE-2023/CVE-2023-411xx/CVE-2023-41117.json) (`2023-12-14T16:55:32.230`) +* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-14T17:17:54.510`) +* [CVE-2023-44278](CVE-2023/CVE-2023-442xx/CVE-2023-44278.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-44279](CVE-2023/CVE-2023-442xx/CVE-2023-44279.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-44284](CVE-2023/CVE-2023-442xx/CVE-2023-44284.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-44285](CVE-2023/CVE-2023-442xx/CVE-2023-44285.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-44286](CVE-2023/CVE-2023-442xx/CVE-2023-44286.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-48660](CVE-2023/CVE-2023-486xx/CVE-2023-48660.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-48661](CVE-2023/CVE-2023-486xx/CVE-2023-48661.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-48662](CVE-2023/CVE-2023-486xx/CVE-2023-48662.json) (`2023-12-14T17:17:58.157`) +* [CVE-2023-6647](CVE-2023/CVE-2023-66xx/CVE-2023-6647.json) (`2023-12-14T17:22:19.353`) +* [CVE-2023-50424](CVE-2023/CVE-2023-504xx/CVE-2023-50424.json) (`2023-12-14T17:44:34.810`) +* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-14T17:48:27.037`) +* [CVE-2023-41118](CVE-2023/CVE-2023-411xx/CVE-2023-41118.json) (`2023-12-14T17:54:25.937`) +* [CVE-2023-50245](CVE-2023/CVE-2023-502xx/CVE-2023-50245.json) (`2023-12-14T17:57:33.607`) +* [CVE-2023-41623](CVE-2023/CVE-2023-416xx/CVE-2023-41623.json) (`2023-12-14T18:01:27.260`) +* [CVE-2023-46701](CVE-2023/CVE-2023-467xx/CVE-2023-46701.json) (`2023-12-14T18:07:27.107`) +* [CVE-2023-45847](CVE-2023/CVE-2023-458xx/CVE-2023-45847.json) (`2023-12-14T18:20:40.697`) +* [CVE-2023-49607](CVE-2023/CVE-2023-496xx/CVE-2023-49607.json) (`2023-12-14T18:29:44.217`) +* [CVE-2023-49563](CVE-2023/CVE-2023-495xx/CVE-2023-49563.json) (`2023-12-14T18:30:37.733`) +* [CVE-2023-48677](CVE-2023/CVE-2023-486xx/CVE-2023-48677.json) (`2023-12-14T18:32:23.603`) +* [CVE-2023-48642](CVE-2023/CVE-2023-486xx/CVE-2023-48642.json) (`2023-12-14T18:38:31.893`) +* [CVE-2023-49809](CVE-2023/CVE-2023-498xx/CVE-2023-49809.json) (`2023-12-14T18:45:03.083`) +* [CVE-2023-49874](CVE-2023/CVE-2023-498xx/CVE-2023-49874.json) (`2023-12-14T18:51:59.960`) +* [CVE-2023-49058](CVE-2023/CVE-2023-490xx/CVE-2023-49058.json) (`2023-12-14T18:56:27.277`) +* [CVE-2023-45316](CVE-2023/CVE-2023-453xx/CVE-2023-45316.json) (`2023-12-14T18:58:08.837`) ## Download and Usage