admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-28T21:00:17.836328+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-28 21:00:21 +00:00
parent a9f22b0330
commit d85aa2e058
56 changed files with 3354 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-290xx/CVE-2023-29060.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29060",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-11-28T20:15:07.230",
"lastModified": "2023-11-28T20:15:07.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The FACSChorus\u00e2\u201e\u00a2 workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1299"
}
]
}
],
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
"source": "cybersecurity@bd.com"
}
]
}

20
CVE-2023/CVE-2023-305xx/CVE-2023-30588.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30588",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-28T20:15:07.437",
"lastModified": "2023-11-28T20:15:07.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20."
}
],
"metrics": {},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com"
}
]
}

20
CVE-2023/CVE-2023-305xx/CVE-2023-30590.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30590",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-28T20:15:07.480",
"lastModified": "2023-11-28T20:15:07.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: \"Generates private and public Diffie-Hellman key values\".\n\nThe documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad."
}
],
"metrics": {},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com"
}
]
}

24
CVE-2023/CVE-2023-350xx/CVE-2023-35078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35078",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-07-25T07:15:10.897",
"lastModified": "2023-08-04T18:30:34.503",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-28T20:15:07.530",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-07-25",
"cisaActionDue": "2023-08-15",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "\nIvanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available."
"value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."
}
],
"metrics": {
@ -35,13 +35,15 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -68,16 +70,6 @@
"value": "CWE-287"
}
]
},
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

59
CVE-2023/CVE-2023-400xx/CVE-2023-40002.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40002",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.180",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:50:44.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.1.1",
"matchCriteriaId": "53D63779-759F-4AD5-A0D4-65195A6A805D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-wordpress-option-disclosure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-455xx/CVE-2023-45539.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-45539",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T20:15:07.817",
"lastModified": "2023-11-28T20:15:07.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server."
}
],
"metrics": {},
"references": [
{
"url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6",
"source": "cve@mitre.org"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html",
"source": "cve@mitre.org"
}
]
}

115
CVE-2023/CVE-2023-468xx/CVE-2023-46849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46849",
"sourceIdentifier": "security@openvpn.net",
"published": "2023-11-11T01:15:07.270",
"lastModified": "2023-11-23T03:15:41.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-28T19:47:44.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "El uso de la opci\u00f3n --fragment en ciertas configuraciones de OpenVPN versi\u00f3n 2.6.0 a 2.6.6 permite a un atacante desencadenar un comportamiento de divisi\u00f3n por cero que podr\u00eda provocar un bloqueo de la aplicaci\u00f3n y provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
},
{
"source": "security@openvpn.net",
"type": "Secondary",
@ -27,22 +60,90 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndIncluding": "2.6.6",
"matchCriteriaId": "3A398A7A-395F-4CA8-9D72-1DDD337D5074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.11.0",
"versionEndIncluding": "2.11.3",
"matchCriteriaId": "54464223-5988-40E7-B94B-D7B8DE999704"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A71564-0966-47F0-BB81-B6BFA071E402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC187755-A908-4CD5-8F35-869EA5D9A3B7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Mailing List"
]
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5555",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Third Party Advisory"
]
}
]
}

112
CVE-2023/CVE-2023-468xx/CVE-2023-46850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46850",
"sourceIdentifier": "security@openvpn.net",
"published": "2023-11-11T01:15:07.357",
"lastModified": "2023-11-23T03:15:41.443",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-28T19:47:39.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Use after free en OpenVPN versi\u00f3n 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, p\u00e9rdida de b\u00faferes de memoria o ejecuci\u00f3n remota al enviar b\u00faferes de red a un par remoto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "security@openvpn.net",
"type": "Secondary",
@ -27,22 +60,87 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndIncluding": "2.6.6",
"matchCriteriaId": "3A398A7A-395F-4CA8-9D72-1DDD337D5074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.11.0",
"versionEndIncluding": "2.11.3",
"matchCriteriaId": "54464223-5988-40E7-B94B-D7B8DE999704"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.12.0",
"versionEndExcluding": "2.12.2",
"matchCriteriaId": "2B8D0B4E-A0BF-4A33-9031-987D8BD45F65"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Mailing List"
]
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5555",
"source": "security@openvpn.net"
"source": "security@openvpn.net",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-477xx/CVE-2023-47766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.580",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:18:00.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ifeelweb:post_status_notifier_lite:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.11.1",
"matchCriteriaId": "5D4CCD89-7BD7-484E-81BB-92E08B15F2D1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-status-notifier-lite/wordpress-post-status-notifier-lite-plugin-1-11-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-477xx/CVE-2023-47767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.760",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:19:35.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fla-shop:interactive_world_map:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.0",
"matchCriteriaId": "D97398AD-7E99-4335-B0AF-F4A98E620EC0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-477xx/CVE-2023-47768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.940",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:22:41.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:diywebmastery:footer_putter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.17",
"matchCriteriaId": "C835C3FE-FB28-448A-B141-2A24D80740ED"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-477xx/CVE-2023-47790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47790",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.550",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:39:17.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -54,10 +74,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.8",
"matchCriteriaId": "A2BC8190-10F5-4A7F-BF7A-8753147F7F5D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pz-linkcard/wordpress-pz-linkcard-plugin-2-4-8-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-478xx/CVE-2023-47808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47808",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:08.493",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:27:25.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:christinauechi:add_widgets_to_page:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "955A3663-1FC9-4192-B9EB-6AD783FB14CF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-widgets-to-page/wordpress-add-widgets-to-page-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-478xx/CVE-2023-47809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47809",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.403",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:51:59.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themepoints:accordion:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6",
"matchCriteriaId": "11025D67-9961-4852-BE10-DC62C83D28FD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accordions-wp/wordpress-accordion-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-478xx/CVE-2023-47810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47810",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.607",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:52:19.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asdqwedev:ajax_domain_checker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.0",
"matchCriteriaId": "7ADA77C2-F0F1-45CC-BA9A-05B8FED6DE43"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ajax-domain-checker/wordpress-ajax-domain-checker-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-478xx/CVE-2023-47811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47811",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.790",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:52:35.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sureshkumarmukhiya:anywhere_flash_embed:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "4D6BF623-6A09-46A5-91D4-F598DA402427"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/anywhere-flash-embed/wordpress-anywhere-flash-embed-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-478xx/CVE-2023-47812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.983",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:03:09.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bamboo_mcr:bamboo_columns:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "D8D641C8-15EC-434C-A3B6-C59423FD4FE2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bamboo-columns/wordpress-bamboo-columns-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-478xx/CVE-2023-47813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47813",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.160",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:03:29.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grandslambert:better_rss_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.1",
"matchCriteriaId": "5F444763-91C3-46C9-933B-C86CE9BBD26B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/better-rss-widget/wordpress-better-rss-widget-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-478xx/CVE-2023-47814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47814",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.337",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:04:37.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmicalculator:bmi_calculator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "5546A030-E519-420C-AE6A-DD5FBD31B7A6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bmi-calculator-shortcode/wordpress-bmi-calculator-plugin-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-478xx/CVE-2023-47815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47815",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.520",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:05:31.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:venutius:bp_profile_shortcodes_extra:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.2",
"matchCriteriaId": "078BF31A-935C-4E53-A149-86F1F0CC433E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bp-profile-shortcodes-extra/wordpress-bp-profile-shortcodes-extra-plugin-2-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-478xx/CVE-2023-47816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47816",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.700",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:07:47.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpcharitable:charitable:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.0.13",
"matchCriteriaId": "0BF8939D-F5F1-4EC5-A873-2D21999C78E3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/charitable/wordpress-charitable-plugin-1-7-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-478xx/CVE-2023-47817.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47817",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.887",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:23:25.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mmrs151:daily_prayer_time:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2023.10.13",
"matchCriteriaId": "DCABF30D-7D51-4C71-9256-3DE01F90898C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-10-13-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-478xx/CVE-2023-47821.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47821",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:10.070",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:23:38.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jannisthuemmig:email_encoder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.8",
"matchCriteriaId": "236FFC1C-4ABE-4397-850E-233284ECFA3E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/email-encoder-bundle/wordpress-email-encoder-bundle-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-478xx/CVE-2023-47829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47829",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:10.253",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:23:54.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codez:quick_call_button:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.9",
"matchCriteriaId": "2305F0FE-BC85-4034-839C-E1B18FC29813"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/quick-call-button/wordpress-quick-call-button-plugin-1-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-478xx/CVE-2023-47833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47833",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.777",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:25:42.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slimndap:theater_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.18.3",
"matchCriteriaId": "33D49A2D-1DEB-4669-8EDE-62AAEBAF21F4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/theatre/wordpress-theater-for-wordpress-plugin-0-18-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-478xx/CVE-2023-47834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.953",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:24:06.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quizandsurveymaster:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.1.13",
"matchCriteriaId": "41648989-E5E3-49B9-BD05-ED2A7733D50C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-478xx/CVE-2023-47835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47835",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:09.137",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:21:32.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ari-soft:ari_stream_quiz:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.32",
"matchCriteriaId": "66DBB7D2-1B66-4148-A918-D6D74280A1CD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-plugin-1-2-32-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-478xx/CVE-2023-47839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47839",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:09.320",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T20:51:38.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog_plugin_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.26",
"matchCriteriaId": "4276AEF5-FC23-45B7-A0C7-0212B69A6C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ecommerce-product-catalog/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-26-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-47xx/CVE-2023-4771.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4771",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-16T14:15:28.913",
"lastModified": "2023-11-16T17:00:48.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:09:05.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de Cross-Site Scripting en CKSource CKEditor que afecta a las versiones 4.15.1 y anteriores. Un atacante podr\u00eda enviar c\u00f3digo JavaScript malicioso a trav\u00e9s del archivo /ckeditor/samples/old/ajax.html y recuperar la informaci\u00f3n de un usuario autorizado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cksource:ckeditor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.15.1",
"matchCriteriaId": "41B19077-16D5-4E61-9EE9-8A5358DEB77F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-481xx/CVE-2023-48121.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48121",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T19:15:07.340",
"lastModified": "2023-11-28T19:15:07.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices."
}
],
"metrics": {},
"references": [
{
"url": "https://www.ezviz.com/data-security/security-notice/detail/911",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-490xx/CVE-2023-49061.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-49061",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.633",
"lastModified": "2023-11-21T16:30:00.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:45:33.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120."
},
{
"lang": "es",
"value": "Un atacante podr\u00eda haber realizado una inyecci\u00f3n de plantilla HTML a trav\u00e9s del modo Lector y extra\u00eddo informaci\u00f3n del usuario. Esta vulnerabilidad afecta a Firefox para iOS &lt; 120."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "BFCA44B4-7729-4424-B92F-5CBE873E4C8D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861420",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-51/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-490xx/CVE-2023-49078.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49078",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T19:15:07.397",
"lastModified": "2023-11-28T19:15:07.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/zediious/raptor-web/releases/tag/0.4.4.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmq",
"source": "security-advisories@github.com"
}
]
}

69
CVE-2023/CVE-2023-491xx/CVE-2023-49146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49146",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T22:15:08.913",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:24:37.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "DOMSanitizer (tambi\u00e9n conocido como dom-sanitizer) anterior a 1.0.7 permite XSS a trav\u00e9s de un documento SVG debido al mal manejo de comentarios y expresiones regulares codiciosas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getgrav:dom-sanitizer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7",
"matchCriteriaId": "FA35D565-AD11-4221-8C23-F9ED43C8DFEB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rhukster/dom-sanitizer/commit/c2a98f27ad742668b254282ccc5581871d0fb601",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/rhukster/dom-sanitizer/compare/1.0.6...1.0.7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

4
CVE-2023/CVE-2023-493xx/CVE-2023-49321.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49321",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T00:15:07.280",
"lastModified": "2023-11-27T13:52:15.377",
"lastModified": "2023-11-28T19:15:07.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -17,7 +17,7 @@
"metrics": {},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-01",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321",
"source": "cve@mitre.org"
}
]

4
CVE-2023/CVE-2023-493xx/CVE-2023-49322.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49322",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T00:15:07.330",
"lastModified": "2023-11-27T13:52:15.377",
"lastModified": "2023-11-28T19:15:07.737",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -17,7 +17,7 @@
"metrics": {},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-02",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322",
"source": "cve@mitre.org"
}
]

73
CVE-2023/CVE-2023-54xx/CVE-2023-5465.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5465",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:12.810",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:29:22.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Popup with fancybox para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del c\u00f3digo corto del complemento en versiones hasta la 3.5 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados con permisos de nivel de suscriptor y superiores agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:popup_with_fancybox:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5",
"matchCriteriaId": "390C2828-14DB-44B0-89C2-33647FE0C00F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/popup-with-fancybox/trunk/popup-with-fancybox.php?rev=2827070#L110",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985560/popup-with-fancybox#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-54xx/CVE-2023-5466.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5466",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:12.970",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:29:09.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Wp anything slider para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del c\u00f3digo corto del complemento en versiones hasta la 9.1 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados con permisos de nivel de suscriptor y superiores agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:wp_anything_slider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.1",
"matchCriteriaId": "1A4F029D-DD6A-4E53-843C-5B71ED219D29"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L122",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L136",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985513/wp-anything-slider#file2",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-54xx/CVE-2023-5469.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5469",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:13.130",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:28:54.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Drop Shadow Boxes para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'dropshadowbox' en versiones hasta la 1.7.13 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stevenhenty:drop_shadow_boxes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.13",
"matchCriteriaId": "F1B6BE5C-7427-40CE-968F-1B6EB2C891F9"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/drop-shadow-boxes/tags/1.7.12/dropshadowboxes.php#L319",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2998610/drop-shadow-boxes#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b3911c-a960-4f28-b289-389b26282741?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-55xx/CVE-2023-5537.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5537",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:13.310",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:28:43.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Delete Usermeta para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.1.2 incluida. Esto se debe a que falta la validaci\u00f3n nonce en la funci\u00f3n delumet_options_page(). Esto hace posible que atacantes no autenticados eliminen metadatos de usuarios arbitrarios mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joselazo:delete_usermeta:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.2",
"matchCriteriaId": "2DD40175-6D94-4015-A510-6774CA950E89"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/delete-usermetas/trunk/delete-usermetas.php#L57",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2979918%40delete-usermetas&new=2979918%40delete-usermetas&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23b46e5b-ce1e-4215-921c-edea7fd6c56a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-56xx/CVE-2023-5662.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5662",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:13.490",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:26:56.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Sponsors para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'sponsors' del complemento en todas las versiones hasta la 3.5.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpsimplesponsorships:sponsors:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5.0",
"matchCriteriaId": "874714BC-BFB2-4E38-908E-15B4A6CC173A"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-sponsors/tags/3.5.0/includes/class-wp-sponsors-shortcodes.php#L267",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af04219-26c5-401d-94ef-11d2321f98bf?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-56xx/CVE-2023-5664.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5664",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:13.657",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:23:15.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 2.2.7 and fully patched in version 2.2.9."
},
{
"lang": "es",
"value": "El complemento Garden Gnome Package para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'ggpkg' del complemento en todas las versiones hasta la 2.2.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto fue parcheado parcialmente en la versi\u00f3n 2.2.7 y completamente parcheado en la versi\u00f3n 2.2.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ggnome:garden_gnome_package:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.9",
"matchCriteriaId": "93A31BCD-A9FA-4D94-8BD1-875F2B80E984"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/garden-gnome-package/tags/2.2.5/include/ggpackage.php#L284",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2987987/garden-gnome-package#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2988944/garden-gnome-package#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c7385c7-47de-4511-b474-7415c3977aa8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-56xx/CVE-2023-5667.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5667",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:13.820",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:22:46.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Tab Ultimate para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 1.3 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themepoints:tab_ultimate:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3",
"matchCriteriaId": "0F5386EC-2DBD-4045-A2D9-6C4376795F70"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/tabs-pro/trunk/theme/tab-shortcode-ultimate-themes.php?rev=2406144#L87",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2982005/tabs-pro#file23",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08220b23-d6fa-4005-bbbb-019412d328a5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-57xx/CVE-2023-5704.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5704",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:14.003",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:22:32.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento CPO Shortcodes para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 1.5.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpchill:cpo_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.0",
"matchCriteriaId": "9A4A3120-836F-45F9-8701-42185ED521B4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/cpo-shortcodes/trunk/shortcodes/shortcode-testimonial.php?rev=2413204#L38",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ba38c3-51d2-43a7-89ff-c72a8edc946b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-60xx/CVE-2023-6023.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-6023",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T16:15:35.057",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:15:56.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter."
},
{
"lang": "es",
"value": "Un atacante puede leer cualquier archivo en el sistema de archivos del servidor que aloja ModelDB a trav\u00e9s de un LFI en el par\u00e1metro URL artifact_path."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -46,10 +82,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vertaai:modeldb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEE2B7B-AADA-4F78-9A41-3B79791FDFD3"
}
]
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-61xx/CVE-2023-6121.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6121",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-16T15:15:11.197",
"lastModified": "2023-11-16T17:00:44.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:07:25.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg)."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en el subsistema NVMe-oF/TCP del kernel de Linux. Esta falla permite que un atacante remoto env\u00ede un paquete TCP manipulado, lo que desencadena un desbordamiento del b\u00fafer que da como resultado que los datos kmalloc se impriman (y potencialmente se filtren) en el b\u00fafer de anillo del kernel (dmesg)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6121",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-62xx/CVE-2023-6204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6204",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.687",
"lastModified": "2023-11-24T01:15:07.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:45:10.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,143 @@
"value": "En algunos sistemas, dependiendo de la configuraci\u00f3n de gr\u00e1ficos y los controladores, era posible forzar una lectura fuera de los l\u00edmites y filtrar datos de memoria en las im\u00e1genes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a Firefox &lt; 120, Firefox &lt; 115.5 y Thunderbird &lt; 115.5.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5.0",
"matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5",
"matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841050",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-50/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-52/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-62xx/CVE-2023-6205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6205",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.737",
"lastModified": "2023-11-24T01:15:07.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:44:48.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,143 @@
"value": "Era posible provocar el uso de un MessagePort despu\u00e9s de que ya se hab\u00eda liberado, lo que podr\u00eda haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox &lt; 120, Firefox &lt; 115.5 y Thunderbird &lt; 115.5.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5.0",
"matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5",
"matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854076",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-50/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-52/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-62xx/CVE-2023-6206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6206",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.787",
"lastModified": "2023-11-24T01:15:07.360",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:44:05.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,143 @@
"value": "La animaci\u00f3n de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duraci\u00f3n del retraso anti-clickjacking en las solicitudes de permiso. Era posible utilizar este hecho para sorprender a los usuarios atray\u00e9ndolos a hacer clic en el lugar donde el bot\u00f3n de concesi\u00f3n de permiso estar\u00eda a punto de aparecer. Esta vulnerabilidad afecta a Firefox &lt; 120, Firefox &lt; 115.5 y Thunderbird &lt; 115.5.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5.0",
"matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5",
"matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1857430",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-50/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-52/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-62xx/CVE-2023-6207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6207",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.843",
"lastModified": "2023-11-24T01:15:07.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:42:50.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,143 @@
"value": "La mala gesti\u00f3n de la propiedad provoc\u00f3 un uso despu\u00e9s de la liberaci\u00f3n en ReadableByteStreams. Esta vulnerabilidad afecta a Firefox &lt; 120, Firefox &lt; 115.5 y Thunderbird &lt; 115.5.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5.0",
"matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5",
"matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861344",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-50/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-52/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-62xx/CVE-2023-6208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6208",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.900",
"lastModified": "2023-11-24T01:15:07.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:37:55.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,143 @@
"value": "Al usar X11, el texto seleccionado por la p\u00e1gina usando la API de selecci\u00f3n se copiaba err\u00f3neamente en la selecci\u00f3n principal, un almacenamiento temporal similar al portapapeles. *Este error s\u00f3lo afecta a Thunderbird en X11. Otros sistemas no se ven afectados.* Esta vulnerabilidad afecta a Firefox &lt; 120, Firefox &lt; 115.5 y Thunderbird &lt; 115.5.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5.0",
"matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5",
"matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855345",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-50/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-52/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-62xx/CVE-2023-6209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6209",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:07.957",
"lastModified": "2023-11-24T01:15:07.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:37:34.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,143 @@
"value": "Las URL relativas que comenzaban con tres barras se analizaban incorrectamente y se pod\u00eda utilizar una parte de path-traversal \"/../\" en la ruta para anular el host especificado. Esto podr\u00eda contribuir a problemas de seguridad en los sitios web. Esta vulnerabilidad afecta a Firefox &lt; 120, Firefox &lt; 115.5 y Thunderbird &lt; 115.5.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5.0",
"matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5",
"matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1858570",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-50/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-52/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-62xx/CVE-2023-6210.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-6210",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:08.010",
"lastModified": "2023-11-21T16:30:00.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:35:05.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When an https: web page created a pop-up from a \"javascript:\" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120."
},
{
"lang": "es",
"value": "Cuando una p\u00e1gina web https: cre\u00f3 una ventana emergente desde una URL \"javascript:\", a esa ventana emergente se le permiti\u00f3 incorrectamente cargar contenido bloqueable, como iframes de URL http: inseguras. Esta vulnerabilidad afecta a Firefox &lt; 120."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801501",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-62xx/CVE-2023-6211.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-6211",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:08.057",
"lastModified": "2023-11-21T16:30:00.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:31:26.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120."
},
{
"lang": "es",
"value": "Si un atacante necesitaba que un usuario cargara una p\u00e1gina http: insegura y sab\u00eda que el usuario hab\u00eda habilitado el modo solo HTTPS, el atacante podr\u00eda haber enga\u00f1ado al usuario para que hiciera clic para otorgar una excepci\u00f3n solo HTTPS si pudiera lograr que el usuario participara en una juego de clics. Esta vulnerabilidad afecta a Firefox &lt; 120."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

129
CVE-2023/CVE-2023-62xx/CVE-2023-6212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6212",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:08.110",
"lastModified": "2023-11-24T01:15:07.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:30:41.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,142 @@
"value": "Errores de seguridad de la memoria presentes en Firefox 119, Firefox 115.4 y Thunderbird 115.4. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 120, Firefox &lt; 115.5 y Thunderbird &lt; 115.5.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5.0",
"matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.5",
"matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5561",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-50/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-52/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-62xx/CVE-2023-6213.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-6213",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-11-21T15:15:08.170",
"lastModified": "2023-11-21T16:30:00.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-28T19:29:57.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120."
},
{
"lang": "es",
"value": "Errores de seguridad de la memoria presentes en Firefox 119. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 120."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0",
"matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1849265%2C1851118%2C1854911",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-28T19:00:19.440058+00:00
2023-11-28T21:00:17.836328+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-28T18:30:16.790000+00:00
2023-11-28T20:51:38.590000+00:00
```
### Last Data Feed Release
@ -29,51 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231645
231651
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `6`
* [CVE-2023-41264](CVE-2023/CVE-2023-412xx/CVE-2023-41264.json) (`2023-11-28T17:15:07.857`)
* [CVE-2023-42502](CVE-2023/CVE-2023-425xx/CVE-2023-42502.json) (`2023-11-28T17:15:07.907`)
* [CVE-2023-42505](CVE-2023/CVE-2023-425xx/CVE-2023-42505.json) (`2023-11-28T17:15:08.093`)
* [CVE-2023-45286](CVE-2023/CVE-2023-452xx/CVE-2023-45286.json) (`2023-11-28T17:15:08.280`)
* [CVE-2023-48848](CVE-2023/CVE-2023-488xx/CVE-2023-48848.json) (`2023-11-28T17:15:08.417`)
* [CVE-2023-40056](CVE-2023/CVE-2023-400xx/CVE-2023-40056.json) (`2023-11-28T18:15:07.900`)
* [CVE-2023-42504](CVE-2023/CVE-2023-425xx/CVE-2023-42504.json) (`2023-11-28T18:15:08.353`)
* [CVE-2023-48121](CVE-2023/CVE-2023-481xx/CVE-2023-48121.json) (`2023-11-28T19:15:07.340`)
* [CVE-2023-49078](CVE-2023/CVE-2023-490xx/CVE-2023-49078.json) (`2023-11-28T19:15:07.397`)
* [CVE-2023-29060](CVE-2023/CVE-2023-290xx/CVE-2023-29060.json) (`2023-11-28T20:15:07.230`)
* [CVE-2023-30588](CVE-2023/CVE-2023-305xx/CVE-2023-30588.json) (`2023-11-28T20:15:07.437`)
* [CVE-2023-30590](CVE-2023/CVE-2023-305xx/CVE-2023-30590.json) (`2023-11-28T20:15:07.480`)
* [CVE-2023-45539](CVE-2023/CVE-2023-455xx/CVE-2023-45539.json) (`2023-11-28T20:15:07.817`)
### CVEs modified in the last Commit
Recently modified CVEs: `40`
Recently modified CVEs: `49`
* [CVE-2023-6174](CVE-2023/CVE-2023-61xx/CVE-2023-6174.json) (`2023-11-28T17:27:06.313`)
* [CVE-2023-20592](CVE-2023/CVE-2023-205xx/CVE-2023-20592.json) (`2023-11-28T18:04:11.733`)
* [CVE-2023-20571](CVE-2023/CVE-2023-205xx/CVE-2023-20571.json) (`2023-11-28T18:05:25.177`)
* [CVE-2023-20565](CVE-2023/CVE-2023-205xx/CVE-2023-20565.json) (`2023-11-28T18:06:51.780`)
* [CVE-2023-20563](CVE-2023/CVE-2023-205xx/CVE-2023-20563.json) (`2023-11-28T18:07:30.753`)
* [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2023-11-28T18:09:06.883`)
* [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2023-11-28T18:10:16.467`)
* [CVE-2023-44322](CVE-2023/CVE-2023-443xx/CVE-2023-44322.json) (`2023-11-28T18:13:11.883`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-11-28T18:15:07.600`)
* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-11-28T18:15:07.760`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-11-28T18:15:08.790`)
* [CVE-2023-46402](CVE-2023/CVE-2023-464xx/CVE-2023-46402.json) (`2023-11-28T18:15:08.910`)
* [CVE-2023-4732](CVE-2023/CVE-2023-47xx/CVE-2023-4732.json) (`2023-11-28T18:15:09.030`)
* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2023-11-28T18:15:09.157`)
* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-28T18:15:09.293`)
* [CVE-2023-44321](CVE-2023/CVE-2023-443xx/CVE-2023-44321.json) (`2023-11-28T18:28:00.897`)
* [CVE-2023-44320](CVE-2023/CVE-2023-443xx/CVE-2023-44320.json) (`2023-11-28T18:28:20.223`)
* [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2023-11-28T18:28:57.850`)
* [CVE-2023-44318](CVE-2023/CVE-2023-443xx/CVE-2023-44318.json) (`2023-11-28T18:29:11.187`)
* [CVE-2023-6239](CVE-2023/CVE-2023-62xx/CVE-2023-6239.json) (`2023-11-28T18:29:23.617`)
* [CVE-2023-49313](CVE-2023/CVE-2023-493xx/CVE-2023-49313.json) (`2023-11-28T18:29:23.617`)
* [CVE-2023-49314](CVE-2023/CVE-2023-493xx/CVE-2023-49314.json) (`2023-11-28T18:29:23.617`)
* [CVE-2023-46589](CVE-2023/CVE-2023-465xx/CVE-2023-46589.json) (`2023-11-28T18:29:23.617`)
* [CVE-2023-49062](CVE-2023/CVE-2023-490xx/CVE-2023-49062.json) (`2023-11-28T18:29:23.617`)
* [CVE-2023-22329](CVE-2023/CVE-2023-223xx/CVE-2023-22329.json) (`2023-11-28T18:30:16.790`)
* [CVE-2023-6207](CVE-2023/CVE-2023-62xx/CVE-2023-6207.json) (`2023-11-28T19:42:50.670`)
* [CVE-2023-6206](CVE-2023/CVE-2023-62xx/CVE-2023-6206.json) (`2023-11-28T19:44:05.347`)
* [CVE-2023-6205](CVE-2023/CVE-2023-62xx/CVE-2023-6205.json) (`2023-11-28T19:44:48.170`)
* [CVE-2023-6204](CVE-2023/CVE-2023-62xx/CVE-2023-6204.json) (`2023-11-28T19:45:10.887`)
* [CVE-2023-49061](CVE-2023/CVE-2023-490xx/CVE-2023-49061.json) (`2023-11-28T19:45:33.650`)
* [CVE-2023-46850](CVE-2023/CVE-2023-468xx/CVE-2023-46850.json) (`2023-11-28T19:47:39.703`)
* [CVE-2023-46849](CVE-2023/CVE-2023-468xx/CVE-2023-46849.json) (`2023-11-28T19:47:44.070`)
* [CVE-2023-47809](CVE-2023/CVE-2023-478xx/CVE-2023-47809.json) (`2023-11-28T19:51:59.687`)
* [CVE-2023-47810](CVE-2023/CVE-2023-478xx/CVE-2023-47810.json) (`2023-11-28T19:52:19.490`)
* [CVE-2023-47811](CVE-2023/CVE-2023-478xx/CVE-2023-47811.json) (`2023-11-28T19:52:35.397`)
* [CVE-2023-47812](CVE-2023/CVE-2023-478xx/CVE-2023-47812.json) (`2023-11-28T20:03:09.987`)
* [CVE-2023-47813](CVE-2023/CVE-2023-478xx/CVE-2023-47813.json) (`2023-11-28T20:03:29.477`)
* [CVE-2023-47814](CVE-2023/CVE-2023-478xx/CVE-2023-47814.json) (`2023-11-28T20:04:37.090`)
* [CVE-2023-47815](CVE-2023/CVE-2023-478xx/CVE-2023-47815.json) (`2023-11-28T20:05:31.977`)
* [CVE-2023-47816](CVE-2023/CVE-2023-478xx/CVE-2023-47816.json) (`2023-11-28T20:07:47.730`)
* [CVE-2023-35078](CVE-2023/CVE-2023-350xx/CVE-2023-35078.json) (`2023-11-28T20:15:07.530`)
* [CVE-2023-47835](CVE-2023/CVE-2023-478xx/CVE-2023-47835.json) (`2023-11-28T20:21:32.220`)
* [CVE-2023-47817](CVE-2023/CVE-2023-478xx/CVE-2023-47817.json) (`2023-11-28T20:23:25.427`)
* [CVE-2023-47821](CVE-2023/CVE-2023-478xx/CVE-2023-47821.json) (`2023-11-28T20:23:38.657`)
* [CVE-2023-47829](CVE-2023/CVE-2023-478xx/CVE-2023-47829.json) (`2023-11-28T20:23:54.067`)
* [CVE-2023-47834](CVE-2023/CVE-2023-478xx/CVE-2023-47834.json) (`2023-11-28T20:24:06.653`)
* [CVE-2023-47833](CVE-2023/CVE-2023-478xx/CVE-2023-47833.json) (`2023-11-28T20:25:42.100`)
* [CVE-2023-47790](CVE-2023/CVE-2023-477xx/CVE-2023-47790.json) (`2023-11-28T20:39:17.157`)
* [CVE-2023-40002](CVE-2023/CVE-2023-400xx/CVE-2023-40002.json) (`2023-11-28T20:50:44.160`)
* [CVE-2023-47839](CVE-2023/CVE-2023-478xx/CVE-2023-47839.json) (`2023-11-28T20:51:38.590`)
## Download and Usage