From d85aa2e05845f7d48ff964c0349b83e4c6d37bf9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 28 Nov 2023 21:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-28T21:00:17.836328+00:00 --- CVE-2023/CVE-2023-290xx/CVE-2023-29060.json | 55 +++++++++ CVE-2023/CVE-2023-305xx/CVE-2023-30588.json | 20 +++ CVE-2023/CVE-2023-305xx/CVE-2023-30590.json | 20 +++ CVE-2023/CVE-2023-350xx/CVE-2023-35078.json | 24 ++-- CVE-2023/CVE-2023-400xx/CVE-2023-40002.json | 59 ++++++++- CVE-2023/CVE-2023-455xx/CVE-2023-45539.json | 28 +++++ CVE-2023/CVE-2023-468xx/CVE-2023-46849.json | 115 +++++++++++++++-- CVE-2023/CVE-2023-468xx/CVE-2023-46850.json | 112 +++++++++++++++-- CVE-2023/CVE-2023-477xx/CVE-2023-47766.json | 47 ++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47767.json | 47 ++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47768.json | 47 ++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47790.json | 47 ++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47808.json | 48 +++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47809.json | 48 +++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47810.json | 48 +++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47811.json | 58 ++++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47812.json | 48 +++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47813.json | 48 +++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47814.json | 47 ++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47815.json | 48 +++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47816.json | 48 +++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47817.json | 47 ++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47821.json | 58 ++++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47829.json | 47 ++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47833.json | 47 ++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47834.json | 47 ++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47835.json | 47 ++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47839.json | 57 ++++++++- CVE-2023/CVE-2023-47xx/CVE-2023-4771.json | 51 +++++++- CVE-2023/CVE-2023-481xx/CVE-2023-48121.json | 20 +++ CVE-2023/CVE-2023-490xx/CVE-2023-49061.json | 74 ++++++++++- CVE-2023/CVE-2023-490xx/CVE-2023-49078.json | 59 +++++++++ CVE-2023/CVE-2023-491xx/CVE-2023-49146.json | 69 ++++++++++- CVE-2023/CVE-2023-493xx/CVE-2023-49321.json | 4 +- CVE-2023/CVE-2023-493xx/CVE-2023-49322.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5465.json | 73 ++++++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5466.json | 78 +++++++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5469.json | 73 ++++++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5537.json | 73 ++++++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5662.json | 68 +++++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5664.json | 78 +++++++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5667.json | 73 ++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5704.json | 68 +++++++++- CVE-2023/CVE-2023-60xx/CVE-2023-6023.json | 63 +++++++++- CVE-2023/CVE-2023-61xx/CVE-2023-6121.json | 81 +++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6204.json | 130 ++++++++++++++++++-- CVE-2023/CVE-2023-62xx/CVE-2023-6205.json | 130 ++++++++++++++++++-- CVE-2023/CVE-2023-62xx/CVE-2023-6206.json | 130 ++++++++++++++++++-- CVE-2023/CVE-2023-62xx/CVE-2023-6207.json | 130 ++++++++++++++++++-- CVE-2023/CVE-2023-62xx/CVE-2023-6208.json | 130 ++++++++++++++++++-- CVE-2023/CVE-2023-62xx/CVE-2023-6209.json | 130 ++++++++++++++++++-- CVE-2023/CVE-2023-62xx/CVE-2023-6210.json | 75 ++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6211.json | 75 ++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6212.json | 129 +++++++++++++++++-- CVE-2023/CVE-2023-62xx/CVE-2023-6213.json | 74 ++++++++++- README.md | 73 ++++++----- 56 files changed, 3354 insertions(+), 273 deletions(-) create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29060.json create mode 100644 CVE-2023/CVE-2023-305xx/CVE-2023-30588.json create mode 100644 CVE-2023/CVE-2023-305xx/CVE-2023-30590.json create mode 100644 CVE-2023/CVE-2023-455xx/CVE-2023-45539.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48121.json create mode 100644 CVE-2023/CVE-2023-490xx/CVE-2023-49078.json diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json new file mode 100644 index 00000000000..82bb9301c3b --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29060", + "sourceIdentifier": "cybersecurity@bd.com", + "published": "2023-11-28T20:15:07.230", + "lastModified": "2023-11-28T20:15:07.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FACSChorus\u00e2\u201e\u00a2 workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1299" + } + ] + } + ], + "references": [ + { + "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", + "source": "cybersecurity@bd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30588.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30588.json new file mode 100644 index 00000000000..b92741357f6 --- /dev/null +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30588.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30588", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-11-28T20:15:07.437", + "lastModified": "2023-11-28T20:15:07.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30590.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30590.json new file mode 100644 index 00000000000..19f90c50174 --- /dev/null +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30590.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30590", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-11-28T20:15:07.480", + "lastModified": "2023-11-28T20:15:07.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: \"Generates private and public Diffie-Hellman key values\".\n\nThe documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35078.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35078.json index 964f38b8ade..ea8472c469c 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35078.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35078.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35078", "sourceIdentifier": "support@hackerone.com", "published": "2023-07-25T07:15:10.897", - "lastModified": "2023-08-04T18:30:34.503", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-28T20:15:07.530", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-07-25", "cisaActionDue": "2023-08-15", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "\nIvanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available." + "value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication." } ], "metrics": { @@ -35,13 +35,15 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 - }, + } + ], + "cvssMetricV30": [ { "source": "support@hackerone.com", "type": "Secondary", "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -68,16 +70,6 @@ "value": "CWE-287" } ] - }, - { - "source": "support@hackerone.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-287" - } - ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40002.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40002.json index a66aa690955..ee588465b67 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40002.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40002.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40002", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:08.180", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:50:44.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.1.1", + "matchCriteriaId": "53D63779-759F-4AD5-A0D4-65195A6A805D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-wordpress-option-disclosure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45539.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45539.json new file mode 100644 index 00000000000..0f766831c25 --- /dev/null +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45539.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-45539", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-28T20:15:07.817", + "lastModified": "2023-11-28T20:15:07.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46849.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46849.json index e6be48089bc..8b93b07ad75 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46849.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46849.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46849", "sourceIdentifier": "security@openvpn.net", "published": "2023-11-11T01:15:07.270", - "lastModified": "2023-11-23T03:15:41.383", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-28T19:47:44.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "El uso de la opci\u00f3n --fragment en ciertas configuraciones de OpenVPN versi\u00f3n 2.6.0 a 2.6.6 permite a un atacante desencadenar un comportamiento de divisi\u00f3n por cero que podr\u00eda provocar un bloqueo de la aplicaci\u00f3n y provocar una denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "security@openvpn.net", "type": "Secondary", @@ -27,22 +60,90 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndIncluding": "2.6.6", + "matchCriteriaId": "3A398A7A-395F-4CA8-9D72-1DDD337D5074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.11.0", + "versionEndIncluding": "2.11.3", + "matchCriteriaId": "54464223-5988-40E7-B94B-D7B8DE999704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8A71564-0966-47F0-BB81-B6BFA071E402" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "AC187755-A908-4CD5-8F35-869EA5D9A3B7" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Mailing List" + ] }, { "url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5555", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46850.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46850.json index 38bd843bbde..8be158e2fdb 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46850.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46850.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46850", "sourceIdentifier": "security@openvpn.net", "published": "2023-11-11T01:15:07.357", - "lastModified": "2023-11-23T03:15:41.443", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-28T19:47:39.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Use after free en OpenVPN versi\u00f3n 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, p\u00e9rdida de b\u00faferes de memoria o ejecuci\u00f3n remota al enviar b\u00faferes de red a un par remoto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "security@openvpn.net", "type": "Secondary", @@ -27,22 +60,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndIncluding": "2.6.6", + "matchCriteriaId": "3A398A7A-395F-4CA8-9D72-1DDD337D5074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.11.0", + "versionEndIncluding": "2.11.3", + "matchCriteriaId": "54464223-5988-40E7-B94B-D7B8DE999704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.12.0", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "2B8D0B4E-A0BF-4A33-9031-987D8BD45F65" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Mailing List" + ] }, { "url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5555", - "source": "security@openvpn.net" + "source": "security@openvpn.net", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47766.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47766.json index 283bf367e25..966b7903ef5 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47766.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47766", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T22:15:07.580", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:18:00.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ifeelweb:post_status_notifier_lite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.11.1", + "matchCriteriaId": "5D4CCD89-7BD7-484E-81BB-92E08B15F2D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/post-status-notifier-lite/wordpress-post-status-notifier-lite-plugin-1-11-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47767.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47767.json index 46ac961188e..a73bb725d52 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47767.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47767.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47767", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T22:15:07.760", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:19:35.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fla-shop:interactive_world_map:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2.0", + "matchCriteriaId": "D97398AD-7E99-4335-B0AF-F4A98E620EC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47768.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47768.json index 67c7d582647..524ac492a9e 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47768.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47768.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47768", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T22:15:07.940", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:22:41.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:diywebmastery:footer_putter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.17", + "matchCriteriaId": "C835C3FE-FB28-448A-B141-2A24D80740ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47790.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47790.json index ae7f9a6e0fe..83f8a98015f 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47790.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47790.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47790", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:08.550", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:39:17.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -54,10 +74,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.4.8", + "matchCriteriaId": "A2BC8190-10F5-4A7F-BF7A-8753147F7F5D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/pz-linkcard/wordpress-pz-linkcard-plugin-2-4-8-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47808.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47808.json index 604ce9e72a3..50602353dad 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47808.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47808.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47808", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T22:15:08.493", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:27:25.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:christinauechi:add_widgets_to_page:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.2", + "matchCriteriaId": "955A3663-1FC9-4192-B9EB-6AD783FB14CF" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/add-widgets-to-page/wordpress-add-widgets-to-page-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47809.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47809.json index 935d3ff7846..673931c074f 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47809.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47809.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47809", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:08.403", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:51:59.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themepoints:accordion:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6", + "matchCriteriaId": "11025D67-9961-4852-BE10-DC62C83D28FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/accordions-wp/wordpress-accordion-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47810.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47810.json index 56c07109064..fc5a1521384 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47810.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47810.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47810", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:08.607", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:52:19.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:asdqwedev:ajax_domain_checker:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.0", + "matchCriteriaId": "7ADA77C2-F0F1-45CC-BA9A-05B8FED6DE43" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ajax-domain-checker/wordpress-ajax-domain-checker-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47811.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47811.json index fa84e940df2..e0e62719d30 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47811.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47811.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47811", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:08.790", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:52:35.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sureshkumarmukhiya:anywhere_flash_embed:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.5", + "matchCriteriaId": "4D6BF623-6A09-46A5-91D4-F598DA402427" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/anywhere-flash-embed/wordpress-anywhere-flash-embed-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47812.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47812.json index 005c8d1f3b0..87379d73bb0 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47812.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47812.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47812", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:08.983", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:03:09.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bamboo_mcr:bamboo_columns:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.1", + "matchCriteriaId": "D8D641C8-15EC-434C-A3B6-C59423FD4FE2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bamboo-columns/wordpress-bamboo-columns-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47813.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47813.json index c6afbe15def..2317428d1e3 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47813.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47813.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47813", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:09.160", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:03:29.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grandslambert:better_rss_widget:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.1", + "matchCriteriaId": "5F444763-91C3-46C9-933B-C86CE9BBD26B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/better-rss-widget/wordpress-better-rss-widget-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47814.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47814.json index d971cb5b3a7..5193d9a47be 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47814.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47814.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47814", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:09.337", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:04:37.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bmicalculator:bmi_calculator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.3", + "matchCriteriaId": "5546A030-E519-420C-AE6A-DD5FBD31B7A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bmi-calculator-shortcode/wordpress-bmi-calculator-plugin-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47815.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47815.json index 4ee0d5ffaef..752002bb0c6 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47815.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47815.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47815", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:09.520", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:05:31.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:venutius:bp_profile_shortcodes_extra:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.5.2", + "matchCriteriaId": "078BF31A-935C-4E53-A149-86F1F0CC433E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bp-profile-shortcodes-extra/wordpress-bp-profile-shortcodes-extra-plugin-2-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47816.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47816.json index 213789625ee..bc81b8f7093 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47816.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47816.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47816", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:09.700", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:07:47.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpcharitable:charitable:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.0.13", + "matchCriteriaId": "0BF8939D-F5F1-4EC5-A873-2D21999C78E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/charitable/wordpress-charitable-plugin-1-7-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47817.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47817.json index b89c6a68648..e90b11b347c 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47817.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47817.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47817", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:09.887", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:23:25.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mmrs151:daily_prayer_time:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2023.10.13", + "matchCriteriaId": "DCABF30D-7D51-4C71-9256-3DE01F90898C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-10-13-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47821.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47821.json index 72d4487011e..d2cae6268a9 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47821.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47821.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47821", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:10.070", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:23:38.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jannisthuemmig:email_encoder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.8", + "matchCriteriaId": "236FFC1C-4ABE-4397-850E-233284ECFA3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/email-encoder-bundle/wordpress-email-encoder-bundle-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47829.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47829.json index 884b2e77de6..11f00fa9899 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47829.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47829.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47829", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T23:15:10.253", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:23:54.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codez:quick_call_button:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.9", + "matchCriteriaId": "2305F0FE-BC85-4034-839C-E1B18FC29813" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/quick-call-button/wordpress-quick-call-button-plugin-1-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47833.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47833.json index c3fbfbb0a37..8546b0bbeb7 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47833.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47833.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47833", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:08.777", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:25:42.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slimndap:theater_for_wordpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.18.3", + "matchCriteriaId": "33D49A2D-1DEB-4669-8EDE-62AAEBAF21F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/theatre/wordpress-theater-for-wordpress-plugin-0-18-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47834.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47834.json index 9c00c9eaf7f..5dfc078f182 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47834.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47834.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47834", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:08.953", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:24:06.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quizandsurveymaster:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "8.1.13", + "matchCriteriaId": "41648989-E5E3-49B9-BD05-ED2A7733D50C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47835.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47835.json index 413c2d3866e..b192e8cb310 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47835.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47835.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47835", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:09.137", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:21:32.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ari-soft:ari_stream_quiz:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.32", + "matchCriteriaId": "66DBB7D2-1B66-4148-A918-D6D74280A1CD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-plugin-1-2-32-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json index de9aa0b73d2..532721e5919 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47839", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:09.320", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T20:51:38.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog_plugin_for_wordpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.26", + "matchCriteriaId": "4276AEF5-FC23-45B7-A0C7-0212B69A6C2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ecommerce-product-catalog/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-26-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4771.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4771.json index 39fe041e27b..779808e2ca5 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4771.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4771.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4771", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-16T14:15:28.913", - "lastModified": "2023-11-16T17:00:48.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:09:05.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad de Cross-Site Scripting en CKSource CKEditor que afecta a las versiones 4.15.1 y anteriores. Un atacante podr\u00eda enviar c\u00f3digo JavaScript malicioso a trav\u00e9s del archivo /ckeditor/samples/old/ajax.html y recuperar la informaci\u00f3n de un usuario autorizado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cksource:ckeditor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.15.1", + "matchCriteriaId": "41B19077-16D5-4E61-9EE9-8A5358DEB77F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48121.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48121.json new file mode 100644 index 00000000000..f87643e7ad3 --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48121.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48121", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-28T19:15:07.340", + "lastModified": "2023-11-28T19:15:07.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.ezviz.com/data-security/security-notice/detail/911", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49061.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49061.json index e98e215be44..9d6be518e69 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49061.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49061.json @@ -2,23 +2,87 @@ "id": "CVE-2023-49061", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.633", - "lastModified": "2023-11-21T16:30:00.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:45:33.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120." + }, + { + "lang": "es", + "value": "Un atacante podr\u00eda haber realizado una inyecci\u00f3n de plantilla HTML a trav\u00e9s del modo Lector y extra\u00eddo informaci\u00f3n del usuario. Esta vulnerabilidad afecta a Firefox para iOS < 120." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "BFCA44B4-7729-4424-B92F-5CBE873E4C8D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861420", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-51/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49078.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49078.json new file mode 100644 index 00000000000..2a1bc3560c3 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49078.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49078", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-28T19:15:07.397", + "lastModified": "2023-11-28T19:15:07.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/zediious/raptor-web/releases/tag/0.4.4.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49146.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49146.json index 8fd41a2d98c..b0107f1f392 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49146.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49146.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49146", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T22:15:08.913", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:24:37.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "DOMSanitizer (tambi\u00e9n conocido como dom-sanitizer) anterior a 1.0.7 permite XSS a trav\u00e9s de un documento SVG debido al mal manejo de comentarios y expresiones regulares codiciosas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getgrav:dom-sanitizer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.7", + "matchCriteriaId": "FA35D565-AD11-4221-8C23-F9ED43C8DFEB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/rhukster/dom-sanitizer/commit/c2a98f27ad742668b254282ccc5581871d0fb601", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/rhukster/dom-sanitizer/compare/1.0.6...1.0.7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49321.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49321.json index bc58a0feaa7..49da9a65a52 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49321.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49321.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49321", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-27T00:15:07.280", - "lastModified": "2023-11-27T13:52:15.377", + "lastModified": "2023-11-28T19:15:07.690", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -17,7 +17,7 @@ "metrics": {}, "references": [ { - "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-01", + "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321", "source": "cve@mitre.org" } ] diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49322.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49322.json index 6ef83329a8b..a4de4ce2d39 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49322.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49322.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49322", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-27T00:15:07.330", - "lastModified": "2023-11-27T13:52:15.377", + "lastModified": "2023-11-28T19:15:07.737", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -17,7 +17,7 @@ "metrics": {}, "references": [ { - "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-02", + "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322", "source": "cve@mitre.org" } ] diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json index c9a3d8c0436..fd75bf26cdb 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5465", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.810", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:29:22.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Popup with fancybox para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del c\u00f3digo corto del complemento en versiones hasta la 3.5 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados con permisos de nivel de suscriptor y superiores agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:popup_with_fancybox:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.5", + "matchCriteriaId": "390C2828-14DB-44B0-89C2-33647FE0C00F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/popup-with-fancybox/trunk/popup-with-fancybox.php?rev=2827070#L110", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985560/popup-with-fancybox#file1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json index cd1c7ce4bd2..d660f12e9aa 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5466", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.970", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:29:09.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Wp anything slider para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del c\u00f3digo corto del complemento en versiones hasta la 9.1 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados con permisos de nivel de suscriptor y superiores agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:wp_anything_slider:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "9.1", + "matchCriteriaId": "1A4F029D-DD6A-4E53-843C-5B71ED219D29" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L122", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L136", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985513/wp-anything-slider#file2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json index 3b62fcc4c0c..efb88bc997d 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5469", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.130", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:28:54.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Drop Shadow Boxes para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'dropshadowbox' en versiones hasta la 1.7.13 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stevenhenty:drop_shadow_boxes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.13", + "matchCriteriaId": "F1B6BE5C-7427-40CE-968F-1B6EB2C891F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/drop-shadow-boxes/tags/1.7.12/dropshadowboxes.php#L319", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2998610/drop-shadow-boxes#file1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b3911c-a960-4f28-b289-389b26282741?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json index 0d0c795b197..c9d7cc06654 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5537", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.310", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:28:43.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Delete Usermeta para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.1.2 incluida. Esto se debe a que falta la validaci\u00f3n nonce en la funci\u00f3n delumet_options_page(). Esto hace posible que atacantes no autenticados eliminen metadatos de usuarios arbitrarios mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joselazo:delete_usermeta:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.2", + "matchCriteriaId": "2DD40175-6D94-4015-A510-6774CA950E89" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/delete-usermetas/trunk/delete-usermetas.php#L57", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2979918%40delete-usermetas&new=2979918%40delete-usermetas&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23b46e5b-ce1e-4215-921c-edea7fd6c56a?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json index 013c4693675..3c9355169ad 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5662", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.490", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:26:56.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Sponsors para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'sponsors' del complemento en todas las versiones hasta la 3.5.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpsimplesponsorships:sponsors:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.5.0", + "matchCriteriaId": "874714BC-BFB2-4E38-908E-15B4A6CC173A" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-sponsors/tags/3.5.0/includes/class-wp-sponsors-shortcodes.php#L267", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af04219-26c5-401d-94ef-11d2321f98bf?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json index 22456f70596..94569169df0 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5664", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.657", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:23:15.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 2.2.7 and fully patched in version 2.2.9." + }, + { + "lang": "es", + "value": "El complemento Garden Gnome Package para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'ggpkg' del complemento en todas las versiones hasta la 2.2.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto fue parcheado parcialmente en la versi\u00f3n 2.2.7 y completamente parcheado en la versi\u00f3n 2.2.9." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ggnome:garden_gnome_package:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.9", + "matchCriteriaId": "93A31BCD-A9FA-4D94-8BD1-875F2B80E984" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/garden-gnome-package/tags/2.2.5/include/ggpackage.php#L284", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2987987/garden-gnome-package#file1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2988944/garden-gnome-package#file1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c7385c7-47de-4511-b474-7415c3977aa8?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json index 400126e4104..756344332b4 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5667", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.820", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:22:46.013", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Tab Ultimate para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 1.3 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themepoints:tab_ultimate:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3", + "matchCriteriaId": "0F5386EC-2DBD-4045-A2D9-6C4376795F70" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/tabs-pro/trunk/theme/tab-shortcode-ultimate-themes.php?rev=2406144#L87", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2982005/tabs-pro#file23", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08220b23-d6fa-4005-bbbb-019412d328a5?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json index 9d9ac53be91..368a30507f6 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5704", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.003", - "lastModified": "2023-11-22T17:31:52.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:22:32.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento CPO Shortcodes para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 1.5.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpchill:cpo_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.0", + "matchCriteriaId": "9A4A3120-836F-45F9-8701-42185ED521B4" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/cpo-shortcodes/trunk/shortcodes/shortcode-testimonial.php?rev=2413204#L38", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ba38c3-51d2-43a7-89ff-c72a8edc946b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6023.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6023.json index 61b2a10612e..dbaf8d652a4 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6023.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6023.json @@ -2,15 +2,41 @@ "id": "CVE-2023-6023", "sourceIdentifier": "security@huntr.dev", "published": "2023-11-16T16:15:35.057", - "lastModified": "2023-11-16T17:00:44.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:15:56.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter." + }, + { + "lang": "es", + "value": "Un atacante puede leer cualquier archivo en el sistema de archivos del servidor que aloja ModelDB a trav\u00e9s de un LFI en el par\u00e1metro URL artifact_path." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security@huntr.dev", "type": "Secondary", @@ -46,10 +82,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vertaai:modeldb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDEE2B7B-AADA-4F78-9A41-3B79791FDFD3" + } + ] + } + ] + } + ], "references": [ { "url": "https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json index f5cd86155ca..86568fa68c1 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6121.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6121", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-16T15:15:11.197", - "lastModified": "2023-11-16T17:00:44.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:07:25.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg)." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en el subsistema NVMe-oF/TCP del kernel de Linux. Esta falla permite que un atacante remoto env\u00ede un paquete TCP manipulado, lo que desencadena un desbordamiento del b\u00fafer que da como resultado que los datos kmalloc se impriman (y potencialmente se filtren) en el b\u00fafer de anillo del kernel (dmesg)." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,14 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6121", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json index e9b8ee9abff..be79c7b88bf 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6204", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.687", - "lastModified": "2023-11-24T01:15:07.213", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:45:10.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,143 @@ "value": "En algunos sistemas, dependiendo de la configuraci\u00f3n de gr\u00e1ficos y los controladores, era posible forzar una lectura fuera de los l\u00edmites y filtrar datos de memoria en las im\u00e1genes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5.0", + "matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5", + "matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841050", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5561", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json index 1fedae9c5d7..05b839c8a2f 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6205", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.737", - "lastModified": "2023-11-24T01:15:07.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:44:48.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,143 @@ "value": "Era posible provocar el uso de un MessagePort despu\u00e9s de que ya se hab\u00eda liberado, lo que podr\u00eda haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5.0", + "matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5", + "matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854076", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5561", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json index 3a79386c661..083376165d0 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6206", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.787", - "lastModified": "2023-11-24T01:15:07.360", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:44:05.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,143 @@ "value": "La animaci\u00f3n de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duraci\u00f3n del retraso anti-clickjacking en las solicitudes de permiso. Era posible utilizar este hecho para sorprender a los usuarios atray\u00e9ndolos a hacer clic en el lugar donde el bot\u00f3n de concesi\u00f3n de permiso estar\u00eda a punto de aparecer. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5.0", + "matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5", + "matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1857430", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5561", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json index 680848f90ff..ef50a9d7d36 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6207", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.843", - "lastModified": "2023-11-24T01:15:07.420", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:42:50.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,143 @@ "value": "La mala gesti\u00f3n de la propiedad provoc\u00f3 un uso despu\u00e9s de la liberaci\u00f3n en ReadableByteStreams. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5.0", + "matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5", + "matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861344", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5561", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json index ab3ac850c7a..8bdcf884660 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6208", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.900", - "lastModified": "2023-11-24T01:15:07.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:37:55.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,143 @@ "value": "Al usar X11, el texto seleccionado por la p\u00e1gina usando la API de selecci\u00f3n se copiaba err\u00f3neamente en la selecci\u00f3n principal, un almacenamiento temporal similar al portapapeles. *Este error s\u00f3lo afecta a Thunderbird en X11. Otros sistemas no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5.0", + "matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5", + "matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855345", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5561", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json index 5f4a95b7d8d..5a4f91eae5d 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6209", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.957", - "lastModified": "2023-11-24T01:15:07.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:37:34.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,143 @@ "value": "Las URL relativas que comenzaban con tres barras se analizaban incorrectamente y se pod\u00eda utilizar una parte de path-traversal \"/../\" en la ruta para anular el host especificado. Esto podr\u00eda contribuir a problemas de seguridad en los sitios web. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5.0", + "matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5", + "matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1858570", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5561", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6210.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6210.json index 28a4b7756c5..1e4bd5edf96 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6210.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6210.json @@ -2,23 +2,88 @@ "id": "CVE-2023-6210", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:08.010", - "lastModified": "2023-11-21T16:30:00.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:35:05.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "When an https: web page created a pop-up from a \"javascript:\" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120." + }, + { + "lang": "es", + "value": "Cuando una p\u00e1gina web https: cre\u00f3 una ventana emergente desde una URL \"javascript:\", a esa ventana emergente se le permiti\u00f3 incorrectamente cargar contenido bloqueable, como iframes de URL http: inseguras. Esta vulnerabilidad afecta a Firefox < 120." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801501", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6211.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6211.json index aec289d4ee3..bf9c27988b2 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6211.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6211.json @@ -2,23 +2,88 @@ "id": "CVE-2023-6211", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:08.057", - "lastModified": "2023-11-21T16:30:00.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:31:26.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120." + }, + { + "lang": "es", + "value": "Si un atacante necesitaba que un usuario cargara una p\u00e1gina http: insegura y sab\u00eda que el usuario hab\u00eda habilitado el modo solo HTTPS, el atacante podr\u00eda haber enga\u00f1ado al usuario para que hiciera clic para otorgar una excepci\u00f3n solo HTTPS si pudiera lograr que el usuario participara en una juego de clics. Esta vulnerabilidad afecta a Firefox < 120." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json index f395341ef26..e33b1c49acf 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6212", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:08.110", - "lastModified": "2023-11-24T01:15:07.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:30:41.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,31 +14,142 @@ "value": "Errores de seguridad de la memoria presentes en Firefox 119, Firefox 115.4 y Thunderbird 115.4. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5.0", + "matchCriteriaId": "E2804F80-1F0A-4810-AAFF-57F113F5658D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.5", + "matchCriteriaId": "92C55DCD-E2E9-46CA-B654-3B3E50A3DC6A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5561", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6213.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6213.json index bb44fa5b06f..b511f6a600b 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6213.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6213.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6213", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:08.170", - "lastModified": "2023-11-21T16:30:00.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T19:29:57.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120." + }, + { + "lang": "es", + "value": "Errores de seguridad de la memoria presentes en Firefox 119. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox < 120." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0", + "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1849265%2C1851118%2C1854911", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index d9cafd65744..6a6fe6f5c54 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-28T19:00:19.440058+00:00 +2023-11-28T21:00:17.836328+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-28T18:30:16.790000+00:00 +2023-11-28T20:51:38.590000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231645 +231651 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `6` -* [CVE-2023-41264](CVE-2023/CVE-2023-412xx/CVE-2023-41264.json) (`2023-11-28T17:15:07.857`) -* [CVE-2023-42502](CVE-2023/CVE-2023-425xx/CVE-2023-42502.json) (`2023-11-28T17:15:07.907`) -* [CVE-2023-42505](CVE-2023/CVE-2023-425xx/CVE-2023-42505.json) (`2023-11-28T17:15:08.093`) -* [CVE-2023-45286](CVE-2023/CVE-2023-452xx/CVE-2023-45286.json) (`2023-11-28T17:15:08.280`) -* [CVE-2023-48848](CVE-2023/CVE-2023-488xx/CVE-2023-48848.json) (`2023-11-28T17:15:08.417`) -* [CVE-2023-40056](CVE-2023/CVE-2023-400xx/CVE-2023-40056.json) (`2023-11-28T18:15:07.900`) -* [CVE-2023-42504](CVE-2023/CVE-2023-425xx/CVE-2023-42504.json) (`2023-11-28T18:15:08.353`) +* [CVE-2023-48121](CVE-2023/CVE-2023-481xx/CVE-2023-48121.json) (`2023-11-28T19:15:07.340`) +* [CVE-2023-49078](CVE-2023/CVE-2023-490xx/CVE-2023-49078.json) (`2023-11-28T19:15:07.397`) +* [CVE-2023-29060](CVE-2023/CVE-2023-290xx/CVE-2023-29060.json) (`2023-11-28T20:15:07.230`) +* [CVE-2023-30588](CVE-2023/CVE-2023-305xx/CVE-2023-30588.json) (`2023-11-28T20:15:07.437`) +* [CVE-2023-30590](CVE-2023/CVE-2023-305xx/CVE-2023-30590.json) (`2023-11-28T20:15:07.480`) +* [CVE-2023-45539](CVE-2023/CVE-2023-455xx/CVE-2023-45539.json) (`2023-11-28T20:15:07.817`) ### CVEs modified in the last Commit -Recently modified CVEs: `40` +Recently modified CVEs: `49` -* [CVE-2023-6174](CVE-2023/CVE-2023-61xx/CVE-2023-6174.json) (`2023-11-28T17:27:06.313`) -* [CVE-2023-20592](CVE-2023/CVE-2023-205xx/CVE-2023-20592.json) (`2023-11-28T18:04:11.733`) -* [CVE-2023-20571](CVE-2023/CVE-2023-205xx/CVE-2023-20571.json) (`2023-11-28T18:05:25.177`) -* [CVE-2023-20565](CVE-2023/CVE-2023-205xx/CVE-2023-20565.json) (`2023-11-28T18:06:51.780`) -* [CVE-2023-20563](CVE-2023/CVE-2023-205xx/CVE-2023-20563.json) (`2023-11-28T18:07:30.753`) -* [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2023-11-28T18:09:06.883`) -* [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2023-11-28T18:10:16.467`) -* [CVE-2023-44322](CVE-2023/CVE-2023-443xx/CVE-2023-44322.json) (`2023-11-28T18:13:11.883`) -* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-11-28T18:15:07.600`) -* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-11-28T18:15:07.760`) -* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-11-28T18:15:08.790`) -* [CVE-2023-46402](CVE-2023/CVE-2023-464xx/CVE-2023-46402.json) (`2023-11-28T18:15:08.910`) -* [CVE-2023-4732](CVE-2023/CVE-2023-47xx/CVE-2023-4732.json) (`2023-11-28T18:15:09.030`) -* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2023-11-28T18:15:09.157`) -* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-28T18:15:09.293`) -* [CVE-2023-44321](CVE-2023/CVE-2023-443xx/CVE-2023-44321.json) (`2023-11-28T18:28:00.897`) -* [CVE-2023-44320](CVE-2023/CVE-2023-443xx/CVE-2023-44320.json) (`2023-11-28T18:28:20.223`) -* [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2023-11-28T18:28:57.850`) -* [CVE-2023-44318](CVE-2023/CVE-2023-443xx/CVE-2023-44318.json) (`2023-11-28T18:29:11.187`) -* [CVE-2023-6239](CVE-2023/CVE-2023-62xx/CVE-2023-6239.json) (`2023-11-28T18:29:23.617`) -* [CVE-2023-49313](CVE-2023/CVE-2023-493xx/CVE-2023-49313.json) (`2023-11-28T18:29:23.617`) -* [CVE-2023-49314](CVE-2023/CVE-2023-493xx/CVE-2023-49314.json) (`2023-11-28T18:29:23.617`) -* [CVE-2023-46589](CVE-2023/CVE-2023-465xx/CVE-2023-46589.json) (`2023-11-28T18:29:23.617`) -* [CVE-2023-49062](CVE-2023/CVE-2023-490xx/CVE-2023-49062.json) (`2023-11-28T18:29:23.617`) -* [CVE-2023-22329](CVE-2023/CVE-2023-223xx/CVE-2023-22329.json) (`2023-11-28T18:30:16.790`) +* [CVE-2023-6207](CVE-2023/CVE-2023-62xx/CVE-2023-6207.json) (`2023-11-28T19:42:50.670`) +* [CVE-2023-6206](CVE-2023/CVE-2023-62xx/CVE-2023-6206.json) (`2023-11-28T19:44:05.347`) +* [CVE-2023-6205](CVE-2023/CVE-2023-62xx/CVE-2023-6205.json) (`2023-11-28T19:44:48.170`) +* [CVE-2023-6204](CVE-2023/CVE-2023-62xx/CVE-2023-6204.json) (`2023-11-28T19:45:10.887`) +* [CVE-2023-49061](CVE-2023/CVE-2023-490xx/CVE-2023-49061.json) (`2023-11-28T19:45:33.650`) +* [CVE-2023-46850](CVE-2023/CVE-2023-468xx/CVE-2023-46850.json) (`2023-11-28T19:47:39.703`) +* [CVE-2023-46849](CVE-2023/CVE-2023-468xx/CVE-2023-46849.json) (`2023-11-28T19:47:44.070`) +* [CVE-2023-47809](CVE-2023/CVE-2023-478xx/CVE-2023-47809.json) (`2023-11-28T19:51:59.687`) +* [CVE-2023-47810](CVE-2023/CVE-2023-478xx/CVE-2023-47810.json) (`2023-11-28T19:52:19.490`) +* [CVE-2023-47811](CVE-2023/CVE-2023-478xx/CVE-2023-47811.json) (`2023-11-28T19:52:35.397`) +* [CVE-2023-47812](CVE-2023/CVE-2023-478xx/CVE-2023-47812.json) (`2023-11-28T20:03:09.987`) +* [CVE-2023-47813](CVE-2023/CVE-2023-478xx/CVE-2023-47813.json) (`2023-11-28T20:03:29.477`) +* [CVE-2023-47814](CVE-2023/CVE-2023-478xx/CVE-2023-47814.json) (`2023-11-28T20:04:37.090`) +* [CVE-2023-47815](CVE-2023/CVE-2023-478xx/CVE-2023-47815.json) (`2023-11-28T20:05:31.977`) +* [CVE-2023-47816](CVE-2023/CVE-2023-478xx/CVE-2023-47816.json) (`2023-11-28T20:07:47.730`) +* [CVE-2023-35078](CVE-2023/CVE-2023-350xx/CVE-2023-35078.json) (`2023-11-28T20:15:07.530`) +* [CVE-2023-47835](CVE-2023/CVE-2023-478xx/CVE-2023-47835.json) (`2023-11-28T20:21:32.220`) +* [CVE-2023-47817](CVE-2023/CVE-2023-478xx/CVE-2023-47817.json) (`2023-11-28T20:23:25.427`) +* [CVE-2023-47821](CVE-2023/CVE-2023-478xx/CVE-2023-47821.json) (`2023-11-28T20:23:38.657`) +* [CVE-2023-47829](CVE-2023/CVE-2023-478xx/CVE-2023-47829.json) (`2023-11-28T20:23:54.067`) +* [CVE-2023-47834](CVE-2023/CVE-2023-478xx/CVE-2023-47834.json) (`2023-11-28T20:24:06.653`) +* [CVE-2023-47833](CVE-2023/CVE-2023-478xx/CVE-2023-47833.json) (`2023-11-28T20:25:42.100`) +* [CVE-2023-47790](CVE-2023/CVE-2023-477xx/CVE-2023-47790.json) (`2023-11-28T20:39:17.157`) +* [CVE-2023-40002](CVE-2023/CVE-2023-400xx/CVE-2023-40002.json) (`2023-11-28T20:50:44.160`) +* [CVE-2023-47839](CVE-2023/CVE-2023-478xx/CVE-2023-47839.json) (`2023-11-28T20:51:38.590`) ## Download and Usage